58 F. Supp. 3d 968
N.D. Cal.2014Background
- Plaintiffs filed a nationwide putative class action challenging Google’s March 1, 2012 unified privacy policy that allegedly allowed cross-product commingling of user data and disclosure to third parties for advertising; classes include an Android Device Switch Subclass and an Android App Disclosure Subclass.
- Plaintiffs allege Google previously maintained product-specific, more restrictive privacy promises (notably an Android-powered device policy) and secretly planned ("Emerald Sea") to combine data across services and disclose to developers/third parties.
- Plaintiffs assert harms including increased risk of identity theft/security breaches, battery and bandwidth depletion when apps access account data, costs from replacing Android phones to avoid the policy, and statutory/common-law privacy and consumer-protection claims (CLRA, UCL, intrusion, breach of contract, Wiretap Act, SCA).
- This is the third dismissal motion: earlier dismissals addressed standing and pleading defects; plaintiffs amended; court previously found some standing theories plausible but dismissed most claims for failure to state a claim.
- In this order the court resolves Article III standing arguments and Rule 12(b)(6) sufficiency: it dismisses most claims with prejudice but allows two claims to proceed for the App Disclosure Subclass (breach of contract and UCL fraudulent-prong claim).
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Standing based on heightened risk of future harm from data disclosure | Disclosure to app developers materially increases risk of future harms (identity theft, harassment) giving injury-in-fact | Risk is conjectural/hypothetical; authorized disclosure to third parties differs from cases finding imminent risk | No standing on this theory — alleged future-risk is too speculative (distinguished from Krottner) |
| Standing from phone replacement (Device Switch Subclass) | Nisenbaum alleges he replaced his phone because of Google’s policy change and would not have done so but for prior privacy promises | Google contends governing policy may have allowed commingling (2009 policy) and plaintiff now alleges concealment rather than direct reliance | Standing sustained for Nisenbaum — phone replacement is a cognizable economic injury fairly traceable to Google (Google's 2009 policy excluded from record) |
| Standing from battery/resource depletion (App Disclosure Subclass) | Downloads cause phone to transmit account data to developers, consuming battery/bandwidth — a concrete injury | Google says developers pull data from servers, not phones, so no causal nexus to battery use | Standing sustained — factual causation is disputed but allegations of resource depletion are sufficient at pleading stage |
| Pleading sufficiency of consumer-protection and privacy claims (CLRA, UCL, intrusion, breach of contract) | Plaintiffs allege misrepresentations/ concealment, contract terms, and resource harms supporting CLRA, UCL (fraudulent/unfair), intrusion, and breach claims | Google argues failure to plead reliance, inadequately pleaded fraud (Rule 9(b)), statutory immunities (Wiretap, SCA), and that alleged conduct is not sufficiently egregious | Most claims dismissed with prejudice for failing to plead required elements (CLRA, UCL (Device Switch), intrusion, Wiretap and SCA causes, and classwide breach). Two claims survive for App Disclosure Subclass: breach of contract and UCL fraudulent-prong claim (sufficient Rule 9(b) detail and alleged reliance/damages) |
Key Cases Cited
- Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (pleading must be plausible to survive dismissal)
- Ashcroft v. Iqbal, 556 U.S. 662 (court need not accept conclusory allegations; plausibility standard)
- Krottner v. Starbucks Corp., 628 F.3d 1139 (danger from stolen data can create standing when risk is concrete and imminent)
- In re iPhone Application Litigation, 844 F. Supp. 2d 1040 (disclosure of device identifiers and geolocation to third parties did not support constitutional privacy violation or intrusion claim)
- Friends of the Earth, Inc. v. Laidlaw Environmental Services, 528 U.S. 167 (standing requires concrete, particularized injury)
- Steel Co. v. Citizens for a Better Environment, 523 U.S. 83 (Article III standing is jurisdictional)
- In re Tobacco II Cases, 46 Cal.4th 298 (UCL and CLRA fraudulent-prong claims require reliance/exposure to misrepresentation)