United States District Court, N.D. California, San Jose Division
April 1, 2015
ALICE SVENSON, individually and on behalf of all others similarly situated, Plaintiff,
GOOGLE INC., a Delaware Corporation, and GOOGLE PAYMENT CORPORATION, a Delaware Corporation, Defendants.
ORDER DENYING MOTION TO DISMISS FOR LACK OF ARTICLE III STANDING; AND GRANTING IN PART AND DENYING IN PART MOTION TO DISMISS FOR FAILURE TO STATE A CLAIM [Re: ECF 89]
BETH LABSON FREEMAN, District Judge.
Plaintiff Alice Svenson ("Svenson") brings this putative class action to challenge the alleged failure of Defendants Google, Inc. and Google Payment Corporation (collectively "Google") to honor the written privacy policies governing Google's electronic payment service, Google Wallet ("Wallet"). Google moves to dismiss the operative first amended complaint ("FAC") under Federal Rule of Civil Procedure 12(b)(1) for lack of Article III standing and under Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim. The Court has considered the briefing and the oral argument presented at the hearing on January 15, 2015. For the reasons discussed below, the motion to dismiss for lack of Article III standing is DENIED and the motion to dismiss for failure to state a claim is GRANTED IN PART AND DENIED IN PART.
Svenson alleges that prior to the filing of this lawsuit, Google's practice was to ignore these restrictions and, whenever a user purchased an App in the Play Store, to share the user's personal information with the App vendor. FAC ¶ 70-71. Svenson confusingly refers to this personal information as "Packets Contents." Id. ¶ 71. "Packets Contents" are defined in the FAC as "the data, transmitted in packets sent by Plaintiff and the Class to Defendants, that provide Defendants information necessary to execute the App purchase and does not include packets record information such as control elements (e.g., electronic-addressing information that enables the packets to arrive at their intended destination)." FAC ¶ 9. "Packets Contents" include "personal information about Buyers, including credit card information, purchase authorization, addresses, zip codes, names, phone numbers, email addresses, and/or other information." Id. ¶ 10. Svenson alleges that Google made "Packets Contents" available to the App vendor after collecting the App purchase price, retaining a thirty percent cut of the purchase price, remitting the remaining portion of the purchase price to the App vendor, and providing the buyer with a receipt. Id. ¶¶ 71, 114. She asserts that Google's sharing of the "Packets Contents" with the App vendor was not necessary to the App purchases and was not otherwise authorized by the Google Wallet Terms of Service. Id. ¶¶ 72-79. Svenson claims that Google ceased its blanket practice of sharing users' personal information with App vendors shortly after she filed this lawsuit. Id. ¶ 11.
On May 6, 2013, Svenson used Wallet to buy the "SMS MMS to Email" App in the Play Store for $1.77. FAC ¶ 87-88. Google collected the $1.77 by debiting the payment instrument associated with Svenson's Wallet account. Id. ¶¶ 90-92. Google also made Svenson's "Packets Contents" available to the App vendor, YCDroid. FAC ¶ 90. Because of the way that Svenson defines the term "Packets Contents, " it is unclear exactly what information was shared with YCDroid. The Court understands Svenson to be alleging that Google shared with YCDroid "personal information, " as that term is used in the applicable privacy policies, even though YCDroid did not need the information for the App transaction and sharing the information was not authorized under the privacy policies.
Based upon these allegations, Svenson asserts claims on behalf of herself and those similarly situated for: (1) breach of contract, (2) breach of the implied covenant of good faith and fair dealing, (3) violation of the Stored Communications Act, 18 U.S.C. § 2701; (4) violation of the Stored Communications Act, 18 U.S.C. § 2702; and (5) violation of California's Unfair Competition Law ("UCL"), California Business and Professions Code § 17200.
II. LEGAL STANDARDS
A. Rule 12(b)(1)
A motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(1) raises a challenge to the Court's subject matter jurisdiction. See Fed.R.Civ.P. 12(b)(1). "Article III... gives the federal courts jurisdiction over only cases and controversies." Public Lands for the People, Inc. v. United States Dep't of Agric., 697 F.3d 1192, 1195 (9th Cir. 2012) (internal quotation marks and citation omitted). "The oft-cited Lujan v. Defenders of Wildlife case states the three requirements for Article III standing: (1) an injury in fact that (2) is fairly traceable to the challenged conduct and (3) has some likelihood of redressability." Id. at 1195-96 (citing Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61 (1992)). If these requirements are not satisfied, the action should be dismissed for lack of subject matter jurisdiction. See Steel Co. v. Citizens for a Better Env't, 523 U.S. 83, 109-10 (1998).
B. Rule 12(b)(6)
"A motion to dismiss under Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim upon which relief can be granted tests the legal sufficiency of a claim.'" Conservation Force v. Salazar, 646 F.3d 1240, 1241-42 (9th Cir. 2011) (quoting Navarro v. Block, 250 F.3d 729, 732 (9th Cir. 2001)). When determining whether a claim has been stated, the Court accepts as true all well-pled factual allegations and construes them in the light most favorable to the plaintiff. Reese v. BP Exploration (Alaska) Inc., 643 F.3d 681, 690 (9th Cir. 2011). However, the Court need not "accept as true allegations that contradict matters properly subject to judicial notice" or "allegations that are merely conclusory, unwarranted deductions of fact, or unreasonable inferences." In re Gilead Scis. Sec. Litig., 536 F.3d 1049, 1055 (9th Cir. 2008) (internal quotation marks and citations omitted). While a complaint need not contain detailed factual allegations, it "must contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face.'" Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). A claim is facially plausible when it "allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Id.
A. Subject Matter Jurisdiction
Svenson clearly has Article III standing to bring her two claims under the Stored Communications Act. See In re Zynga Privacy Litig., 750 F.3d 1098, 1105 n.5 (9th Cir. 2014) ("Because the plaintiffs allege that Facebook and Zynga are violating statutes that grant persons in the plaintiffs' position the right to judicial relief, we conclude they have standing to bring this claim."). However, "Article III standing is  claim- and relief-specific, such that a plaintiff must establish Article III standing for each of her claims and for each form of relief sought." In re Adobe Sys., Inc. Privacy Litig., ___ F.Supp.2d ___, 2014 WL 4379916, at *10 (N.D. Cal. Sept. 4, 2014). Google asserts Svenson has not established Article III standing to bring her state law claims for breach of contract, breach of the implied covenant, and unfair competition. Specifically, Google asserts that she has not alleged that she suffered any cognizable injury in fact that is fairly traceable to Google. As discussed below, Svenson has alleged facts sufficient to state a claim for breach of contract, breach of the implied covenant of good faith and fair dealing, and unfair competition, meaning that she has alleged that she suffered damages ("injury in fact") resulting from Google's breach of contract, breach of the implied covenant, and unfair competition ("fairly traceable to the challenged conduct"). See Public Lands for the People, 697 F.3d at 1195-96 (reciting Lujan factors).
Accordingly, the motion to dismiss for lack of Article III standing is DENIED.
B. Failure to State a Claim
1. Claim 1 - Breach of Contract
Claim 1 alleges breach of contract. To succeed on a breach of contract claim under California law, a plaintiff must establish a contract, the plaintiff's performance or excuse for nonperformance, the defendant's breach, and resulting damages to the plaintiff. Pyramid Tech., Inc. v. Hartford Cas. Ins. Co., 752 F.3d 807, 818 (9th Cir. 2014).
Based upon the prior pleading and argument, the Court had understood there to be one contract entered into when a user obtains a Wallet account. While the Court had understood different contract provisions to cover different circumstances - e.g., Wallet being used to purchase Apps versus Wallet lying dormant after initial registration - the Court was under the impression that all those circumstances were addressed in a single contract. However, Svenson now alleges expressly that a new contract is formed each and every time a user purchases an App in the Play Store. See FAC ¶¶ 34-35. Google urges the Court to reject that allegation as implausible in light of Svenson's allegation in the original complaint that she agreed to the Google Wallet Terms of Service when she registered for Wallet. See Defs.' Reply at 5 n.2, ECF 95. Google relies upon cases holding that when determining plausibility of allegations in an amended complaint, the Court may consider contradictory allegations made in prior iterations of the complaint. See Kennedy v. Wells Fargo Bank, N.A., No. C 11-0675 MMC, 2011 WL 3359785, at *5 (N.D. Cal. Aug. 2, 2011); Fasugbe v. Willms, No. CIV 2:10-2320 WBS KNJ, 2011 WL 2119128, at *5 (E.D. Cal. May 26, 2011); Stanislaus Food Prods. Co. v. USS-POSCO Indus., 782 F.Supp.2d 1059, 1075 (E.D. Cal. 2011).
Plaintiff does not dispute that some users agree to the Google Wallet Terms of Service when initially registering for Wallet. However, she alleges that even after initially registering for Wallet, users are required to enter into a new and separate "Buyer Contract" in order to complete each subsequent App purchase. FAC ¶ 34-35. According to Svenson, a "Buyer Contract" is not complete until the user making the purchase in the Play Store clicks a button that (1) indicates consent to the Google Wallet Terms of Service existing at the time of the purchase and (2) authorizes Google to execute the transaction. Id. ¶ 42. It is not clear from the FAC whether Svenson initially registered for Wallet and then later purchased the App or whether she registered for Wallet concurrently with purchasing the App. See id. ¶¶ 87-88. The Court concludes that this lack of clarity makes little difference, as under Svenson's theory even a user who already has a Wallet account must enter into a new "Buyer Contract" at the time of each subsequent App purchase. Thus the Court does not view Svenson's current allegations to be irreconcilable with her earlier allegations. Moreover, to the extent that Google disputes the factual accuracy of the current allegations - that a separate "Buyer Contract" is created each and every time a user purchases an App in the Play Store - resolution of that factual dispute is not appropriate on a motion to dismiss. Nothing in this order precludes Google from challenging Svenson's allegations regarding "Buyer Contracts" in a motion for summary judgment or at another appropriate point in the litigation. However, for pleading purposes, Plaintiff adequately has alleged the existence of a "Buyer Contract" between herself and Google.
Svenson alleges that she performed her obligations under the "Buyer Contract" and that Google breached the "Buyer Contract" by sharing her personal information - or "Packets Contents" - with YCDroid when such sharing was not necessary to her App purchase and was not otherwise authorized under the "Buyer Contract." FAC ¶¶ 139, 149. Those allegations are sufficient to satisfy the second and third elements of a contract claim. Google's motion turns on the fourth element, damages resulting from the breach.
Benefit of the Bargain
The FAC articulates two theories of contract damages - benefit of the bargain and diminution in value of Svenson's personal information. Addressing benefit of the bargain first, "[c]ontract damages compensate a plaintiff for its lost expectation interest. This is described as the benefit of the bargain that full performance would have brought." New West Charter Middle School v. Los Angeles Unified School Dist., 187 Cal.App.4th 831, 844 (2010). In Chavez v. Blue Sky Natural Beverage Co., 340 Fed.Appx. 359 (9th Cir. 2009), the Ninth Circuit concluded that the plaintiff had made out a benefit of the bargain damages theory where he alleged that he had purchased Blue Sky soda instead of other brands based on representations that Blue Sky was a New Mexico company; Blue Sky was not bottled or produced in New Mexico; he would not have purchased Blue Sky had he known the truth about the product's geographic origin; and as a result he lost money because he did not receive what he had paid for. Id. at 361.
In her original complaint, Svenson alleged that a portion of the $1.77 App purchase price compensated Google for the service of facilitating the App transaction without disclosing her personal information; and that she was denied the benefit of her bargain when Google facilitated the App transaction but disclosed her personal information to the third-party vendor. The Court concluded that those allegations were insufficient to show contract damages, noting among other things that Svenson had not alleged facts showing that any portion of the $1.77 App purchase price was retained by Google, or that the $1.77 App purchase price was intended to pay for anything other than the App, which Svenson received. Order of Aug. 12, 2014 at 7, ECF 83. Svenson now alleges that "Defendants' payment-processing services provided under Buyer Contracts are not free: Defendants keep a percentage of the purchase price for each App purchase they process." FAC ¶ 142. She also alleges that "[t]he percentage of the App sales price Defendants retained is the money Defendants earned from Plaintiff's and Class Members' purchases of Apps under the Buyer Contracts." Id. ¶ 148.
Svenson also has clarified her contract theory as follows: under the "Buyer Contract" created at the time of her App purchase, the parties were to receive certain benefits: she was to receive a payment processing service that would facilitate her Play Store purchase while keeping her private information confidential in all but specific circumstances under which disclosure was authorized; and Google was to obtain access to her personal information, which had value to Google, and also was to retain a percentage of the App's purchase price. Id. ¶¶ 142-150. Google did obtain Svenson's personal information and did retain a percentage of the purchase price of the "SMS MMS to Email" App, but she did not receive the contracted-for privacy protections. Id. ¶¶ 148, 151-52. Svenson alleges that "[t]he services Plaintiff and Class Members ultimately received in exchange for Defendants' cut of the App purchase price - payment processing, in which their information was unnecessarily divulged to an unaccountable third party - were worth quantifiably less than the services they agreed to accept, payment processing in which the data they communicated to Defendants would only be divulged under circumstances which never occurred." Id. ¶ 151. She also alleges that "[h]ad Plaintiff known Defendants would disclose her Packets Contents, she would not have purchased the SMS MMS to Email' App from Defendants." Id. ¶ 96. Svenson alleges that the App "is available from numerous other App stores besides Google Play, including AppBrain and App Annie." Id. ¶ 95. Under the rationale of Chavez, discussed above, the Court concludes that Svenson has alleged facts sufficient to show contract damages under a benefit of the bargain theory.
Diminution of Value of Personal Information
Svenson also alleges that Google's conduct in making her personal information available to YCDroid diminished the sales value of that personal information. FAC ¶ 125. As the Court recognized in its prior order, the Ninth Circuit expressly has recognized that this type of allegation may be sufficient to establish the element of damages for a breach of contract claim. See In re Facebook Privacy Litig., 572 Fed.Appx. 494 (9th Cir. 2014). The Court concluded that Svenson's original complaint did not allege facts sufficient to make out this theory of contract damages because it did not allege a market for Svenson's personal information. Order of Aug. 12, 2014 at 8, ECF 83. Svenson now alleges that "[t]here is a robust market for the type of information contained within the Packets Contents, " FAC ¶ 98, and that "[a]s a result of Defendants' actions, Plaintiff and the Class have been deprived of their ability to sell their own personal data on the market, " Id. ¶ 157.
Plaintiffs allege that the information disclosed by Facebook can be used to obtain personal information about plaintiffs, and that they were harmed both by the dissemination of their personal information and by losing the sales value of that information. In the absence of any applicable contravening state law, these allegations are sufficient to show the element of damages for their breach of contract and fraud claims. Therefore, the district court erred in dismissing these state law claims.
Facebook Privacy Litig., 572 Fed.Appx. at 494 (internal citations omitted). In light of the Ninth Circuit's ruling, this Court concludes that Svenson's allegations of diminution in value of her personal information are sufficient to show contract damages for pleading purposes.
Accordingly, the motion to dismiss is DENIED as to Claim 1.
2. Claim 2 - Breach of the Implied Covenant
Claim 2 alleges breach of the implied covenant of good faith and fair dealing. "The implied promise [of good faith and fair dealing] requires each contracting party to refrain from doing anything to injure the right of the other to receive the benefits of the agreement.'" Avidity Partners, LLC v. State of Cal., 221 Cal.App.4th 1180, 1204 (2013) (quoting Egan v. Mutual of Omaha Ins. Co., 24 Cal.3d 809, 818 (1979)). "The implied covenant of good faith and fair dealing does not impose substantive terms and conditions beyond those to which the parties actually agreed." Id.
The Court previously dismissed Svenson's claim for breach of the implied covenant after concluding that it was duplicative of her claim for breach of contract in that it alleged no more than Google's disclosure of her personal information. See Order of Aug. 12, 2014 at 9, ECF 83. In the FAC, Svenson alleges that among the benefits conferred upon her and the Class by the "Buyer Contracts, " which incorporated the Google Wallet Terms of Service, were privacy protections arising out of Google's obligation not to disclose their personal information except as necessary to a transaction or as otherwise specifically authorized. FAC ¶¶ 162-63. She alleges further that "the Wallet Terms are standardized and non-negotiable terms that Defendants, at their own discretion, interpreted to carry out the above-described privacy promises in a way that resulted in the unnecessary disclosure of Plaintiff and other Class members' Packets Contents to third-party App Vendors." Id. ¶ 164. Specifically, Plaintiff alleges that "while Defendants may share personal information with third parties if necessary to process the user's transaction and maintain the user's account, ' that provision is not reasonably interpreted to allow blanket, universal disclosure of any or all of the Packets Contents to third-party App Vendors" in connection with every App purchase in the Play Store. FAC ¶ 165 (emphasis added). Svenson alleges that "[t]he agreed common purpose of the Wallet Terms was for Buyers to be able to privately purchase Apps from App Vendors, " and that Google exercised its discretion under the Wallet Terms of Service in a way that frustrated that purpose. See id. ¶¶ 165, 168, 170. The Court concludes that this theory and these allegations are sufficient to state a claim for breach of the implied covenant of good faith and fair dealing.
Google points out, correctly, that Svenson's implied covenant claim also contains allegations that Google did not inform users that their personal information would be shared with App vendors in connection with every transaction, see FAC ¶¶ 167, 169, and that the alleged failure to inform is insufficient to state a claim for breach of the implied covenant absent an allegation that Google had a duty to inform. At the hearing, the Court engaged in a colloquy with counsel as to whether it would make sense to go through another round of amendment and - presumably - motion practice, or whether the allegations in the FAC were sufficient to move forward on the implied covenant claim. Viewing the claim as a whole, the Court concludes that Svenson does allege a viable claim for breach of the implied covenant despite her stray, non-actionable allegations regarding Google's failure to disclose.
Accordingly, the motion to dismiss is DENIED as to Claim 2.
3. Claim 3 - Violation of SCA § 2701
Claim 3 alleges that disclosure of Svenson's personal information violated § 2701 of the Stored Communications Act ("SCA"), 18 U.S.C. § 2701. The Court previously dismissed Claim 3 without leave to amend. See Order of Aug. 12, 2014 at 11, ECF 83. Svenson acknowledges the Court's prior order and makes clear that she has included Claim 3 in her FAC to preserve her appeal rights. Thus no substantive discussion of Claim 3 is required here.
The motion to dismiss is GRANTED WITHOUT LEAVE TO AMEND as to Claim 3.
4. Claim 4 - Violation of SCA § 2702
Claim 4 alleges that disclosure of Svenson's personal information violated § 2702 of the SCA, which creates a private right of action for violation of the following provisions:
(a) Prohibitions. - Except as provided in subsection (b) or (c) -
(1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service; and
(2) a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that service -
(A) on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such service;
(B) solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing; and
(3) a provider of remote computing service or electronic communication service to the public shall not knowingly divulge a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by paragraph (1) or (2)) to any governmental entity.
18 U.S.C. § 2702(a) (emphasis added); see id. § 2707(a) (creating a private right of action).
While a provider described in subsection (a) may not disclose the "contents of a communication, " such provider may divulge " a record or other information" regarding a subscriber or customer to "any person other than a governmental entity" and to governmental entities under certain circumstances. 18 U.S.C. § 2702(c) (emphasis added).
Google's motion does not challenge Google's status as an entity "providing an electronic communication service" and/or "providing remote computing service" within the meaning of § 2702(a). The question presented by this motion is whether the "Packets Contents" Google sent YCDroid was "contents of a communication" or "a record or other information"; if the former, Svenson has made out a claim under § 2702(a), but if the latter she has not.
In its prior order, the Court discussed at length the available case law on the issue of "record information" versus "contents of a communication." See Order of Aug. 12, 2014 at 11-15, ECF 83. In Zynga, the Ninth Circuit defined "contents of a communication" as "any information concerning the substance, purport, or meaning of that communication." Zynga, 750 F.3d at 1105 (citing 18 U.S.C. § 2510(8)); see also id. at 1104 (noting that the SCA incorporates the Wiretap Act's definition of "contents"). The Ninth Circuit explained that "the term contents' refers to the intended message conveyed by the communication, and does not include record information regarding the characteristics of the message that is generated in the course of the communication." Id. at 1106. The Ninth Circuit has recognized that record information generally includes "the name, address, or client ID number of the entity's customers." Id. at 1104.
In Zynga, the plaintiffs claimed that when users clicked on certain ads or icons on a Facebook webpage, the web browser sent a request to access the resource identified by the link and also sent a "referer header" comprising the user's Facebook ID and the address of the Facebook webpage the user was viewing when the user clicked the link. Zynga, 750 F.3d at 1101-02. The plaintiffs alleged that the referer header constituted contents of a communication such that its transmission to third parties violated § 2702(a). The Ninth Circuit held that the referer header did not meet the definition of "contents." Id. at 1107. Equating the Facebook ID with a user's "name" or "subscriber number or identity, " and equating the webpage address with a user's "address, " the Ninth Circuit held that "these pieces of information are not the substance, purport, or meaning' of a communication." Id.
The Ninth Circuit distinguished In re Pharmatrak, 329 F.3d 9 (1st Cir. 2003), a Wiretap Act case in which the defendants allegedly intercepted the contents of electronic communications, specifically, information that individuals provided to online pharmaceutical websites. That information included the individuals' "names, addresses, telephone numbers, email addresses, dates of birth, genders, insurance statuses, education levels, occupations, medical conditions, medications, and reasons for visiting the particular website." Id. at 15. It was undisputed that the information constituted "contents" of a communication under the circumstances of the case; the arguments focused on whether the "interception" element of the Wiretap Act claim was satisfied and whether the consent exception applied. Id. at 18. The Ninth Circuit opined in Zynga that the information in Pharmatrak properly was characterized as contents of a communication "[b]ecause the users had communicated with the website by entering their personal medical information into a form provided by a website. " Zynga, 750 F.3d at 1107 (emphasis added). The Ninth Circuit distinguished the case before it by noting that the Zynga defendants did not divulge a user's communications to a website but allegedly "divulged identification and address information contained in a referrer header automatically generated by the web browser." Id.
Although Zynga distinguished Pharmatrak in part on the basis that the referrer header at issue in Zynga was automatically generated, this Court does not read Zynga so narrowly to mean that only automatically generated data may constitute record information. The Court reads Zynga and cases in this district to define "record information" as including a user's name, email address, account name, mailing address, and the like. See Zynga at 1104 (recognizing that record information generally includes "the name, address, or client ID number of the entity's customers"); Chevron Corp. v. Donziger, No. 12-mc-80237 CRB (NC), 2013 WL 4536808, at *6 (N.D. Cal. Aug. 22, 2013) (characterizing information associated with the creation of an email address, including names, mailing addresses, phone numbers, billing information, and date of account creation, as "record or other information" and not "contents" of a communication); Obodai v. Indeed, Inc., No. 13-80027-MISC EMC (KAW), 2013 WL 1191267, at *3 (N.D. Cal. Mar. 21, 2013) (holding that no "content" of communications was implicated by a subpoena seeking "subscriber information" provided when a user creates a Gmail account, such as phone numbers and alternative email addresses). To hold that such information constitutes contents of a communication unless it was automatically generated would read § 2702(c) out of the statue.
This Court previously dismissed Claim 4 after concluding that the personal information described in the original complaint - "the user's name, email address, Google account name, home city and state, zip code, and in some instances telephone number, " Compl. ¶ 49, ECF 5-1 - constituted "record information" rather than "contents of a communication." See Order of Aug. 12, 2014 at 11-15, ECF 83. Because the § 2702 claim had not previously been challenged by motion or addressed by the Court, Svenson was granted an opportunity to amend. Id. at 15. However, the Court cautioned that "[g]iven the analysis set forth herein, Plaintiff must consider whether she can allege additional facts that would demonstrate that the alleged disclosure was more than record information." Id. Google argues, and the Court agrees, that Svenson has not alleged such facts.
The "Packets Contents" described in the FAC are alleged to include "personal information about Buyers, including credit card information, purchase authorization, addresses, zip codes, names, phone numbers, email addresses, and/or other information." FAC ¶ 10. Despite the inclusion in this definition of the term "credit card information, " however, it does not appear that App vendors are given access to user's credit card numbers. See FAC ¶ 74 (alleging that third party App vendors are given access to "the respective Buyer's identity, address, city, zip code, email address, or telephone number"). Svenson's opposition concedes that credit card information is not actually provided to App vendors. See Pls.' Opp. at 15 n.14, ECF 94. Accordingly, the "Packets Contents" are not materially different from the personal information alleged to have been disclosed in the original complaint. Compare Compl. ¶ 49, ECF 5-1, with FAC ¶¶ 10, 74, ECF 84. Svenson's opposition to Google's motion relies largely upon same cases discussed by the Court in its prior order. See, e.g., Zynga, 750 F.3d 1098; Pharmatrak, 329 F.3d 9; Yunker v. Pandora Media, Inc., No. 11-cv-03113 JSW, 2013 WL 1282980 (N.D. Cal. Mar. 26, 2013). Because none of Svenson's factual allegations or legal arguments are materially different from those considered and rejected by the Court previously, the Court declines to reconsider its prior ruling.
Accordingly, the motion to dismiss is GRANTED WITHOUT LEAVE TO AMEND as to Claim 4.
5. Claim 5 - Violation of California's UCL
Claim 5 asserts a violation of California Business & Professions Code § 17200. In order to state a claim for relief under that provision, Plaintiff must allege facts showing that Defendants engaged in an "unlawful, unfair or fraudulent business act or practice." Cal. Bus. & Prof. Code § 17200. "Because the statute is written in the disjunctive, it is violated where a defendant's act or practice violates any of the foregoing prongs." Davis v. HSBC Bank Nevada, N.A., 691 F.3d 1152, 1168 (9th Cir. 2012). In addition to identifying a practice under one of the above prongs, a plaintiff must allege that he or she has suffered (1) economic injury (2) as a result of the practice. See Kwikset Corp. v. Sup.Ct., 51 Cal.4th 310, 323 (2011). Specifically, the plaintiff must allege that he or she "suffered injury in fact and has lost money or property as a result of the unfair competition." Cal. Bus. & Prof. Code § 17204.
The Court previously dismissed Svenson's UCL claim for failing to allege economic injury arising from the challenged business practice as required by Kwikset. See Order of Aug. 12, 2014 at 16, ECF 83. In particular, the Court concluded that "Plaintiff alleges that she purchased an App for $1.77 and received that App, " and that she had "not alleged facts showing that she suffered any damages resulting from that transaction." Id. Google contends that Svenson has not cured this defect. However, as discussed above in connection with the contract claim, Svenson now alleges that "Defendants' payment-processing services provided under Buyer Contracts are not free: Defendants keep a percentage of the purchase price for each App purchase they process." FAC ¶ 142. She also alleges that "[t]he percentage of the App sales price Defendants retained is the money Defendants earned from Plaintiff's and Class Members' purchases of Apps under the Buyer Contracts." Id. ¶ 148. Svenson thus alleges that she paid Google for services that she did not receive as a result of Google's unlawful and unfair business practices, establishing economic injury.
The Court did not previously consider whether Svenson had alleged facts sufficient to meet the other pleading requirements for UCL claims. Svenson asserts claims under the unlawful and unfair prongs. With respect to the former, "[b]y proscribing any unlawful business practice, section 17200 borrows violations of other laws and treats them as unlawful practices that the unfair competition law makes independently actionable." Chabner v. United of Omaha Life Ins. Co., 225 F.3d 1042, 1048 (9th Cir. 2000) (internal quotation marks and citation omitted). Svenson relies upon alleged violations of the SCA, which are insufficient for the reasons discussed in connection with Claims 3 and 4, above. However, she also relies upon alleged violations of California Business and Professions Code § 22576, which prohibits an operator of a commercial web site or online service from failing to comply with its own privacy policies. Id. ¶¶ 222-223. Svenson's allegations regarding Google's policy of disclosing personal information in connection with all App purchases, in violation of its own privacy policies, thus are sufficient to state a claim under the unlawful prong. See id. ¶¶ 223-224.
With respect to the unfair prong, "the UCL does not define the term unfair' as used in Business and Professions Code section 17200." Durell v. Sharp Healthcare, 183 Cal.App.4th 1350, 1364 (2010). Nor has the California Supreme Court established a definitive test to determine whether a business practice is unfair. Phipps v. Wells Fargo Bank, N.A., No. CV F 10-2025 LJO SKO, 2011 WL 302803, at *16 (E.D. Cal. Jan. 27, 2011). Three lines of authority have developed among the California Courts of Appeal. In the first line, the test requires "that the public policy which is a predicate to a consumer unfair competition action under the unfair prong of the UCL must be tethered to specific constitutional, statutory, or regulatory provisions." Drum v. San Fernando Valley Bar Ass'n, 182 Cal.App.4th 247, 257 (2010) (internal quotation marks and citation omitted). A second line of cases applies a test to determine whether the identified business practice is "immoral, unethical, oppressive, unscrupulous or substantially injurious to consumers and requires the court to weigh the utility of the defendant's conduct against the gravity of the harm to the alleged victim." Id. (internal quotation marks and citation omitted). The third test draws on the definition of "unfair" from antitrust law and requires that "(1) the consumer injury must be substantial; (2) the injury must not be outweighed by any countervailing benefits to consumers or competition; and (3) it must be an injury that consumers themselves could not reasonably have avoided." Id. (internal quotation marks and citation omitted). Svenson alleges that Google's alleged practice of disclosing personal information in connection with all App purchases is "oppressive, immoral, unethical, and unscrupulous, " and that it effects substantial consumer injury that is "not outweighed by any countervailing benefit to consumers or to competition." FAC ¶¶ 225, 229. The details of Google's alleged practice of violating its privacy policies, and the resulting injuries to Svenson and the Class arising from such practice, are discussed in detail above and need not be set forth again here. See id. ¶¶ 225-244. The Court concludes that Svenson has made out a UCL claim under the unfair prong as well as under the unlawful prong.
Google argues that Svenson's UCL claim is governed by the standards applicable to the fraudulent prong even though she specifically confines her allegations to the unlawful and unfair prongs. "[A] consumer's burden of pleading causation in a UCL action should hinge on the nature of the alleged wrongdoing rather than the specific prong of the UCL the consumer invokes." Durell, 183 Cal.App.4th at 1363. Thus a claim that is based upon alleged misrepresentation and deception requires an allegation of actual reliance even if brought under the unlawful or unfair prongs rather than the fraudulent prong. Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir. 2009) (fraud requirements may apply to claim brought under unfair prong); Durell, 183 Cal.App.4th at 1363 (reliance requirement may apply to claim brought under unlawful prong). According to Google, the thrust of the UCL claim is that Google misrepresented its practices with respect to disclosure of user information. Thus, Google asserts, Svenson must allege reliance upon those misrepresentations in order to state a claim. Svenson does not allege that she read or relied upon the Google Wallet Terms of Service or the privacy provisions contained therein.
The Court is not persuaded by Google's characterization of Svenson's UCL claim. Her unlawful prong claim alleges in a straightforward manner that Google violated its own privacy policies in violation of California Business and Professions Code § 22576. No reliance is required for a violation of § 22576. With respect to the unfair prong, Svenson does not alleged that she entered into the "Buyer Contract" in reliance upon misrepresentations regarding the privacy protections contained therein. She alleges that that privacy protections were contract benefits to which she was entitled and that Google's practice of making "blanket, universal disclosure of any or all of the Packets Contents to third-party App Vendors" in connection with every App purchase in the Play Store deprived her (and the Class) of any opportunity to receive those benefits. FAC ¶¶ 163-65. "[A] breach of contract may... form the predicate for Section 17200 claims, provided it also constitutes conduct that is unlawful, or unfair, or fraudulent." Puentes v. Wells Fargo Home Mortg., Inc., 160 Cal.App.4th 638, 645 (2008) (internal quotation marks and citation omitted) (alterations in original). Svenson's allegation that Google had a policy that by its very nature frustrated "[t]he agreed common purpose of the Wallet Terms [ ] for Buyers to be able to privately purchase Apps from App Vendors, " FAC ¶ 168, is sufficient to take her claim beyond mere breach of contract and into the realm of unfair competition prohibited by the UCL.
Based upon the foregoing, the motion to dismiss is DENIED as to Claim 5.
(1) Defendants' Motion to Dismiss for lack of Article III standing is DENIED;
(2) Defendants' Motion to Dismiss for failure to state a claim is GRANTED as to Claims 3 and 4 without leave to amend and DENIED as to Claims 1, 2, and 5; and
(3) Defendants shall file an answer on or before April 16, 2015.