ORDER GRANTING DEFENDANT'S MOTION TO DISMISS
(Re: Docket No. 105)
PAUL S. GREWAL, Magistrate Judge.
You might think that after three years of complaints, motions to dismiss, orders on motions to dismiss, leave to amend, amended complaints and more, at least the fundamental question of Plaintiffs' Article III standing to pursue this suit would be settled. You might think that, but you would be wrong.1
For no less than the fourth time, Defendant Google, Inc. moves to dismiss Plaintiffs' complaint. In the wake of the court's orders on Google's previous motions to dismiss,2 only two claims remain: breach of contract and fraudulent unfair competition. Plaintiffs bring both claims on behalf of an "app disclosure" subclass. In granting Google's third motion to dismiss, the court previously held that Plaintiffs' only alleged injury-in-fact was the depletion of battery and bandwidth resulting from systemic, repeated transmission of personal information from Android devices to third-party developers.3 But in taking the leave the court granted to amend their claims, Plaintiffs managed something somewhat unusual: they pled themselves out of a case. Because injury-in-fact is now insufficiently alleged, especially as Plaintiffs claim injury without alleging any actual disclosure to third parties from Plaintiffs' own devices, the court GRANTS Google's motion to dismiss, without further leave to amend.
I.
"To establish Article III standing, an injury must be `concrete, particularized, and actual or imminent; fairly traceable to the challenged action; and redressable by a favorable ruling.'"4 The injury required by Article III may exist by virtue of "statutes creating legal rights, the invasion of which creates standing."5 In such cases, the "standing question . . . is whether the constitutional or statutory provision on which the claim rests properly can be understood as granting persons in the plaintiff's position a right to judicial relief."6 At all times the threshold question of standing "is distinct from the merits of [a] claim" and does not require "analysis of the merits."7 The "standing inquiry requires careful judicial examination of a complaint's allegations to ascertain whether the particular plaintiff is entitled to an adjudication of the particular claims asserted."8
This is a putative nationwide class action brought by Plaintiffs Michael Goldberg, Robert DeMars and Scott McCullough against Google on behalf of all persons and entities in the United States that purchased at least one paid Android application through the Android Market and/or Google Play Store between February 1, 2009 and May 31, 2014.9
Google is a technology and advertising company that provides free web-based products to billions of consumers around the world.10 Free products are not, however, truly free. Google requires massive amounts of revenue to sustain itself. To generate revenue from advertising, Google logs personal identifying information, browsing habits, search queries, responsiveness to ads, demographic information, declared preferences and other information about each consumer that uses its products. Google then uses this information to place advertisements tailored to each consumer while the consumer is using any Google product or browsing third-party sites that have partnered with Google to serve targeted ads.11
Google always has maintained a general or default privacy policy purporting to permit Google to "combine the information you submit under your account with information from other services."12 This would allow Google, for example, to associate a consumer's Gmail account (and therefore his or her name and identity, his or her private contact list or the contents of his or her communications) with the consumer's Google search queries or the consumer's use of other Google products like Android, YouTube, Picasa, Voice, Google+, Maps, Docs and Reader.13 But before March 1, 2012, this general policy was qualified, limited and alleged to be contradicted in privacy policies associated with specific Google products, including both Gmail and Android-powered devices. The privacy policies associated with Android-powered devices, for example, specified that, although the default terms would generally apply, "[c]ertain applications or features of your Android-powered phone may cause other information [that is, other than certain delimited "usage statistics"] to be sent to Google but in a fashion that cannot be identified with you personally" and that "[y]our device may send us location information (for example, Cell ID or GPS information) that is not associated with your [Google] Account."14 These categories of information, and certain other discrete categories of Android user information identified by the terms of the Android-powered device policy in effect prior to March 1, 2012, could not be "combine[d] . . . with information from other services."15 On March 1, 2012, Google replaced these various policies with a single, unified policy that unequivocally allows Google to comingle user data across accounts and disclose it to third-parties for advertising purposes.16
This brings us to the activity now in dispute. Google Play, formerly known as the Android Market, is the primary gateway for Android users to acquire, purchase and download apps and other digital media for their Android devices.17 The process of purchasing an app requires multiple components, including the creation of a Wallet account, the request for the app and the creation of a record of the purchase for the Developer Console.18 To create a Wallet account, a user must have a Google account and provide his or her name, usename, country and zip code.19 The request of an app consumes resources including electric power, CPU cycles, main memory and network capacity or bandwidth.20 In the Checkout Merchant Center, operative from February 2009 to early 2013, and the Play Developer Console, operative from 2012 to May 2014, a purchase of a paid application through the Android Market/Google Play Store allowed the app developer to access the purchaser's name, email address and course address, or "the physical or geographical location associated with the Play account and/or the Android device used to download the application."21 Google stopped making available purchaser details (including name and email address) to app developers in May 2014.22 But Google has continued to process app purchase transactions, to maintain user accounts and otherwise operate normally since May 2014.23
Plaintiffs' original complaint alleged that Google violated both its prior policies and consumers' privacy rights, but the court held that Plaintiffs lacked standing because they did not plead facts sufficient to show concrete economic harm or prima facie statutory or common law violations.24 "[N]othing in the precedent of the Ninth Circuit or other appellate courts confers standing on a party that has brought statutory or common law claims based on nothing more than the unauthorized disclosure of personal information."25 Plaintiffs' first consolidated amended complaint expanded the bounds of the alleged class and the explanations of Plaintiffs' injuries, but the court dismissed for failure to plead sufficient facts to support any of their claims.26 Plaintiffs' second consolidated amended complaint added allegations of Google's Emerald Sea plan, but effectively alleged the same harms as before.27
After Google's third motion to dismiss, two claims remained: an "app disclosure subclass" breach of contract claim and the subclass's fraudulent unfair competition claim. The court ruled that Plaintiffs could proceed on those two causes of action alone, although it later granted Plaintiffs' motion to file a consolidated third amended complaint to "trim" their allegations.28 In addition to adding Goldberg as a plaintiff, the CTAC (i) dropped any allegations relating to Google's use of the personal information of Android users that obtained free applications, as distinguished from paid applications, from Google; and (ii) revised the class period.29 The class now is limited to Android users that purchased paid apps through the Android Market/Google Play Store between February 1, 2009 and May 31, 2014.30 This class period represents the period of time during which Google allegedly and knowingly disclosed to third parties the names, email addresses and account location information belonging to each Android user that purchased a paid app through the Android Market/Google Play Store, in direct contravention of its express promises that it would not do so.31
II.
This court has subject matter jurisdiction under the Class Action Fairness Act, 28 U.S.C. § 1332(d), in part because the aggregated claims of the individual class members exceed the sum or value of $5,000,000.32 The parties further consented to the jurisdiction of the undersigned magistrate judge under 28 U.S.C. § 636(c) and Fed. R. Civ. P. 72(a).33
The plaintiff always bears the burden of establishing standing.34 Where the plaintiff lacks standing, a complaint must be dismissed for lack of subject matter jurisdiction under Fed. R. Civ. P. 12(b)(1).35 In reviewing such a motion, the court "is not restricted to the face of the pleadings, but may review any evidence, such as affidavits and testimony, to resolve factual disputes concerning the existence of jurisdiction."36 To successfully oppose a Rule 12(b)(1) motion, the nonmovant must put forth "the manner and degree of evidence required" by the particular "stage[] of the litigation."37 "At the pleading stage, general factual allegations of injury resulting from the defendant's conduct may suffice, for on a motion to dismiss," the court "`presumes that general allegations embrace those specific facts that are necessary to support the claim.'"38 "At all times the threshold question of standing `is distinct from the merits of a claim' and does not require `analysis of the merits.'"39 All disputes of fact are resolved in favor of the nonmovant.40
III.
To establish Article III standing, it is the plaintiff's burden41 to "show (1) it has suffered an `injury in fact' that is (a) concrete and particularized and (b) actual or imminent, not conjectural or hypothetical; (2) the injury is fairly traceable to the challenged action of the defendant; and (3) it is likely, as opposed to merely speculative, that the injury will be redressed by a favorable decision."42 Because Plaintiffs fail to satisfy all three prongs, they lack standing to pursue their claims.
First, Plaintiffs have no evidence of concrete, particularized and actual or imminent "injury-in-fact" because they no longer allege that the battery-and-bandwidth-using transmission containing personal information ever occurs from Plaintiffs' phones.43 Plaintiffs also do not allege that any battery-and-bandwidth-using transmission ever went to a third party.44 The app purchase process involves transmissions only to or from Google.45 While Plaintiffs allege that for a period of time it was possible for developers to look up the record of a particular transaction on a Google server and also access the user's email and rough address,46 mere risk of future disclosure is not an Article III injury-in-fact. In Low v. LinkedIn Corp., the court specifically rejected allegations of the risk of future disclosures as "insufficient to establish an injury-in-fact that is concrete and particularized, as well as actual and imminent."47 With no allegation of dissemination or improper receipt of information, any profit or loss made from any alleged disclosure, let alone a potential disclosure, is "conjectural."48 With no allegation of "appreciable and actual" harm,49 Plaintiffs allege no injury-in-fact.
Pointing to the Ninth Circuit's recent unpublished opinion in In re Facebook Privacy Litigation,50 Plaintiffs argue they have standing under two theories of injury-in-fact in addition to battery and bandwidth use: economic injury resulting from Google's providing access to Plaintiffs' personal information to third parties, and the non-economic harm associated with the very fact of this access.51 In Facebook, the complaint alleged that Facebook transmitted to advertisers both the user's Facebook user id and the page the user was viewing at the time, which advertisers could then combine with the information on the user's Facebook page to assemble a comprehensive dossier.52 The plaintiffs affirmatively pled both that there was a "robust" market for that information and that plaintiffs had been financially harmed by Facebook usurping their ability to sell that information themselves.53 Judge Ware dismissed the claim on a Rule 12(b)(6) motion based on Facebook's argument that it had in fact not interfered with the plaintiffs' ability to sell their own personal information.54 The Ninth Circuit reversed because the plaintiffs had indeed alleged that they were harmed "by the dissemination of their personal information and by losing the sales value of that information."55
Plaintiffs cite their expert Fernando Torres's report to show an analysis of what third parties would pay for a consumer database containing identifying information for mass marketing purposes.56 Torres analyzed the value of the information made available by Google to app developers from several perspectives. First, Torres concludes that the information disclosed by Google has economic value, which class members have lost.57 To estimate this, he analyzed and quantified what third parties would pay for a consumer data base containing this information, for mass marketing purposes.58 He also analyzed and quantified the amount of revenue that third parties could realize from the use of this information.59 Torres further explained that "[b]ecause Google has disclosed this information to the application developers, the members of the Subclass have lost the sales value of that information that they otherwise would have had."60 In addition, Torres concludes that the class members are injured because they have a quantifiable interest in protecting the privacy of the information that Google discloses to app developers.61
There is just one problem with Torres's various conclusions: they are not reflected anywhere in the CTAC. Plaintiffs do not allege economic injury from any dissemination—or any dissemination at all62—or any injury in the form of loss of the Plaintiffs' ability to sell their own information or its market value.63 Plaintiffs plead neither the existence of a market for their email addresses and names nor any impairment of their ability to participate in that market. Indeed, the named Plaintiffs freely publish their names and email addresses through their work websites.64 If disclosure did occur, then, it would not constitute injury. Even if Plaintiffs' complaint need not show any proof of deprivation of the opportunity to sell their personal information to anyone,65 Plaintiffs still need to make a pleading, and they do not.
Second, Plaintiffs' claim of battery and bandwidth depletion has no nexus to Google's alleged breach or unfair competition. It is certainly alleged that each time a user purchases an app from Google Play, there are transmissions back and forth between the user's device and Google's servers.66 Those transmissions may include the process of browsing the Play catalog to select an App, sending a request to purchase an App and downloading the App once purchased.67 But Plaintiffs do not allege those transmissions contain any personal information.68 And while the parties do not dispute that a record of sale is logged in the user's Google Wallet records, the identifying information at issue is already a part of Google Wallet, provided by the user in the process of opening the account.69 Plaintiffs concede that the transmission of data "consists not of the user's actual name and email address in human-readable form but, instead, [application program interface] calls or messages providing certain computer-readable device- and user-specific data."70 Put another way, the loss of battery life or use of bandwidth is not "fairly traceable to the challenged action" as the downloading of the app occurs before any record of the transaction or making available of information for look-up.
Third, any injury is not redressable by a favorable decision. No past or future change to merchant queries or receipt of information would alter the battery or bandwidth consumed in purchasing an app. Google no longer makes names and email addresses visible in response to Wallet or Play merchant queries, nor could there be any claim that the amount of battery power used in purchasing an App changed one iota as a result. Even if tomorrow this court ordered Google to cease making any transaction data whatsoever available to the developers from whom users purchase apps, it would not change the battery and bandwidth use of the purchase process at all.71
IV.
Google's fourth motion to dismiss is GRANTED, without further leave to amend. Plaintiffs have amended their complaint no less than four times,72 and given that discovery is now closed, any further amendment introducing yet another theory of injury at this late date would be unfairly prejudicial to Google.73
SO ORDERED.