- 1 2 3 4 5 IN THE UNITED STATES DISTRICT COURT 6 FOR THE NORTHERN DISTRICT OF CALIFORNIA 7 8 MARIE HAMMERLING, et al., Case No. 21-cv-09004-CRB 9 Plaintiffs, ORDER GRANTING MOTION TO 10 v. DISMISS 11 GOOGLE LLC, 12 Defendant. 13 Defendant Google LLC (“Google”) moves to dismiss Plaintiffs Marie Hammerling 14 and Kay Jackson’s amended complaint. For the second time, Plaintiffs allege that Google 15 secretly used their Android smartphones to collect data regarding their use of third-party 16 apps. Plaintiffs allege that, through the collection of this data, Google “gains a wealth of 17 highly personal information about consumers” in order to “gain an unfair advantage 18 against its competitors.” Am. Compl. (dkt. 51) ¶¶ 3, 5. In its prior order, the Court 19 dismissed all of Plaintiffs’ claims against Google. See Hammerling v. Google LLC, No. 20 21-CV-09004-CRB, 2022 WL 2812188 (N.D. Cal. July 18, 2022). Plaintiffs renew those 21 claims in their amended complaint, alleging that Google breached its contract with its 22 customers and violated California’s Unfair Competition Law, the California Constitution, 23 and California fraud and privacy laws. Am. Compl. ¶¶ 119–222. Google again moves to 24 dismiss. Mot. (dkt. 57). Finding this matter suitable for resolution without oral argument 25 pursuant to Civil Local Rule 7-1(b), because Plaintiffs fail to cure the deficiencies outlined 26 in the Court’s prior order, the Court GRANTS Google’s motion to dismiss. 27 I. BACKGROUND 1 claims: (1) common law intrusion upon seclusion; (2) invasion of privacy under the 2 California Constitution; (3) violation of California Civil Code section 1709; (4) violations 3 of the fraud, unlawful, and unfair prongs of California Civil Code section 17200 (“Unfair 4 Competition Law” or “UCL”); (5) violation of California Civil Code section 1750 5 (“California Consumers Legal Remedies Act” or “CLRA”); (6) breach of contract; (7) 6 breach of implied contract; (8) unjust enrichment; (9) relief under the Declaratory 7 Judgment Act; and (10) violation of California Penal Code section 631 (“California’s 8 Invasion of Privacy Act” or “CIPA”). See Hammerling, 2022 WL 2812188. Despite 9 noting that “many of the problems [outlined in the order would] be difficult to cure,” the 10 Court granted Plaintiffs leave to amend. Id. at *18. Plaintiffs amended their complaint, 11 leaving the vast majority of their allegations untouched; those facts are discussed in the 12 Court’s prior order. See Hammerling, 2022 WL 2812188, at *1–2. In their amended 13 complaint, Plaintiffs allege the following additional facts: 14 First, Plaintiffs allege that data about their use of third-party apps provided “unique 15 insights” into their lives; for example, through Hammerling’s use of the Fidelity 16 Investments and Bank of America apps, Google knew where Hammerling “maintained her 17 financial accounts.” Am. Compl. ¶ 18. Through other third-party apps downloaded to her 18 Android smartphone, Google could deduce that Hammerling had a home security system, 19 drove a Mazda, read the New York Times, and was physically active. Id. Similarly, 20 through Jackson’s use of the Joel Osteen, YouVersion Bible, and Bible Trivia apps, 21 Google knew Jackson’s religious beliefs. Id. ¶ 30. 22 Second, Plaintiffs highlight five pieces of specific information collected from 23 Hammerling’s use of third-party apps: (1) she visited the Wish app on March 10, 2021 and 24 viewed a foot massager, and on March 3, 2021 and viewed “womens slippers size 9”; (3) 25 she visited the Groupon app and viewed deals for “78% off Anti-inflammatory Meal 26 subscriptions” on October 13, 2019 and “100% Extra Virgin Coconut Oil” on May 10, 27 2020; and (3) she visited the Picsart Photo & Video Editor app on March 8, 2021. Id. ¶¶ 1 Hammerling’s Google account, which state that: “This activity was saved to your Google 2 Account because the following settings were on: additional Web & App Activity. You can 3 control these settings here.” Id. ¶¶ 19, 21. When Plaintiffs followed the link in that notice, 4 they allege that the Web & App Activity Activity Control only states that Google will 5 “Save[] your activity on Google sites and apps” and Google’s collection of Hammerling’s 6 third-party app data from Groupon, Wish, and Picsart was in violation of this 7 representation. Id. ¶ 23.1 8 Third, Plaintiffs allege that Hammerling read Google’s Privacy Policy and that she 9 “did not understand this policy to mean (and did not agree) that Google would collect 10 sensitive data from” third-party apps she downloaded to her Android smartphone. Id. ¶ 25. 11 Plaintiffs do not allege that Jackson ever read the Policy. 12 Fourth and finally, Plaintiffs allege that this information was “not de-identified or 13 anonymized,” but that their interactions with third-party apps are “directly associated with 14 [their] Google Account[s].” See, e.g., id. ¶¶ 31, 65. 15 II. LEGAL STANDARD 16 Under Federal Rule of Civil Procedure 12(b)(6), the Court may dismiss a complaint 17 for failure to state a claim upon which relief may be granted. Dismissal may be based on 18 either “the lack of a cognizable legal theory or the absence of sufficient facts alleged under 19 a cognizable legal theory.” Godecke v. Kinetic Concepts, Inc., 937 F.3d 1201, 1208 (9th 20 Cir. 2019) (cleaned up). A complaint must plead “sufficient factual matter, accepted as 21 true, to state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 556 U.S. 662, 22 678 (2009) (cleaned up). A claim is plausible “when the plaintiff pleads factual content 23 that allows the court to draw the reasonable inference that the defendant is liable for the 24 misconduct alleged.” Id. When evaluating a motion to dismiss, the Court “must presume 25 all factual allegations of the complaint to be true and draw all reasonable inferences in 26 27 1 While Plaintiffs do not allege that any specific data of this kind was collected from Jackson, they 1 favor of the nonmoving party.” Usher v. City of Los Angeles, 828 F.2d 556, 561 (9th Cir. 2 1987). “Courts must consider the complaint in its entirety, as well as other sources courts 3 ordinarily examine when ruling on Rule 12(b)(6) motions to dismiss, in particular, 4 documents incorporated into the complaint by reference, and matters of which a court may 5 take judicial notice.” Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308, 322 6 (2007). 7 Claims for fraud must meet the pleading standard of Federal Rule of Civil 8 Procedure 9(b), which requires a party “alleging fraud or mistake [to] state with 9 particularity the circumstances constituting fraud or mistake.” Rule 9(b) “requires . . . an 10 account of the time, place, and specific content of the false representations as well as the 11 identities of the parties to the misrepresentations.” Swartz v. KPMG LLP, 476 F.3d 756, 12 764 (9th Cir. 2007) (cleaned up). “This means that averments of fraud must be 13 accompanied by the who, what, when, where, and how of the misconduct charged.” In re 14 Google Assistant Priv. Litig., 546 F. Supp. 3d 945, 955 (N.D. Cal. 2021) (internal 15 quotation marks omitted). 16 If a court dismisses a complaint for failure to state a claim, it should “freely give 17 leave” to amend “when justice so requires.” Fed. R. Civ. P. 15(a)(2). A court has 18 discretion to deny leave to amend due to “undue delay, bad faith or dilatory motive on the 19 part of the movant, repeated failure to cure deficiencies by amendment previously allowed, 20 undue prejudice to the opposing party by virtue of allowance of the amendment, [and] 21 futility of amendment.” Leadsinger, Inc. v. BMG Music Pub., 512 F.3d 522, 532 (9th Cir. 22 2008). 23 III. DISCUSSION 24 This order first considers Google’s request for incorporation by reference and 25 judicial notice. See Request for Judicial Notice (“RJN”) (dkt. 58). It next considers 26 Google’s argument that Plaintiffs consented to the data collection they allege in their 27 amended complaint. See Mot. at 5–8. It then addresses Google’s motion to dismiss in the 1 privacy claims (common law intrusion upon seclusion, invasion of privacy under the 2 California Constitution, and CIPA); (3) contract claims (breach of contract, implied 3 contract, and unjust enrichment); (4) UCL’s unlawful and unfair prongs; and (5) 4 declaratory judgment claim. 5 A. Incorporation by Reference (Exs. A–E, G–I) 6 Google seeks incorporation by reference of eight documents: two versions of its 7 Privacy Policy, RJN Exs. A & B; and the website and Android versions of its “Activity 8 Controls,” RJN Exs. C–E; G–I. See RJN at 3. Plaintiffs do not oppose this request. See 9 RJN Opp’n (dkt. 59). 10 The incorporation-by-reference doctrine “treats certain documents as though they 11 are part of the complaint itself.” Khoja v. Orexigen Therapeutics, Inc., 899 F.3d 988, 1002 12 (9th Cir. 2018). Documents are subject to incorporation by reference if a plaintiff refers to 13 them “extensively” or they form the basis of the complaint. Id. Courts may properly 14 assume the truth of documents incorporated by reference. Id. at 1003. But “it is improper 15 to assume the truth of an incorporated document if such assumptions only serve to dispute 16 facts stated in a well-pleaded complaint.” Id. 17 The Court’s prior order on Google’s first motion to dismiss found that both versions 18 of Google’s Privacy Policy were incorporated by reference. They remain so for the same 19 reasons, based on Plaintiffs’ many references to them in their amended complaint. See 20 Hammerling, 2022 WL 2812188, at *3; see also, e.g., Am. Compl. ¶¶ 24, 33, 62–63, 73– 21 74. 22 The amended complaint, additionally, both quotes directly and references Google’s 23 “Activity Controls,” or webpages through which Plaintiffs were able to choose what types 24 of their data Google may retain. RJN Exs. C–E; G–I. Plaintiffs provide two notices from 25 Hammerling’s Google account, both of which state that: “This activity was saved to your 26 Google Account because the following settings were on: additional Web & App Activity. 27 You can control these settings here.” Am. Compl. ¶¶ 19 fig. 1, 21 fig. 2. Plaintiffs then 1 linked page. Id. ¶¶ 23, 32, 183. Google provides those linked pages (one before the Web 2 & App Activity setting is enabled, the other after) as Exhibits C & D in its request for 3 judicial notice. See Kanig Decl. (dkt. 58-1) at 1; RJN Ex. C; Ex. D (“WAA Disclosure”). 4 Further, Google provides an additional disclosure that pops up when a user chooses to 5 enable the “[i]nclude Chrome history and activity from sites, apps, and devices that use 6 Google services” option on the Web & App Activity (“WAA”) page, which Google calls 7 the “Additional Web & App Activity” (“AWAA”) disclosure. See Kanig Decl. at 1; RJN 8 Ex. E (“AWAA Disclosure”). Exhibits G, H and I are those same pages, as they appear on 9 Android smartphones. Kanig Decl. at 2; RJN Exs. G–I. Plaintiffs do not dispute the 10 authenticity of these webpages, nor that they are provided when Android users alter their 11 WAA settings, as Google explains in its declaration. See RJN Opp’n. 12 The Court finds that each of these webpages are properly incorporated by reference. 13 The Amended Complaint both references and quotes directly (though selectively) from the 14 WAA Disclosure, which, in turn, when a particular setting is selected, allows the AWAA 15 Disclosure to pop up. See Am. Compl. ¶¶ 23, 32; WAA Disclosure; AWAA Disclosure. 16 These documents are thus part of a singular whole and must be considered together, 17 particularly where Plaintiffs complain that they were not adequately informed about the 18 types of data Google collects from their Android smartphones. Khoja, 899 F.3d at 1002; 19 Al-Ahmed v. Twitter, Inc., No. 21-CV-08017-EMC, 2022 WL 1605673, at *4 (N.D. Cal. 20 May 20, 2022); see also, e.g., Am. Compl. ¶¶ 19, 21, 23, 32, 34. Thus, the Court 21 incorporates by reference Exhibits A–E and G–I to Google’s request for judicial notice. 22 B. Judicial Notice (Exs. F, J, K) 23 Google additionally seeks judicial notice of three documents: a page from its Help 24 Center titled “Find & control your Web & App Activity”, see RJN Ex. F; a Privacy Policy 25 dated September 20, 2021 from the third-party app Wish, see RJN Ex. J; and an undated 26 disclosure from the Google Play Store regarding data collection by the third-party app 27 Groupon, see RJN Ex. K. Plaintiffs do not oppose the request as to the Help Center 1 disclosure. RJN Opp’n at 3. 2 Courts may take judicial notice of a fact that is “not subject to reasonable dispute,” 3 i.e., that is “generally known” or “can be accurately and readily determined from sources 4 whose accuracy cannot reasonably be questioned.” Fed. R. Evid. 201(b). “Publicly 5 accessible websites and news articles are among the proper subjects of judicial notice.” 6 Diaz v. Intuit, Inc., 15-cv-1778, 2018 WL 2215790, at *3 (N.D. Cal. May 15, 2018). 7 Courts may not, however, “take judicial notice of disputed facts contained in [] public 8 records.” Khoja, 899 F.3d at 999 (citation omitted). 9 Because Plaintiffs do not dispute the accuracy of the contents of the Help Center 10 webpage, and because webpages like this one are regularly the subject of judicial notice in 11 this circuit, the Court takes judicial notice of Exhibit F. See, e.g., Brown v. Google LLC, 12 No. 20-CV-03664-LHK, 2021 WL 6064009, at *6–7 (N.D. Cal. Dec. 22, 2021). 13 Plaintiffs do, however, argue that it is improper to take judicial notice of the Wish 14 Privacy Policy and the Groupon disclosure, because they “have nothing to do with 15 Plaintiffs’ allegations, which concern only Google’s collection and interception of data 16 from non-Google apps through Android OS,” and that “Google takes no steps to explain 17 how or if Plaintiffs would have seen these documents in the course of purchasing and 18 using their Android devices.” RJN Opp’n at 1 (emphasis omitted). 19 The Court disagrees with Plaintiffs’ contention that such disclosures “have nothing 20 to do with [their] allegations,” but declines to take judicial notice of them nonetheless. 21 While it may be true that these are the most recent privacy policy and data disclosure for 22 Wish and Groupon respectively, they may not contain the same disclosures that 23 Hammerling may have read when she downloaded the apps or used them from 2019 to 24 2021.2 They thus contain no facts that can be “judicially noticeable for [their] truth.” 25 Khoja, 899 F.3d at 999. Whether and to what extent Wish and Groupon alerted 26 Hammerling that her data might be shared, and whether or to what extent they proceeded 27 1 to share her data with third parties (perhaps Google), are questions of fact unresolved by 2 these disclosures and inappropriate to resolve on a motion to dismiss. 3 Thus, the Court takes judicial notice of Exhibit F but declines Google’s request to 4 take judicial notice of Exhibits J and K. 5 C. Consent 6 Google argues that, by including five allegations of data collection from 7 Hammerling’s Google account in the amended complaint, Hammerling admits to 8 consenting to the data collection practices at issue. Because Google fails to satisfy the 9 high bar for consent on a motion to dismiss, this argument fails. 10 In their amended complaint, Plaintiffs allege that Google tracked Hammerling’s 11 interaction with three third-party apps, including what product or service she viewed, the 12 date and time at which she viewed it, and the Google product she used at the time. See 13 Am. Compl. ¶¶ 19–21. Plaintiffs provide a notice from Google about the source of two 14 pieces of that data. Under a “Why is this here?” heading, the notice states: “This activity 15 was saved to your Google Account because the following settings were on: additional Web 16 & App Activity. You can control these settings here.” Id. ¶¶ 19 fig. 1, 21 fig. 2. Plaintiffs 17 claim that when they follow the link in those notices, Google states that if Web & App 18 Activity is enabled on that page, it will only “Save[] your activity on Google sites and 19 apps.” Id. ¶ 23. However, Google contends that Plaintiffs selectively quote from the Web 20 & App Activity page. See, e.g., Mot. at 6. Google provides the full Web & App Activity 21 disclosure, which also provides an additional choice for users to select: “Include Chrome 22 history and activity from the sites, apps, and devices that use Google services.” WAA 23 Disclosure; see also Ex. H (same). When users choose this setting, an additional 24 disclosure pops up, clarifying the “activity from sites, apps, and devices that use Google 25 services” that users may allow Google to collect, including: “app activity, including data 26 that apps share with Google”; and “Android usage and diagnostics, like battery level, how 27 often you use your device and apps, and system errors.” AWAA Disclosure; see also Ex. I 1 complaint indicates that the “additional Web & App Activity” setting was enabled, not just 2 the “Web & App Activity” setting, then Hammerling must have “necessarily reviewed” the 3 AWAA Disclosure in order to enable that setting. Reply (dkt. 61) at 3. It would follow 4 that Hammerling consented to disclosure of her activity on third party apps “that use 5 Google services,” because the AWAA Disclosure tells her so. Google argues that this 6 consent requires dismissal of Plaintiffs’ fraud, privacy, and contract claims. Mot. at 7. 7 This argument fails because Google’s provision of its current AWAA Disclosure 8 does not support the conclusion that Hammerling “necessarily reviewed” the same AWAA 9 Disclosure, and thus consented to it. Google provides only screenshots of the WAA and 10 AWAA Disclosures taken in September 2022. See Kanig Decl. at 1. Assuming that 11 Google’s Activity Controls were incorporated into its Privacy Policy, see id., there is no 12 indication that the disclosures in Google’s Activity Controls were the same when 13 Hammerling first enabled the setting, nor when her data was collected from third-party 14 apps from 2019 to 2021. See Am. Compl. ¶¶ 15, 19–21. For their part, while Plaintiffs 15 may admit that Hammerling enabled the setting at some point, and do admit that she 16 “necessarily saw” the WAA Disclosure,3 Plaintiffs do not admit that Hammerling saw the 17 AWAA Disclosure prior to Google’s request for judicial notice. See id. ¶ 23; see also 18 Opp’n at 16. Thus, it is possible that Hammerling enabled AWAA and did not see the 19 same, or any, disclosure regarding the additional data she was consenting to be collected 20 by Google.4 21 Google relies heavily on In re Facebook, Inc., Consumer Privacy User Profile 22 Litigation to argue that consent can be found on these facts, but that case is inapposite. In 23 24 3 It may be argued that because Plaintiffs admit that Hammerling “necessarily saw” the statement 25 at the top of the WAA Disclosure (“Saves your activity on Google sites and apps”) that she necessarily saw (and chose) the additional setting (“Include . . . activity from sites, apps, and 26 devices that use Google services”). But because the Court cannot conclude that the WAA Disclosure Hammerling saw was the same as the one provided by Google in its request for judicial 27 notice, consent cannot be found on this basis. 4 Indeed, it is not implausible that AWAA is, or at one point was, a default setting for Android 1 Facebook Consumer Privacy, Judge Chhabria found that language in Facebook’s 2 Statement of Rights and Responsibilities and its Data Use Policy disclosed to users that 3 others may share their information with app developers, and that users must take specific 4 steps to prevent this. 402 F. Supp. 3d 767, 792 (N.D. Cal. 2019). It followed that users 5 that did not adjust their settings accordingly were “deemed to have agreed to the language” 6 in Facebook’s policies. Id. at 792–93. Google argues that it flows from Facebook 7 Consumer Privacy that, by enabling “additional App & Web Activity,” consent must be 8 found here and Plaintiffs’ fraud, privacy, and contract claims must be dismissed on this 9 basis. Mot. at 7–8. 10 But a key aspect of Facebook Consumer Privacy was that Judge Chhabria only 11 found consent where the language in question was present at the time users signed up for 12 Facebook accounts in 2009. 402 F. Supp. 3d at 793–94. Whether users who signed up 13 before that language was added consented to it could not be resolved on a motion to 14 dismiss. Id. So too here: Google has not shown that the current AWAA Disclosure was 15 presented to users when Hammerling enabled the setting, and thus consent cannot be found 16 at this early stage as to her.5 What disclosure Hammerling was shown, and whether that 17 language is coextensive with the current AWAA Disclosure, would be questions of fact for 18 a later stage in the case. Nevertheless, Plaintiffs’ claims do not survive this motion to 19 dismiss because their amendments fail to cure the defects found in the Court’s prior order. 20 D. Fraud Claims (Claims 3, 4, and 5) 21 In its prior order, the Court dismissed Plaintiffs’ fraud claims because (1) Plaintiffs 22 failed to allege that they actually relied on any alleged misrepresentation; and (2) Google 23 lacked a duty to disclose any alleged omission. The Court dismissed the CLRA claim for 24 the additional reason that Plaintiffs failed to allege a transaction under the CLRA. 25 Because Plaintiffs fail to cure these deficiencies in the amended complaint, 26 27 5 Because it is not clear from the amended complaint whether Jackson enabled the AWA or 1 Google’s motion to dismiss is again granted as to the CLRA, UCL fraud prong, and 2 Section 1709 claims. 3 1. Misrepresentation 4 As the Court held in its prior order, to plausibly allege a CLRA, Section 1709, or 5 UCL fraud claim on a misrepresentation theory, “a plaintiff must allege that they relied on 6 a misrepresentation and suffered injury as a result.” Hammerling, 2022 WL 2812188, at 7 *6 (citing Moore v. Apple, Inc., 73 F. Supp. 3d 1191, 1200 (N.D. Cal. 2014)). In their 8 initial complaint, Plaintiffs merely alleged that they “relied upon” the alleged 9 misrepresentations “when setting up their Android Smartphones.” Compl. (dkt. 1) ¶ 52. 10 In their amended complaint, Plaintiffs identify additional alleged misrepresentations, see, 11 e.g., Am. Compl. ¶¶ 23–24, and allege that one plaintiff, Hammerling, “read Google’s 12 Privacy Policy,” and that she “did not understand this policy to mean (and did not agree) 13 that Google would collect sensitive data from non-Google apps.” Id. ¶ 25.6 This statement 14 again fails to plead reliance. The additional allegation that Hammerling read the Privacy 15 Policy does not state when she read the policy, nor whether she purchased her Android 16 smartphone in reliance on the alleged misrepresentations in the policy. See Hammerling, 17 2022 WL 2812188, at *6 (citing Davidson v. Apple, Inc., 16-cv-4942, 2017 WL 976048, 18 at *8 (N.D. Cal. Mar. 14, 2017), and Donohue v. Apple, Inc., 871 F. Supp. 2d 913, 925 19 (N.D. Cal. 2012)). 20 Plaintiffs make three arguments against dismissal based on reliance, all of which are 21 unpersuasive. 22 First, Plaintiffs argue that they need not plead actual reliance based on the Privacy 23 Policy because “there is no indication that Google made a different statement or changed 24 its policy before Plaintiff purchased her device to create a different result.” Opp’n at 14. 25 Whether or not this is true, it is beside the point, which is whether Plaintiffs relied on 26 particular alleged misrepresentations to purchase the phones, to their detriment. 27 1 Hammerling, 2022 WL 2812188, at *6. If Hammerling read the Privacy Policy after she 2 purchased the phone, even if it was unchanged from the policy that existed prior to her 3 purchase, she did not purchase the phone in reliance upon the representations in the policy. 4 Because Plaintiffs do not allege that Hammerling read the policy prior to her purchase, this 5 argument fails. 6 Second, Plaintiffs argue that their claims in the amended complaint arise not only 7 from the Privacy Policy but also from “the misrepresentations Google made on its settings 8 pages.” Opp’n at 15. Because Plaintiffs argue that they “could not have discovered” the 9 misrepresentations in these pages “until after purchasing their devices,” they need not 10 plead reliance prior to purchase. Id. Instead, they relied on these statements “by 11 continuing to use a device (and supply Google with data) when they otherwise would not 12 have if Google had disclosed the truth about its practices.” Id. But Plaintiffs cite only to 13 paragraphs in their amended complaint that reference only the fact that, had they known 14 “Google would collect [their] sensitive personal data without consent, [they] would not 15 have purchased, or would have paid significantly less for, [their] Android Smartphones.” 16 Am. Compl. ¶¶ 26, 35. They do not plead reliance based on continued use of their phones 17 after viewing the settings pages,7 and thus this theory too fails. 18 Third and finally, Plaintiffs argue that, with respect to their Section 1709 and UCL 19 claims, they allege that “Google’s collection of highly sensitive individualized data is a 20 cognizable harm,” and thus plead an injury of data collection separate and apart from their 21 purchase of the Android Smartphones. Opp’n at 15. Maybe so, but Plaintiffs do not plead 22 that they relied on a misrepresentation and suffered this injury as a result. See 23 Hammerling, 2022 WL 2812188, at *6. Rather, they only state that Google’s data 24 collection “necessarily occurs after Google misrepresented what data it would collect.” 25 Opp’n at 15. Because this is not an allegation of reliance on the misrepresentation, but 26 merely alleging that the alleged misrepresentation was made before the injury, this 27 1 argument also fails. 2 Therefore, to the extent Plaintiffs’ fraud claims are based on a misrepresentation 3 theory, they do not survive Google’s motion to dismiss. 4 2. Omission 5 In its prior order, the Court dismissed Plaintiffs’ fraud claims based on an omission 6 theory because in order to plead that Google had a duty to disclose the omitted fact, 7 Plaintiffs must allege that omitted information was “central to the product’s function.” 8 Hammerling, 2022 WL 2812188, at *8–9 (quoting Hodsdon v. Mars, Inc., 891 F.3d 857, 9 863 (9th Cir. 2018)). The Court concluded that because Google’s collection of data from 10 non-Google apps does not render the Plaintiffs’ smartphones “incapable of use” and does 11 not prevent their phones from “performing a critical or integral function,” any fraud claims 12 based on an omission theory must be dismissed. Id. at *9 (quoting Knowles v. ARRIS 13 Int’l PLC, 847 F. App’x 512, 513–14 (9th Cir. 2021), and Ahern v. Apple Inc., 411 F. 14 Supp. 3d 541, 567 (N.D. Cal. 2019)). Plaintiffs’ argument on this point—that “Google’s 15 secret collection of non-Google app data from Android device users impacts its ‘central 16 function’ because privacy is a key—if not the only—consideration in selecting a mobile 17 device”—is nearly identical to the one the Court dismissed in its prior order, and the Court 18 is not persuaded a second time. Opp’n at 17; Hammerling, 2022 WL 2812188, at *8 19 (finding that the argument that “[u]sing apps is at the heart of the smartphone experience” 20 does not prevent a smartphone from “performing a critical or integral function” or 21 otherwise render it “incapable of use”).8 22 In addition, to the extent that Plaintiffs allege a partial omission theory by alleging 23 that Hammerling reviewed the Privacy Policy, this new allegation still cannot survive a 24 motion to dismiss because it still does not meet the 9(b) standard. In its prior order, the 25 26 8 Plaintiffs’ reference to Flores-Mendez v. Zoosk, Inc., 20-cv-4929, 2022 WL 357500, at *4 (N.D. 27 Cal. Feb. 7, 2022), does not convince the Court otherwise. That case was about a data breach of a dating website, where plaintiffs submitted “reputationally sensitive” “data about [their] romantic 1 Court found that the Plaintiffs cannot rely on this theory because “Plaintiffs do not allege 2 that they ever read the Policy before (or after) purchasing their Android smartphones, 3 without which they could not have relied on this ‘partial omission.’” Hammerling, 2022 4 WL 2812188, at *7 n.7 (citing Anderson v. Apple, Inc., 500 F. Supp. 3d 993, 1018 (N.D. 5 Cal. 2020)). Plaintiffs argue that because the amended complaint alleges that Hammerling 6 read the Privacy Policy at an unspecified time, and because she “did not understand this 7 policy to mean (and did not agree) that Google would collect sensitive data from non- 8 Google apps,” that they have plausibly pleaded a partial omission. Opp’n at 16; Am. 9 Compl. ¶ 25. But, as discussed above, the amended complaint does not specify when 10 Hammerling reviewed the Privacy Policy—if it was prior to purchasing her smartphone, or 11 after her purchase and during its use. Further, while Plaintiffs’ opposition states that they 12 “necessarily saw” the alleged partial omissions in the WAA Disclosure, Plaintiffs do not 13 allege in their amended complaint that they ever actually encountered that disclosure prior 14 to reviewing Hammerling’s data notices. See Am. Compl. ¶¶ 19–23, 32. While Plaintiffs 15 are correct that alleging that one plaintiff has at least encountered the Privacy Policy is 16 more than the Anderson court had, the amended complaint still fails to allege Plaintiffs’ 17 encounters with these alleged partial omissions with 9(b) particularity. See Anderson, 500 18 F. Supp. 3d at 1019.9 19 3. CLRA 20 In its prior order, the Court held that to state a qualifying transaction under the 21 CLRA, a plaintiff must plead that the defendant is either “(1) the manufacturer of the 22 product or (2) a party that received some portion of the product’s sale.” Hammerling, 2022 23 WL 2812188, at *10. Because Plaintiffs pleaded neither, the Court dismissed the CLRA 24 claim on this additional ground. Id. In their amended complaint, Plaintiffs attempt to cure 25 this defect by alleging that Google earns “substantial profit through Android Smartphones 26 27 9 Because the Court dismisses Plaintiffs’ fraud claims based on an omission theory for these 1 that incorporate Android OS.” Am. Compl. ¶ 45. But while Plaintiffs may have alleged 2 that Google may profit off of a user’s ownership and continued use of a device running on 3 Android OS, they fail to allege that Google made any money directly off of the sale of 4 Hammerling and Jackson’s devices (nor any devices manufactured by third parties). See 5 Decarlo v. Costco Wholesale Corp., 14-cv-202, 2020 WL 1332539, at *9 (S.D. Cal. Mar. 6 23, 2020). Plaintiffs thus still fail to plead a qualifying transaction under the CLRA. 7 Because Plaintiffs’ fraud claims fail for the foregoing reasons, the Court grants 8 Google’s motion to dismiss the CLRA, UCL fraud prong, and Section 1709 claims. 9 E. Privacy Claims (Claims 1, 2, and 10) 10 In its prior order, the Court dismissed Plaintiffs’ privacy claims because (1) 11 Plaintiffs failed to plead that the intrusion was “highly offensive”; and (2) as to the CIPA 12 claim, they failed to plead that Google learned the “contents” of their interactions with 13 third-party apps. 14 Because Plaintiffs again fail to plausibly plead these claims in their amended 15 complaint, Google’s motion to dismiss is granted as to the common-law privacy claim, the 16 constitutional privacy claim, and the CIPA claim. 17 1. Privacy Under the Common Law and State Constitution 18 In its prior order, the Court found that while Plaintiffs had alleged a reasonable 19 expectation of privacy in the frequency and duration of their use of third-party apps, they 20 had not plausibly alleged that that intrusion was “highly offensive.” Hammerling, 2022 21 WL 2812188, at *10–11. In their amended complaint, Plaintiffs attempt to cure this defect 22 by pointing out the third-party apps that they used and what those apps may have told 23 Google about them, as well as five allegations of specific data collection of Hammerling’s 24 activity on three third-party apps. See Am. Compl. ¶¶ 18–21, 30. Because these 25 allegations still fail to amount to a “highly offensive” intrusion,10 Plaintiffs’ privacy 26 27 10 Because the Court does not find that Plaintiffs consented to this data collection, see supra Section III.C, it does not accept Google’s argument that Plaintiffs have failed to plead a reasonable 1 claims under the common law and state constitution must again be dismissed. 2 To determine whether an intrusion was highly offensive, courts consider factors 3 such as “the likelihood of serious harm to the victim, the degree and setting of the 4 intrusion, the intruder’s motives and objectives, and whether countervailing interests or 5 social norms render the intrusion inoffensive.” In re Facebook, Inc. Internet Tracking 6 Litig., 956 F.3d 589, 606 (9th Cir. 2020). The Court found in its prior order that Plaintiffs 7 had not alleged “that the data allegedly collected by Google is sufficiently specific or 8 personal, and its collection sufficiently harmful, to be highly offensive.” Hammerling, 9 2022 WL 2812188, at *12. Taking Plaintiffs’ new allegations one by one, they still do not 10 reach this bar. 11 First, Plaintiffs allege the personal information that Google may have gleaned from 12 their use of their third-party apps: Hammerling’s bank and where she kept her investments, 13 through her use of the Fidelity Investments and Bank of America apps; what car she drove, 14 through her use of the MyMazda app; where she reads her news and her interest in 15 cooking, through her use of the New York Times and NYT Cooking apps; and that she 16 was physically active and interested in straightening her teeth, through use of related apps. 17 Am. Compl. ¶ 18. Plaintiffs allege that information about Jackson’s religious beliefs could 18 be gleaned from her use of various religious apps, and her interest in privacy through her 19 use of a privacy browser. Id. ¶ 30. 20 These allegations still do not render any tracking of the use of these apps highly 21 offensive. Fundamentally, Plaintiffs do not allege that Google could glean any personal 22 information from these apps’ frequency of use or duration; Plaintiffs simply allege that 23 Google could learn personal information about them through their download of third-party 24 apps alone. See Opp’n at 7. But Google already discloses that it does collect information 25 when a user installs an app from the Google Play Store onto their device. RJN Ex. A at 3 26 (“We collect this information when a Google service on your device contacts our servers – 27 1 for example, when you install an app from the Play Store . . . .”); id. (“This information 2 includes things like your device type, carrier name, crash reports, and which apps you’ve 3 installed.”). Plaintiffs do not allege that any tracking of the frequency or duration of use of 4 these apps would allow Google to gain any other particular knowledge about them that was 5 not already disclosed from the download of the apps themselves. See, e.g., Hammerling, 6 2022 WL 2812188, at *13. As a result, such an intrusion is not highly offensive. 7 Second, Plaintiffs allege that Google has collected more granular information from 8 Hammerling’s interaction with three third-party apps.11 Specifically, Plaintiffs allege 9 notices from Google that Hammerling (1) visited the Wish app on March 10, 2021 and 10 viewed a foot massager, and on March 3, 2021 and viewed “womens slippers size 9”; (3) 11 visited the Groupon app and viewed deals for “78% off Anti-inflammatory Meal 12 subscriptions” on October 13, 2019 and “100% Extra Virgin Coconut Oil” on May 10, 13 2020; and (3) visited the Picsart Photo & Video Editor app on March 8, 2021. Am. Compl. 14 ¶¶ 19–21. While more specific than the first alleged data collection, this data still is not 15 sufficiently personal, nor its collection sufficiently harmful, to be highly offensive. 16 First, it is mentioned in the Privacy Policy and WAA Disclosure that Google can, 17 and does, collect data from non-Google apps that use Google services. See, e.g., RJN Ex. 18 A at 4 (“The activity information we collect may include . . . [a]ctivity on third-party sites 19 and apps that use our services.”); WAA Disclosure (“Include Chrome history and activity 20 from sites, apps, and devices that use Google services”). While the Court cannot conclude 21 that Plaintiffs have affirmatively consented to the collection of this data, see supra Section 22 III.C, this data collection is also not “blatantly deceitful,” as in other cases where highly 23 offensive intrusions have been found. See Hammerling, 2022 WL 2812188, at *12 (citing 24 Facebook Tracking, 956 F.3d at 603). Plaintiffs have not alleged, for example, that they 25 understood that Wish, Groupon, and Picsart did not use Google services, or that they had 26 27 11 Plaintiffs do not allege any specific interaction with third-party apps that was linked to 1 disabled Google’s ability to collect such data from third-party apps that use Google 2 services prior to these specific instances of data collection. And as Plaintiffs themselves 3 point out, they have access to this data collection via their Google accounts, where they 4 can “control the[] settings” that allow the collection to occur. Am. Compl. ¶¶ 19, 21. This 5 data collection was not “surreptitious” and thus less likely to be found to be highly 6 offensive. Facebook Tracking, 956 F.3d at 606 & n.8. 7 Second, and most fundamentally, the data collected from these particular intrusions 8 is not sufficiently egregious to be characterized as highly offensive. Hammerling’s 9 searches of a foot massager, slippers, meal subscriptions, coconut oil, and use of a photo 10 editor are better characterized as data collection of “routine commercial behavior,” not 11 considered a highly offensive intrusion of privacy in this district. See Low v. LinkedIn 12 Corp., 900 F. Supp. 2d 1010, 1025 (N.D. Cal. 2012); see also Hammerling, 2022 WL 13 2812188, at *12 (citing In re Google Inc. Priv. Pol’y Litig., 58 F. Supp. 3d 968, 988 (N.D. 14 Cal. 2014), and In re iPhone Application Litig., 844 F. Supp. 2d 1040, 1063 (N.D. Cal. 15 2012)). Though Plaintiffs have pleaded that Google has collected these five pieces of de- 16 anonymized disparate information,12 they do not plausibly allege that Google has recorded 17 “each and every intimate interaction taken on the users’ devices, allowing Google to 18 19 20 12 In its prior order, the Court found that, even if the data described by Plaintiffs were de- anonymized, it still does not amount to a highly offensive intrusion. See Hammerling, 2022 WL 21 2812188, at *12 n.11. The Court is not persuaded to alter this finding based on the cases provided by Plaintiffs. In Revitch v. New Moosejaw, LLC, 18-cv-6827, 2019 WL 5485330 (N.D. Cal. Oct. 22 23, 2019), Judge Chhabria found that a jury could conclude that an intrusion was highly offensive in part because Revitch alleged that defendants “scanned Revitch’s computer for files that 23 revealed his identity and browsing habits.” Id. at *3. No similarly invasive intrusion is alleged here. In McDonald v. Kiloo ApS, 385 F. Supp. 3d 1022 (N.D. Cal. 2019), plaintiffs alleged that 24 gaming apps targeted toward minor children collected user data and disseminated it to third parties in order to “track, profile, and target children with targeted advertising,” and the Court could not 25 find that such an intrusion was not highly offensive on a motion to dismiss. Id. at 1029–30, 1035– 36. This case concerns neither alleged data collection from and targeting of minor children, nor 26 dissemination to third parties. Finally, in Rodriguez v. Google LLC, 20-cv-4688, 2021 WL 2026726 (N.D. Cal. May 21, 2021), plaintiffs did not allege that they enabled WAA. Id. at *8. In 27 this case, while consent cannot be found at this stage, Plaintiffs have at least alleged that WAA was enabled, and thus it cannot be said that Google “set an expectation” that such data would not 1 develop comprehensive profiles on its users.” Opp’n at 9.13 Thus, Google’s motion to 2 dismiss as to Plaintiffs’ common-law and constitutional privacy claims is granted. 3 2. CIPA Claim 4 In its prior order, the Court dismissed Plaintiffs’ CIPA claim because they failed to 5 plausibly allege that, by tracking the frequency and duration of Plaintiffs’ use of third- 6 party apps, Google learned the “contents” of Plaintiffs’ communications with those apps, 7 as required under § 631. Hammerling, 2022 WL 2812188, at *14–15; see also Cal. Pen. 8 Code § 631. In response to their amended complaint, Google argues that Plaintiffs still fail 9 to make out a CIPA claim, because: (1) Plaintiffs’ new allegations are still not the 10 “contents” of a communication within the meaning of § 631; (2) Plaintiffs do not plausibly 11 allege that Google intercepted their data while “in transit”; and (3) Plaintiffs do not allege 12 that the interception occurred within the state of California.14 13 a. Contents 14 While the Court held in its prior order that the information alleged—when and for 15 how long Plaintiffs used third-party apps on their Android devices—was not the “contents” 16 of Plaintiffs’ communications under the CIPA, Hammerling, 2022 WL 2812188, at *14– 17 15, the amended complaint cures this defect. Plaintiffs now allege that Google not only 18 collected data regarding “when and how often they interact” with third party apps, but 19 particular activity on those apps, including products they searched for and services they 20 21 13 The Court is similarly unpersuaded that Plaintiffs’ alleged motive for Google’s data 22 collection—that “Google was using the data for its own purposes,” see Opp’n at 6—alters this conclusion. Google’s Privacy Policy states that it uses the information it collects to “build better 23 services,” including to “[m]aintain and improve [its] services,” “[d]evelop new services,” and “[p]rovide personalized services, including content and ads.” RJN Ex. A at 5; see also RJN Ex. C 24 (“The data saved in your account helps give you more personalized experiences across all Google services.”). The provision of new, improved, and more personalized services is fundamentally 25 compatible with, and largely indistinguishable from, Google’s “commercial purposes.” See, e.g., Am. Compl. ¶ 33. 26 14 Google makes two additional arguments: (1) that because Plaintiffs consented to the data collection, it cannot be unauthorized; and (2) that Hammerling’s interactions with Wish, Groupon, 27 and Picsart are not “communications” as a matter of law. Mot. at 17. Because the Court does not find that Plaintiffs consented, it does not accept Google’s first argument; and because the Court 1 used within the application. Am. Compl. ¶¶ 19–21; Hammerling, 2022 WL 2812188, at 2 *1. This suffices to plead that the information at issue is “contents” under the CIPA. Cf. 3 Facebook Tracking, 956 F.3d at 605 (“These terms and the resulting URLs could divulge a 4 user’s personal interests, queries, and habits on third-party websites operating outside of 5 Facebook’s platform.”). 6 b. “In Transit” 7 However, Plaintiffs have not plausibly pleaded that those contents were intercepted 8 while “in transit.” Cal. Pen. Code § 631. In their amended complaint, Plaintiffs only 9 allege that Google collected “real-time data” about their use of third-party apps: See Am. 10 Compl. ¶ 4 (“Google employees have been able to monitor and collect real-time sensitive 11 personal data . . . .”); id. ¶ 49 (quoting the Committee on the Judiciary’s description of 12 Google’s data collection as “a covert effort to track real-time data on the usage and 13 engagement of third-party apps”); id. ¶ 53 (quoting the Committee on the Judiciary’s 14 conclusion that “Google’s internal reports show that Google was tracking in real-time the 15 average number of days users were active on any particular app”). Plaintiffs argue that this 16 plausibly alleges that Google “monitored and collected sensitive data in real time as users 17 were interacting with third-party apps.,” and thus that it intercepts that data while “in 18 transit.” Opp’n at 10. 19 But allegations that Google collects “real-time data” do not plausibly allege that 20 Google collects data while “in transit.” It is, for example, beyond dispute that Google 21 collected Hammerling’s “real-time data” from her visit to the Wish app on March 10, 22 2021. See Am. Compl. ¶ 19 fig.1. But that fact does not plausibly allege that Google 23 intercepted that data at that time; it may have collected that data from Wish at a later date. 24 Simply put, real-time data need not be collected in real time, and Plaintiffs do not plausibly 25 allege any mechanism that would allow Google to do so. See Rodriguez v. Google LLC, 26 20-cv-4688, 2022 WL 214552, at *2 (N.D. Cal. Jan. 25, 2022); In re Vizio, Inc., Consumer 27 1 Priv. Litig., 238 F. Supp. 3d 1204, 1228 (C.D. Cal. 2017).15 2 c. Intercepted in California 3 Further, Plaintiffs fail to allege that the data in question was intercepted in 4 California, as is required under the CIPA. Cal. Pen. Code § 631 (“passing over any wire, 5 line, or cable, or is being sent from, or received at any place within this state”). Plaintiffs 6 argue that they have alleged that “all of Google’s conduct occurs from within California 7 where it is headquartered and the data at issue is collected, stored, and used.” Opp’n at 11. 8 While it may well be true that the data at issue is “collected, stored, and used” in 9 California, that allegation is nowhere to be found in the amended complaint. See Am. 10 Compl. ¶ 12 (alleging that the Court has personal jurisdiction over Google because “its 11 principal place of business is in California” and “a substantial part of the events and 12 conduct giving rise to Plaintiffs’ claims occurred in California”); id. ¶ 13 (asserting that 13 venue is proper); id. ¶ 116 (alleging that Google “conduct[s] substantial business in 14 California”); id. ¶ 117 (“California is the state from which Google’s alleged misconduct 15 emanated.”). The fact that Plaintiffs are out-of-state residents or that California law 16 applies, see id. ¶¶ 15, 27, 114, has no bearing on whether the interception at issue took 17 place in California. Because Plaintiffs do not plead this element, their CIPA claim fails for 18 this additional reason. 19 Accordingly, Google’s motion to dismiss is granted with respect to Plaintiffs’ CIPA 20 claim. 21 F. Contract Claims (Claims 6, 7, 8) 22 In its prior order, the Court found that: (1) Plaintiffs had failed to allege a promise 23 that Google had breached; (2) Plaintiffs cannot allege an implied contract where an express 24 contract already exists covering the same subject matter; and (3) Plaintiffs cannot allege an 25 26 15 This case is distinguishable from Campbell v. Facebook, Inc., 77 F. Supp. 3d 836 (N.D. Cal. 27 2014), and In re Carrier IQ, 78 F. Supp. 3d 1051 (N.D. Cal. 2015), where the parties alleged the mechanisms by which the defendant allegedly intercepted the messages at issue. Campbell, 77 F. 1 unjust enrichment claim when they fail to plead that Google committed an actionable 2 misrepresentation or omission. Because Plaintiffs’ amended complaint does not cure these 3 deficiencies, Google’s motion to dismiss as to the contract claims is granted. 4 1. Breach of Contract 5 In its prior order, the Court found that the statements in the Privacy Policy 6 highlighted by Plaintiffs “do not plausibly amount to a promise to collect data only from 7 Google apps or third-party apps that use Google services.” Hammerling, 2022 WL 8 2812188, at *16. In their amended complaint, Plaintiffs still fail to allege such an express 9 promise. 10 Plaintiffs cite statements characterizing the Privacy Policy, such as that it is “meant 11 to help users understand what information [Google] collect[s], why [it] collect[s] it, and 12 how [users] can update, manage, export, and delete their information,” and that it attempts 13 to explain these issues “as clearly as possible.” RJN Ex. A at 1. As found in the Court’s 14 prior order, such statements are not express promises, but aspirational and prefatory 15 statements. Hammerling, 2022 WL 2812188, at *16. Regarding Google’s Activity 16 Controls, Plaintiffs point to statements like users “have choices regarding the information 17 [Google] collect[s] and how it’s used” via “key controls for managing your privacy across 18 [its] services.” Opp’n at 2 (quoting RJN Ex. A at 7–8); see also Opp’n at 3 (stating that the 19 WAA setting “[s]aves your activity on Google sites and apps” (quoting WAA Disclosure) 20 (emphasis omitted)). But Plaintiffs do not allege that Google has failed to provide such 21 choices, or that Plaintiffs have not been able to use those controls; in fact, they allege that 22 they have enabled particular settings in Google’s Activity Controls. See Am. Compl. ¶¶ 23 19, 21. Plaintiffs further argue that the introductory statements in the Privacy Policy, 24 combined with the statements regarding the Activity Controls, represent to users that 25 “Google had provided them a comprehensive list of all the data Google collects and why.” 26 Opp’n at 7. But an express promise of such a “comprehensive list” was never made. See 27 Hammerling, 2022 WL 2812188, at *16; RJN Ex. A (“The activity information we collect 1 apps, and devices that use Google services”). And while Google states that it collects data 2 to give users “more personalized experiences,” it does not promise that that is the only 3 reason it collects such data. See WAA Disclosure; see also RJN Ex. A at 5 (stating in the 4 Privacy Policy that Google uses the information it collects to “build better services,” 5 including to “[m]aintain and improve [its] services,” “[d]evelop new services,” and 6 “[p]rovide personalized services”). Taken together, these statements do not allege a 7 promise that has been breached.16 8 2. Implied Contract 9 In its prior order, the Court dismissed Plaintiffs’ implied contract claim because 10 “there is a valid express contract covering the subject matter,” which requires the dismissal 11 of any implied contract claim. See Hammerling, 2022 WL 2812188, at *16 (quoting Be 12 In, Inc. v. Google Inc., 12-cv-3373, 2013 WL 5568706, at *5 (N.D. Cal. Oct. 9, 2013)). 13 Because there is still an express contract governing the subject matter of the implied 14 contract claim—the “scope and purpose of data collection”—the implied contract claim 15 must again be dismissed. Id.17 16 3. Unjust Enrichment 17 In its prior order, the Court found that because Plaintiffs failed to allege an 18 actionable misrepresentation or omission, Plaintiffs’ unjust enrichment claim could not 19 stand. Hammerling, 2022 WL 2812188, at *17. Because the Court again finds that 20 Plaintiffs’ fraud claims cannot survive a motion to dismiss, their unjust enrichment claims 21 22 16 Plaintiffs’ reliance on Brown v. Google LLC, 20-cv-3664, 2021 WL 6064009 (N.D. Cal. Dec. 23 22, 2021), is misplaced. In that case, Google had made express promises that it would not save particular data while users were in Incognito mode. See, e.g., id. at *13 (“Chrome won’t save . . . 24 [y]our browsing history [or] [c]ookies and site data.”). No similar promises were made here. 17 Plaintiffs argue that, because “Google seeks to expand the scope of the case beyond” the 25 Privacy Policy at issue in the Court’s prior order to additional disclosures in Google’s Activity Controls, Opp’n at 13, that an implied contract is created when considering those documents in 26 addition to the Privacy Policy. First, Plaintiffs referred to (but did not attach) additional documents in the amended complaint; so Plaintiffs themselves expanded the scope of the case. 27 See Am. Compl. ¶¶ 23, 32. But second, and more fundamentally, Google’s Activity Controls are incorporated into the Privacy Policy, and thus are part of the express contract between Google and 1 must also be dismissed.18 2 G. Remaining UCL Claims 3 In its prior order, the Court found that because Plaintiffs’ predicate claims failed, 4 their UCL claims under the unlawful prong must fail. Hammerling, 2022 WL 2812188, at 5 *15. Additionally, because “the ‘conduct’ on which Plaintiffs base their claims under all 6 three UCL prongs is the same,” the UCL claims under the unfair prong must also fail. Id. 7 at *15. Because the Plaintiffs’ predicate claims in their amended complaint still fail, 8 Plaintiffs cannot allege a claim under the unlawful prong. 9 Plaintiffs argue that their claim under the unfair prong should survive nonetheless, 10 because “Google’s covert collection of consumer data without consent directly violates 11 California’s strong public policy of protecting privacy rights.” Opp’n at 19 (citing 12 Cappello v. Walmart, Inc., 394 F. Supp. 3d 1015, 1024 (N.D. Cal. 2019)). But in Cappello 13 the plaintiffs had survived a prior motion to dismiss on a privacy claim; here, the Court 14 dismisses each of Plaintiffs’ privacy claims. Cappello, 394 F. Supp. 3d at 1017; see also 15 supra Section III.E. Therefore, because “the unfair prong of the UCL cannot survive if the 16 claims under the other two prongs . . . do not survive,” Plaintiffs’ claim under the unfair 17 prong must be dismissed. Hammerling, 2022 WL 2812188, at *15 (quoting Eidmann v. 18 Walgreen Co., 522 F. Supp. 3d 634, 647 (N.D. Cal. 2021)). 19 Thus, Plaintiffs’ remaining UCL claims are dismissed. 20 H. Declaratory Judgment (claim 9) 21 Finally, Plaintiffs renew their claim for relief under the Declaratory Judgment Act. 22 Because “if the underlying claims are dismissed, . . . then there is no basis for any 23 declaratory relief,” the Court grants the motion to dismiss on this claim. Hammerling, 24 2022 WL 2812188, at *17 (quoting Muhammad v. Conner, 10-cv-1449, 2012 WL 25 26 18 Plaintiffs’ reference to In re Google Location Hist. Litig., 514 F. Supp. 3d 1147 (N.D. Cal. 2021) does not convince the Court otherwise. That case concerned collection and storage of 27 location data, which is only discussed briefly in the Privacy Policy and not at all in the Terms of Service. Id. at 1159. Conversely, the collection of the types of user data at issue in this case is 1 || 2428937, at *3 (N.D. Cal. June 26, 2012)). 2 || IV. CONCLUSION 3 For the foregoing reasons, the Court GRANTS Google’s motion to dismiss as to all 4 || claims. Because Plaintiffs have failed to cure the deficiencies in their initial complaint, the 5 |} Court dismisses Plaintiffs’ claims with prejudice. See Leadsinger, 512 F.3d at 532. 6 IT ISSO ORDERED. iE 7 Dated: December 1, 2022 CHARLES R. BREYER 8 United States District Judge 9 10 11 12 E 13 (| 15 16 5 17 5 18 19 20 21 22 23 24 25 26 27 28
Document Info
Docket Number: 3:21-cv-09004
Filed Date: 12/1/2022
Precedential Status: Precedential
Modified Date: 6/20/2024