Austin-Spearman v. AARP & AARP Services Inc. , 119 F. Supp. 3d 1 ( 2015 )


Menu:
  •                             UNITED STATES DISTRICT COURT
    FOR THE DISTRICT OF COLUMBIA
    )
    Ethel Austin-Spearman,                           )
    )
    Plaintiff,                        )
    )
    v.                                        )       Civil Action No. 14-cv-1288 (KBJ)
    )
    AARP and AARP Services Inc.,                     )
    )
    Defendants.                       )
    )
    MEMORANDUM OPINION
    Plaintiff Ethel Austin-Spearman is an internet savvy woman. According to her
    complaint, she became a member of Facebook’s social network in 2007, and she
    frequently accesses that website and others through the web browser on her computer.
    (See Am. Compl., ECF No. 23, ¶¶ 71–72.) Moreover, whenever Austin-Spearman
    registers for a new online service, she diligently reads the website’s Terms of Service
    and the Privacy Policy. (See id. ¶ 77.) 1 It is the terms of the Privacy Policy on the
    AARP’s internet website that have given rise to the instant action—Austin-Spearman
    alleges that Defendants AARP and AARP Services Inc. (collectively, “Defendants”)
    have violated the Privacy Policy because the AARP’s website is configured to permit
    companies like Facebook and Adobe to collect personally identifiable information
    1
    A website’s Terms of Service “describe the terms and conditions that govern the relationship between
    the user of a Web site and its operator.” Jonathan D. Frieden, Essential Elements of Effective Terms of
    Use, 18 J. Internet L. 3 (2014). Similarly, a website’s Privacy Policy “explain[s] how the [website
    operator] applies specific fair information practices to the collection, use, storage, and dissemination of
    personal information” that website users provide to the website operator in the course of using the
    website. Corey A. Ciocchetti, E-Commerce and Information Privacy: Privacy Policies As Personal
    Information Protectors, 44 Am. Bus. L. J. 55, 68 (2007).
    (“PII”) about the user. 2 Austin-Spearman’s class action complaint contains five
    counts—breach of contract, unjust enrichment, intentional misrepresentation, fraud by
    omission, and violation of the D.C. Consumer Protection Procedures Act (“DCCPPA”),
    
    D.C. Code §§ 28-3901
     to 28-3913 (2012)—and Austin-Spearman maintains that
    Defendants’ breach of the AARP’s own privacy promises has injured her economically
    because she would not have tendered the fee to purchase an AARP membership had she
    known that the organization would permit the collection of her PII by Facebook and
    other third parties.
    Before this Court at present is Defendants’ motion to dismiss the complaint for
    lack of Article III standing and for failure to state a claim upon which relief can be
    granted. For the reasons explained below, this Court finds that the complaint’s
    allegations are insufficient to establish that Defendants’ practices regarding user data
    violate the AARP’s internet Privacy Policy, and in any event, it is entirely implausible
    that Austin-Spearman has suffered the injury she relies upon for standing (an economic
    injury) as a result of the AARP’s purported violation of its internet-usage Privacy
    Policy. Therefore, the Court concludes that Austin-Spearman does not have Article III
    standing to sue, and as a result, Defendants’ motion to dismiss the complaint will be
    GRANTED. A separate order consistent with this opinion will issue.
    2
    There is no “uniform definition” of the term “personally identifiable information,” Paul M. Schwartz
    & Daniel J. Solove, The Pii Problem: Privacy and A New Concept of Personally Identifiable
    Information, 
    86 N.Y.U. L. Rev. 1814
    , 1816 (2011); however, Plaintiff’s complaint lists the following
    examples: name, age, race, email address, state of residence, health insurance information, employment
    data, and family demographic information (see Am. Compl. ¶ 48).
    2
    I.        BACKGROUND
    A.     Plaintiff’s Allegations
    In late 2010, longtime Facebook member and an experienced internet user
    Austin-Spearman navigated to www.aarp.org to learn about AARP membership. (See
    Am. Compl. ¶¶ 72–73.) 3 The AARP is an organization that advocates for people over
    the age of 50; the fee that one pays to become an AARP member supports the
    organization’s lobbying and litigation efforts, and AARP members also have access to
    “discounts on shopping, dining, and travel as well as financial and insurance-related
    products and services.” (Id. ¶ 1.) A person who is 50 years of age or older can become
    a member of the AARP by mailing in a paper form along with the requisite membership
    fee, or by purchasing a membership online, through the AARP’s website. (See 
    id. ¶¶ 19, 23
    .) Paid AARP members may then opt to establish an online account with the
    organization, which is accomplished by creating login credentials—a user name and
    password—and also by “enter[ing] their demographic information (first name, last
    name, country, zip code, and birthday) on AARP’s website.” (Id. ¶ 23.) Notably, the
    AARP’s website is set up such that any person can create an online AARP account
    without first becoming an AARP member; however, AARP members must register
    online if they wish to access certain discounts and special offers that are available to
    AARP members only through the member’s AARP online account. (See 
    id. ¶¶ 2, 20
    .)
    Austin-Spearman purchased a three-year AARP membership for $43 through
    AARP’s website (see 
    id. ¶ 74
    ); then, she proceeded to create an online AARP account
    (see 
    id. ¶ 77
    ). To establish her account, Austin-Spearman entered the requisite
    3
    The AARP was formerly called the American Association of Retired Persons.
    3
    registration information, and she also viewed, and agreed to, AARP’s Privacy Policy.
    (See 
    id. ¶ 77
    )
    The terms of AARP’s online Privacy Policy are central to the parties’ dispute,
    and they are recited in detail in Plaintiffs’ complaint. 4 The Privacy Policy is seven-
    pages long and is divided by subject-matter into twelve sections; as a general matter,
    the policy explains the types of information that are captured when people visit the
    AARP website. Section 3—which is entitled “Information We Collect From You”—
    states, in relevant part, that
    [w]hen you join AARP, we collect basic information such as
    your name, contact information, preferences and date of
    birth. We collect information about your participation in
    AARP activities, including member services and discounts
    obtained by using your membership card.
    AARP also collects information on our website. We collect
    both information that identifies you as a particular
    individual (“personally identifiable information”) and
    anonymous information that is not associated with a specific
    individual (“nonpersonally identifiable information”). When
    you visit our website, some information may be collected
    automatically as part of the site’s operation. We also collect
    information we receive from you during online registration
    and when you complete other forms.
    4
    Neither Plaintiff nor Defendants attached the entire Privacy Policy to their pleadings; however,
    Plaintiff notes in the complaint that “AARP’s Privacy Policy is displayed” at “www.AARP.org/about-
    aarp/info-05-2010/privacypolicy.html” (Am. Compl. ¶ 25), and the complaint includes screenshots of
    paragraphs from the privacy policy document as it appears on the website (see 
    id.
     ¶¶ 27–28; Fig. 2).
    Moreover, at the hearing on Defendants’ Motion to Dismiss, both Plaintiff and Defendants agreed that
    AARP’s entire Privacy Policy—and not just the portions quoted in the complaint—has been
    incorporated into Plaintiff’s complaint and that the Court may therefore consider the entire Privacy
    Policy when ruling on the motion to dismiss. (See Hr’g Tr. at 45:4–12.) See also Equal Empl.
    Opportunity Comm’n v. St. Francis Xavier Parochial Sch., 
    117 F.3d 621
    , 624 (D.C. Cir. 1997) (noting
    that, when presented with a motion to dismiss, a court may consider “documents . . . incorporated in the
    complaint”). Therefore, the Court will assume that the privacy policy at the web address provided by
    the Plaintiff is the same privacy policy that existed at the time Austin-Spearman first accessed the
    AARP website.
    4
    AARP, Your Privacy Rights – Privacy Policy (“AARP Privacy Policy”) at Sec. 3,
    Information We Collect From You, ¶ 2. 5 (See also Am. Compl. ¶ 27.) The next section
    of the policy (Section 4) addresses “Information Collected By Third Parties”—it is the
    first paragraph of Section 4 that is the basis for the allegations made in Austin-
    Spearman’s complaint:
    We may allow third-party analytics companies, research
    companies or ad networks to collect nonpersonally
    identifiable information on our website. These companies
    may use tracking technologies, including cookies and Web
    beacons, to collect information about users of our site in
    order to analyze, report on or customize advertising on our
    site or on other sites. For information about how to opt-out
    of the customization of advertising from many ad networks,
    you can visit here.
    AARP Privacy Policy at Sec. 4, Information Collected by Third Parties, ¶ 1. Notably,
    the third paragraph of Section 4 also specifically cautions that “[i]f you stay logged into
    your social media accounts . . . while visiting our website[,] those social media
    companies may collect information about you.” Id. ¶ 3. Furthermore, in Section 5, the
    Privacy Policy states that AARP itself “may share your information[,] including your
    personally identifiable information[,] with companies we hire to provide certain []
    services such as . . . improving advertising services . . . and managing databases or
    other technology.” AARP Privacy Policy at Sec. 5, With Whom Your Information May
    be Shared, ¶ 7.
    Despite these disclosures, Austin-Spearman’s complaint alleges that the AARP
    website violates the express terms of the AARP online Privacy Policy because the
    AARP website is configured to permit Facebook and Adobe to collect members’ PII.
    5
    Available at www.AARP.org/about-aarp/info-05-2010/privacypolicy.html (last visited June 25, 2015).
    5
    (See Am. Compl. ¶¶ 35–55.) Specifically, according to the complaint, “[t]he first
    sentence [of Section 4, paragraph 1] assures members that AARP only allows certain
    third parties to collect ‘nonpersonally identifiable information’ from its website[.]” (Id.
    ¶ 29 (emphasis added).) The complaint also emphasizes that “the last sentence [of the
    first paragraph of Section 4] presents a hyperlink to another page that, among other
    things, lists “the specific third party companies that collect data from the site[,]” and
    that “[n]either Facebook nor Adobe is found on this list.” (Id. ¶ 31.)
    The technical particulars of how AARP allegedly permits Facebook to collect
    website users’ PII are detailed at length in the Plaintiff’s complaint and are not
    disputed. Suffice it to say here that Facebook’s software places “cookies” on a user’s
    computer when a Facebook user opts to remain logged in, and that these cookies
    interact with certain codes in AARP’s website to permit “data about the user’s
    browsing” to “be silently transmitted back to Facebook.” (Id. ¶¶ 38–41.) 6 Austin-
    Spearman acknowledges that she checks the “keep me logged in” box on her Facebook
    account when she navigates to the AARP website, or uses a Facebook plugin to log into
    the AARP website, and that, as a result, Facebook captures the titles of the articles and
    videos that Austin-Spearman accesses and views as she browses AARP’s website. (See
    Id. ¶¶ 35–45, 71, 81.) However, her core contention is that Defendants are to blame for
    facilitating this “[p]rivacy [h]azard” (id. at 17), because, in purported contravention of
    the AARP’s own Privacy Policy, AARP has coded its website to permit the placement
    of cookies, and thus Facebook can track the activities of users who are simultaneously
    6
    The complaint defines a “cookie” as “a simple text file placed onto a user’s computer that can be used
    to track browsing activity and report said activity back to the server that originally placed the cookie.”
    (Am. Compl. ¶ 38 n. 9.)
    6
    logged into the social media site or have arrived at the AARP site via a Facebook plugin
    (see id. ¶¶ 35–45).
    Austin-Spearman also alleges that Defendants permitted Adobe to collect PII
    data related to people who visit the AARP website, and that this practice, too, breaches
    AARP’s Privacy Policy. (See id. ¶¶ 46–55.) According to Plaintiff, Adobe collects PII
    “using a code developed by Adobe that AARP has integrated into its website.” (Id.
    ¶ 46; see also id. ¶¶ 47–48 (explaining that “[t]he process starts with AARP placing a
    cookie onto the website visitor’s computer,” and “[i]f the visitor is a registered member,
    the cookie . . . will be populated with PII retrieved from AARP’s database.”).) “As a
    member navigates through the AARP website, the special Adobe code forces the
    member’s web browser to extract information from the cookie and transmit it, along
    with data revealing the online materials being accessed and viewed by the member (i.e.,
    on the AARP website), to Adobe’s analytics servers.” (Id. ¶ 48.) Plaintiff asserts that,
    in this way, AARP has provided Adobe with “free rein [sic] to collect information from
    the cookies stored on members’ computers while using the AARP website[,]” and that
    such information ultimately is used to “display targeted advertisements to members[.]”
    (Id. ¶ 50.)
    The problem with all this, according to Plaintiff, is that “Austin-Spearman did
    not consent, agree, or otherwise permit AARP to release her PII to any third party
    company (i.e., outside of those disclosures expressly provided for in AARP’s Privacy
    Policy),” and yet “when she used AARP’s website[,] AARP routinely permitted third
    parties Facebook and Adobe to collect her PII, along with the precise materials that she
    viewed, the titles of articles read and videos watched on AARP’s website[.]” (Id. ¶ 81.)
    7
    Moreover, “[h]ad AARP informed Austin-Spearman that it allows third parties to
    collect member PII through the AARP website at the time that she purchased her
    membership, she either (i) would not have paid for an AARP membership in the first
    place or (ii) would not have used the AARP website at all (and thus, would give up her
    paid-for membership benefits only accessible through the website).” (Id. ¶ 82.) The
    complaint also suggests that Defendants have an ulterior motive for this allegedly
    intentional and harmful violation of the constraints in their own Privacy Policy: “upon
    information and belief” AARP “directly profits” from these practices (id. ¶ 53) in at
    least two ways: (1) “AARP receives royalty payments when members sign up for life
    insurance plans through . . . targeted advertisements” that can be generated as a result
    of the PII collection methods described (id. ¶ 53), and (2) “AARP is able to sell
    advertising space on its website at a premium price” because its “usage of Adobe’s
    collection methodologies and analytics services . . . allows it to serve targeted
    advertising to its members” (id. ¶ 54).
    B.      Procedural History
    On July 29, 2014, Austin-Spearman filed the instant lawsuit against AARP and
    its wholly owned subsidiary, AARP Services Inc. (“collectively, AARP”). (See
    generally Compl., ECF No. 1.) 7 The gravamen of the complaint is Austin-Spearman’s
    insistence that AARP’s Privacy Policy assures users that third parties are only permitted
    to collect nonpersonally identifiable information from the AARP website, and that, in
    any event, such data and information can only be captured by certain identified third
    7
    That same day, Austin-Spearman filed a Motion for Class Certification. (See Mot. to Cert. Class, ECF
    No. 2.) The Court stayed consideration of that motion until further order of the Court. (See Minute
    Entry dated Oct. 29, 2014.)
    8
    parties. (See Am. Compl. ¶ 29.) Austin-Spearman considers this promise to have been
    violated as a result of the alleged collection of PII by Facebook and Adobe, and she
    also believes that AARP’s practice of sharing information with Facebook and Adobe
    lessened the value of her AARP membership (see id. ¶ 82), because she views
    compliance with AARP’s Privacy Policy as part of her membership contract with the
    organization (see id. ¶¶ 75–81). Thus, Austin-Spearman’s five-count amended
    complaint, which was filed on October 24, 2014, claims that AARP’s information
    sharing practices violate the DCCPPA, and also constitute intentional
    misrepresentation, fraud by omission, unjust enrichment, and breach of contract. (See
    id. at ¶¶ 95–109 (count one: violation of the DCCPPA); 110–24 (count two: intentional
    misrepresentation); 125–36 (count three: fraud by omission); 137–43 (count four: unjust
    enrichment); 144–58 (count five: breach of contract (in the alternative to unjust
    enrichment)).)
    On November 10, 2014, Defendants filed the instant motion to dismiss Austin-
    Spearman’s amended complaint. (See Mot. to Dismiss Am. Compl. with Prejudice
    (“Defs.’ Mot.”), ECF No. 24.) 8 Defendants primarily argue that Austin-Spearman lacks
    an injury-in-fact that would support Article III standing to bring these claims, and thus,
    that her complaint must be dismissed pursuant to Rule 12(b)(1) for lack of subject
    matter jurisdiction. (See Def.’s Mem. in Supp. of Def.’s Mot. (“Def.’s Mem.”), ECF
    No. 24-1, at 24–30.) Defendants also contend that Austin-Spearman has failed to state
    8
    This is the second motion to dismiss these defendants have filed. The first motion was filed October
    3, 2014, in response to Plaintiff’s original complaint. (See Mot. to Dismiss Compl. with Prejudice, ECF
    No. 18.) Plaintiff filed an amended complaint on October 24, 2014 (see Am. Compl., ECF No. 23; see
    also Resp. to Mot. to Dismiss Compl. with Prejudice and Notice of Intent to Amend Pursuant to Rule
    15(a)(1), ECF No. 22), and in light of Plaintiff’s filing of an Amended Complaint, the Court dismissed
    Defendants’ original Motion to Dismiss without prejudice. (See Minute Entry dated Oct. 29, 2014.)
    9
    a claim upon which relief can be granted for various reasons. (See id. at 30–48.) 9 This
    Court held a hearing on Defendants’ motion on May 28, 2015. (See Minute Entry dated
    May 28, 2015.)
    II.    LEGAL STANDARDS
    A.      Article III Standing
    Article III of the United States Constitution limits judicial power to “cases” and
    “controversies.” U.S. Const. art. III § 2, cl. 1. “The concept of standing is part of this
    limitation[,]” Simon v. E. Kentucky Welfare Rights Organization, 
    426 U.S. 26
    , 37
    (1976); therefore, “[a] showing of standing ‘is an essential and unchanging’ predicate to
    any exercise of [federal court] jurisdiction[,]” Florida Audubon Soc. v. Bentsen, 
    94 F.3d 658
    , 663 (D.C. Cir. 1996) (citing Lujan v. Defenders of Wildlife, 
    504 U.S. 555
    , 560
    (1992)). See also Allen v. Wright, 
    468 U.S. 737
    , 752 (1984) (“[T]he law of Art. III
    standing is built on a single basic idea—the idea of separation of powers.”).
    Consequently, “[e]very plaintiff in federal court bears the burden of establishing the
    three elements that make up the ‘irreducible constitutional minimum’ of Article III
    standing: injury-in-fact, causation, and redressability.” Dominguez v. UAL Corp., 
    666 F.3d 1359
    , 1362 (D.C. Cir. 2012) (quoting Lujan, 
    504 U.S. at
    560–61).
    It is well established that an injury-in-fact is “an invasion of a legally protected
    interest that is both (a) concrete and particularized and (b) actual or imminent, as
    opposed to merely conjectural or hypothetical.” Humane Soc’y of United States v.
    9
    Specifically, Defendants maintain that the DCCPPA does not apply to AARP (see Mem. in Supp. of
    Mot. to Dismiss First Am. Compl. with Prejudice (“Defs.’ Mem.”), ECF No. 24, at 30–35); that
    Plaintiff’s fraud claims are untimely (id. at 36–39); that Plaintiff has failed to plead any facts
    supporting her speculation that AARP benefits from the challenged conduct (id. at 39–41); and that
    general statements like those contained in the AARP Privacy Policy are not bargained for agreements
    (id. at 42–43).
    10
    Vilsack, 
    19 F. Supp. 3d 24
    , 34 (D.D.C. 2013). Although “[e]conomic harm . . . is a
    canonical example of injury[-]in[-]fact sufficient to establish standing[,]” N. Carolina
    Fisheries Ass’n, Inc. v. Gutierrez, 
    518 F. Supp. 2d 62
    , 82 (D.D.C. 2007), “[m]erely
    asking for money does not establish an injury[-]in[-]fact[,]” Rivera v. Wyeth-Ayerst
    Labs., 
    283 F.3d 315
    , 319 (5th Cir. 2002). Rather, a cognizable overpayment injury
    ordinarily relates to the harm that results from there being a “difference between what
    [plaintiff] contracted for and what she actually received[,]” Sanchez v. Wal-Mart Stores,
    Inc., No. 06-cv-2573, 
    2008 WL 3272101
    , at *3 (E.D. Cal. Aug. 6, 2008); see also Tae
    Hee Lee v. Toyota Motor Sales, U.S.A., Inc., 
    992 F. Supp. 2d 962
    , 972 (C.D. Cal. 2014)
    (“There can be no serious dispute that a purchaser of a product who receives the benefit
    of his bargain has not suffered an Article III injury-in-fact traceable to the defendant’s
    conduct.”).
    B.     Federal Rule of Civil Procedure 12(b)(1)
    “In reviewing the standing question” in the context of a motion to dismiss under
    Rule 12(b)(1), a court “must be ‘careful not to decide the questions on the merits for or
    against the plaintiff, and must therefore assume that on the merits the plaintiffs would
    be successful in their claims.’” In re Navy Chaplaincy, 
    534 F.3d 756
    , 760 (D.C. Cir.
    2008) (quoting City of Waukesha v. EPA, 
    320 F.3d 228
    , 235 (D.C. Cir. 2003)). The
    court must also accept as true all factual allegations in the complaint, and must
    “construe the complaint liberally, granting plaintiff the benefit of all inferences that can
    be derived from the facts alleged.” Thomas v. Principi, 
    394 F.3d 970
    , 972 (D.C. Cir.
    2005). However, “the court need not accept factual inferences drawn by plaintiffs if
    those inferences are not supported by facts alleged in the complaint, nor must the Court
    accept plaintiff’s legal conclusions.” Disner v. United States, 
    888 F. Supp. 2d 83
    , 87
    11
    (D.D.C. 2012) (internal quotation marks and citation omitted). Moreover, and
    importantly, “[u]nder Rule 12(b)(1), the Court may dispose of the motion on the basis
    of the complaint alone, or it may consider materials beyond the pleadings ‘as it deems
    appropriate to resolve the question whether it has jurisdiction to hear the case.’”
    Neighborhood Assistance Corp. of Am. v. Consumer Fin. Prot. Bureau, 
    907 F. Supp. 2d 112
    , 121 (D.D.C. 2012) (quoting Scolaro v. D.C. Bd. of Elections & Ethics, 
    104 F.Supp.2d 18
    , 22 (D.D.C. 2000)).
    C.     Federal Rule of Civil Procedure 12(b)(6)
    When evaluating a motion to dismiss for failure to state a claim upon which
    relief can be granted under Rule 12(b)(6), a court looks for sufficient facts alleged in
    the complaint “to raise a right to relief above the speculative level[.]” Bell Atl. Corp. v.
    Twombly, 
    550 U.S. 544
    , 555 (2007) (internal quotation marks and citation omitted).
    “[D]etailed factual allegations” are not necessary to withstand a Rule 12(b)(6) motion,
    
    id.,
     but a plaintiff must plead enough facts to make the claim seem plausible on its face,
    see Ashcroft v. Iqbal, 
    556 U.S. 662
    , 678 (2009). In evaluating the plausibility of
    Plaintiff’s claim, the court must accept as true all factual allegations in the complaint,
    and the plaintiff should receive the benefit of all inferences that can be derived from the
    facts alleged. See Iqbal, 
    556 U.S. at 678
    ; see also Sparrow v. United Air Lines, Inc.,
    
    216 F.3d 1111
    , 1113 (D.C. Cir. 2000). “While the complaint is to be construed
    liberally in plaintiff’s favor, the Court need not accept inferences drawn by the plaintiff
    if those inferences are unsupported by facts alleged in the complaint; nor must the
    Court accept plaintiff’s legal conclusions.” Kramer v. United States, 
    460 F. Supp. 2d 108
    , 110 (D.D.C. 2006) (citing Kowal v. MCI Commc’ns Corp., 
    16 F.3d 1271
    , 1276
    (D.C. Cir. 1994)). Accordingly, “‘legal conclusions cast in the form of factual
    12
    allegations’ are insufficient to survive a motion to dismiss.” Henok v. Chase Home
    Fin., LLC, 
    915 F.Supp.2d 109
    , 114 (D.D.C. 2013) (quoting Browning v. Clinton, 
    292 F.3d 235
    , 242 (D.C. Cir. 2002)).
    III.      ANALYSIS
    Defendants argue that, for all of Austin-Spearman’s alleged surprise and outrage
    regarding the collection of her PII by Facebook and Adobe through AARP’s website,
    Austin-Spearman has failed to assert any plausible way in which Defendants’
    information sharing practices have injured her, and thus she lacks Article III standing to
    pursue this lawsuit. (See Defs.’ Mot. at 24–30.) 10 Austin-Spearman adamantly rejects
    this assertion—she points to the complaint’s allegation that she paid $43 for an AARP
    membership in consideration for “access to [Defendants’] exclusive online
    marketplace” and their promise to adhere to the Privacy Policy with respect to her
    internet usage (Pl.’s Opp’n to Def.’s Mot. (“Pl.’s Opp’n”), ECF No. 28, at 18; see also
    Am. Compl. ¶ 77), and she argues that “because Defendants never intended to deliver
    that [privacy policy] aspect of her purchase, [she] necessarily paid more than
    Defendants’ services were worth[,] and suffered damages as a result.” (Pl.’s Opp’n at
    19; see also Am. Compl. ¶ 82 (asserting that, if Austin-Spearman had known about
    Defendants’ practices, she “would have viewed her paid-for membership as worth less
    than the $43 she paid” for it).) Thus, Austin-Spearman seeks to proceed on an
    “overpayment” theory of injury—i.e., Austin-Spearman maintains that she suffered
    “concrete economic harm because she paid for access to Defendant’s online services,
    but didn’t receive the full benefit of her bargain.” (Pl.’s Opp’n at 18 (emphasis
    10
    Page numbers throughout this Opinion refer to those that the Court’s electronic filing system assigns.
    13
    omitted).)
    For the two reasons explained fully below, this Court rejects Austin-Spearman’s
    “economic injury” contention as entirely implausible, even after crediting the
    allegations in Austin-Spearman’s complaint. In short, the Court first concludes that
    Defendants’ alleged violation of their own Privacy Policy could not have injured
    Austin-Spearman because the complaint fails to establish that any such violation
    occurred. Moreover, and in any event, the Court finds that compliance with the Privacy
    Policy was not a term of Austin-Spearman’s membership contract with AARP on the
    facts alleged in the complaint (so its alleged breach could not have given rise to any
    economic injury), and even if the Privacy Policy were a term of the membership
    agreement, it was certainly not such an integral part of that contract that the alleged
    breach of the policy deprived Austin-Spearman of the benefit of her bargain.
    Consequently, Austin-Spearman lacks Article III standing to sue, and this Court lacks
    subject matter jurisdiction over Austin-Spearman’s complaint.
    A. The Complaint Does Not Establish That Defendants Violated The Terms
    Of The AARP’s Online Privacy Policy
    Austin-Spearman’s first hurdle in making a plausible case that she has suffered
    economic injury due to the Defendants’ violation of the online AARP Privacy Policy is
    to present allegations that permit an inference that Defendants have, in fact, violated the
    Privacy Policy. To this end, the complaint quotes parts of the Privacy Policy at length
    (see Am. Compl. ¶¶ 27–28), and it also describes in extraordinary detail the technical
    aspects of the manner in which the website permits third parties to gather information
    using cookies and codes (see 
    id.
     ¶¶ 34–65). What the complaint does not do, however,
    is substantiate Plaintiff’s repeated bald assertions that AARP’s Privacy Policy promises
    14
    its members that the organization “would not allow third parties to collect their PII.”
    (Id. ¶ 101; see also id. ¶¶ 29, 32, 79, 81–85).
    Stated simply, such a promise is not even close to what the actual Privacy Policy
    says, no matter how many times Plaintiff makes this assertion. (See, e.g., Am. Compl. ¶
    107 (characterizing the Policy as promising that “its members’ PII will be kept
    private”).) The purported basis for Plaintiff’s fervent belief that the Privacy Policy
    promises not to release the PII of AARP members is the first paragraph of Section 4,
    and in particular, the statement that “[w]e may allow third-party analytics companies,
    research companies, or ad networks to collect nonpersonally identifiable information on
    our website[.]” (Am. Compl. ¶ 28.) According to Plaintiff, this statement “assures
    members that AARP only allows certain third parties to collect ‘nonpersonally
    identifiable information’ from its website” (Am. Compl. ¶ 29 (emphasis added); see
    also Mot. to Dismiss Hr’g Tr. (“Hr’g Tr.”), at 8:22–8:24, May 28, 2015)). But that is
    plainly not what the first sentence of the first paragraph of Section 4 says; indeed, that
    language does not address the collection or distribution of PII at all.
    What is more, when Sections 4 and 5 are read together, and when the document
    is viewed as a whole, the AARP Privacy Policy tells a completely different story about
    what happens to member data than the narrative that appears in the allegations of
    Plaintiff’s complaint. This Court agrees with Defendants that, as relevant here, the
    AARP’s Privacy Policy clearly notifies website users of certain things regarding what
    the organization permits with respect to user data, to wit: (1) that the website collects
    users’ PII, see AARP Privacy Policy at Sec. 3, Information We Collect From You, ¶ 2;
    (2) that AARP permits certain third parties to collect non-PII data, see id. at Sec. 4,
    15
    Information Collected By Third Parties, ¶ 1; (3) that if a person stays logged into social
    media accounts while visiting AARP’s website, the social media companies may collect
    data and information about that person, see id. at Sec. 4, Information Collected by Third
    Parties, ¶¶ 2–3; and (4) that AARP may share data and information about its members
    with companies that help AARP with advertising, see id. at Sec. 5, With Whom Your
    Information May be Shared, ¶ 8.
    Significantly, the policy does not state that third parties will be prevented from
    gaining access to PII data entered into the AARP website under all circumstances, as
    Austin-Spearman argues. And given what the policy actually says about social media
    companies, it is entirely implausible to suggest, as Austin-Spearman does, that although
    she checks the “keep me logged in” box on her Facebook account or uses a Facebook
    plugin to log into the AARP website—thereby permitting Facebook to capture PII
    information about her as she navigates through the AARP website—she was surprised
    and upset by this practice, or that Facebook’s information collection was inconsistent
    with the representations in AARP’s Privacy Policy and she was injured as a result. (See
    Am. Compl. ¶¶ 35–45, 71, 81.) Similarly, this Court discerns nothing untoward about
    the fact that AARP allegedly has asked Adobe to collect and analyze information about
    people who use the AARP website so that advertising can be tailored to the individual
    website user (Am. Compl. ¶ 46–55, 81), because the Privacy Policy expressly discloses
    that AARP itself “may share your information . . . with companies we hire to provide
    certain [] services such as . . . improving advertising services . . . and managing
    databases or other technology[,]” AARP Privacy Policy at Sec. 5, With Whom Your
    Information May be Shared, ¶ 8.
    16
    The bottom line is this: the facts that Austin-Spearman says support a finding
    that Defendants have violated the AARP’s Privacy Policy do not permit any reasonable
    inference that a violation actually occurred, given the plain and express terms of the
    Privacy Policy. And because there was no violation on the facts as alleged, Plaintiff
    cannot have been injured as a result of this purported breach. Cf., e.g., In re Fruit Juice
    Products Marketing and Sales Practices Litig., 
    831 F.Supp.2d 507
    , 512 (D. Mass. 2011)
    (rejecting the plaintiffs’ benefit of the bargain theory of standing because “[p]laintiffs
    received the benefit of the bargain, as a matter of law” where “[p]laintiff[s] paid for
    fruit juice and they received fruit juice”). For this reason alone, Austin-Spearman’s
    contention that she has Article III standing to sue fails.
    B.     It Is Not Plausible That Defendants’ Alleged Breach Of The Privacy
    Policy Resulted In Economic Injury To Austin-Spearman
    Even if one assumes arguendo that AARP violated its own Privacy Policy, this
    Court finds it entirely implausible that any economic injury to Austin-Spearman
    resulted from that breach for two reasons.
    First of all, the complaint’s allegations simply do not establish that AARP’s
    online Privacy Policy was part of the AARP membership agreement. Although Austin-
    Spearman asserts that her $43 membership fee was partly paid in consideration for the
    organization’s enforceable promise that her PII would be kept private (see Pl.’s Opp’n
    at 18–19), the complaint lays out a chronology that establishes that Austin Spearman
    did not even see the AARP Privacy Policy until after she had already become a paid
    member of AARP—i.e., she first purchased her membership, then signed up for an
    online account, and then reviewed the Privacy Policy for the first time (see Am. Compl.
    ¶¶ 72–80). This means that, as Defendants forcefully argue, “the terms of the Privacy
    17
    Policy could not possibly have factored into the value of her AARP membership (even
    her subjective belief of the value) when she purchased it.” (Defs.’ Mot. at 29.)
    Moreover, it is well established that not all promises rise to the level of binding
    contractual obligations. For example, a promise that is offered freely and equally to all
    people—without regard to who has provided consideration and who has not—is not a
    contract. See Trustees of Dartmouth Coll. v. Woodward, 
    17 U.S. 518
    , 612 (1819)
    (“There can be no contract in which the party does not receive some personal, private,
    individual benefit. To make . . . a private contract, there must be a private beneficial
    interest vested in the party who pays the consideration.”). Here, despite Austin-
    Spearman’s allegation that her membership fee was tendered (at least in part) as
    consideration for AARP’s promise to adhere to its Privacy Policy (see Am. Compl.
    ¶¶ 79–81), the Privacy Policy indisputably applies to both members and non-members
    alike. See AARP Privacy Policy at Sec. 1, Nuts and Bolts of Our Privacy Policy, ¶ 1
    (noting that the policy applies to those who “join AARP”; those who “participate in
    AARP events and offerings”; and even those who simply “visit our website”).
    Consequently, Austin-Spearman’s payment was not provided in consideration for the
    promises that AARP made in the Privacy Policy, or, put another way, the promises
    made in AARP’s Privacy Policy were not a part of Austin-Spearman’s binding AARP
    membership contract. See In re LinkedIn Privacy Litig., 
    932 F. Supp. 2d 1089
    , 1093
    (N.D. Cal. 2013) (rejecting plaintiffs’ “overpayment” theory of standing because
    LinkedIn’s User Agreement and Privacy Policy were the same for the premium (paid)
    membership as they were for the basic (free) membership, and the complaint “[did] not
    sufficiently demonstrate that included in Plaintiffs’ bargain for premium membership
    18
    was the promise of a particular (or greater) level of security that was not part of the free
    membership”).
    Second, it is clear on the facts as alleged in Austin-Spearman’s complaint that
    Austin-Spearman actually received the benefit of her bargain with AARP. See Sanchez
    v. Wal-Mart Stores, Inc., 
    2008 WL 3272101
    , at *3 (explaining that a plaintiff only has
    standing to bring a breach of contract action based on alleged economic injury where
    she can plausibly allege that she did not receive the benefit of her bargain with the
    defendant). The complaint explains that the AARP is a membership organization that
    advocates for people over the age of 50, and that website usage—including the
    discounts that are only available online—is but one part of the benefits that accrue to
    members. (See Am. Compl. ¶¶ 1–2.) The complaint does not (and apparently cannot)
    contend that website usage is the primary benefit of an AARP membership, nor that it is
    even an essential part of the bundle of rights that are conferred to AARP members, and
    this flaw is fatal to Austin-Spearman’s economic injury theory of standing. See, e.g.,
    Birdsong v. Apple, Inc., 
    590 F.3d 955
    , 961 (9th Cir. 2009) (dismissing complaint partly
    on standing grounds because “[t]he plaintiffs’ alleged injury in fact is premised on the
    loss of a ‘safety’ benefit that was not part of the bargain to begin with”); Williams v.
    Purdue Pharma Co., 
    297 F. Supp. 2d 171
    , 176 (D.D.C. 2003) (dismissing complaint on
    standing grounds because “[a]lthough the plaintiffs allege a benefit of the bargain
    theory of injury, they do not allege that [defendant’s pain relief drug] failed to provide
    them effective pain relief” and therefore “it must be assumed that [defendant’s pain
    relief drug] worked for plaintiffs and that consequently they got what they paid for”
    (internal quotation marks and citations omitted)).
    19
    To be sure, the instant complaint struggles valiantly to convey that AARP-
    website usage was subjectively important to Austin-Spearman herself. (See Am.
    Compl. ¶ 76 (“[A]t the time [Austin-Spearman] paid for her membership, Austin-
    Spearman valued her personal privacy and expected that AARP would not permit third
    parties to collect her PII without first obtaining her permission to do so[.]”); 
    id. ¶ 82
    (“Had AARP informed Austin-Spearman that it allows third parties to collect member
    PII . . . she either (i) would not have paid for an AARP membership in the first place or
    (ii) would not have used the AARP website at all[.]”).) But conclusory statements
    regarding a plaintiff’s own beliefs and expectations are not sufficient to support an
    alleged “overpayment” injury; rather, a plaintiff must allege facts that demonstrate that
    the breached term was objectively essential to the contract at issue, such that the
    violation effectively robbed the plaintiff of her payment because what she received was
    not what the parties agreed she had purchased. In other words, a plaintiff is not entitled
    to demand perfect realization of every hope and dream with respect to contract
    performance; instead, the plaintiff has received the benefit of her bargain where the
    defendant has substantially performed on the contract. See Schneider v. Dumbarton
    Developers, Inc., 
    767 F.2d 1007
    , 1013 (D.C. Cir. 1985); see also Sununu v. Philippine
    Airlines, Inc., 
    638 F. Supp. 2d 35
    , 39 (D.D.C. 2009) (noting that “‘[s]ubstantial
    performance’ is generally considered to exist when a contracting party has failed to
    render full performance but any defects in performance are considered minor”). Thus,
    to sustain her claim that she has standing based on her overpayment for the AARP
    membership, Austin-Spearman must plausibly allege that Defendants failed to render
    substantial performance of the AARP membership contract. Compare, e.g., Lozano v.
    20
    AT&T Wireless Servs., Inc., 
    504 F.3d 718
    , 733 (9th Cir. 2007) (holding that the plaintiff
    was denied the benefit of the bargain, and therefore had standing, where plaintiff did
    not receive the full number of agreed-upon minutes he purchased in a wireless cellular
    phone service agreement) with Rivera v. WyethAyerst Labs., 
    283 F.3d 315
    , 319–21 (5th
    Cir. 2002) (holding that the plaintiff was not denied the benefit of the bargain, and
    therefore lacked standing, where plaintiff had bought a prescription painkiller that was
    later withdrawn from the market but plaintiff found the painkiller to be effective and
    did not suffer harmful side effects).
    The analysis and holding of In re Science Applications International Corp.
    Backup Tape Data Theft Litigation (“S.A.I.C.”), 
    45 F. Supp. 3d 14
     (D.D.C. 2014), make
    clear that Austin-Spearman has failed to mount this standing hurdle. After an unknown
    thief stole the plaintiffs’ personal information and medical records from a technology
    company that handles data for the federal government, the plaintiffs in S.A.I.C. (who
    were members of the U.S. military enrolled in certain health care plans) filed a
    complaint against their health insurance company, the Department of Defense, and
    several others. See id at 19. The complaint asserted approximately 20 causes of action,
    including breach of contract, and with respect to Article III standing, the plaintiffs
    claimed that the theft had caused them to suffer an economic injury-in-fact due to the
    diminution in the value of their insurance premiums—in plaintiffs’ view, the premiums
    were tendered in part as consideration for the defendant’s promise of keeping their
    personal health information secure, and thus plaintiffs had paid for a service they did
    not receive. See 
    id. at 30
    . The Court rejected plaintiffs’ economic injury argument,
    reasoning that the plaintiffs had “allege[d] that they were paying for ‘health and dental
    21
    insurance[,]’” and did not “claim that they were denied coverage or services in any way
    whatsoever[,]” 
    id. at 30
    , and they also “ha[d] not alleged facts that show that the market
    value of their insurance coverage (plus security services) was somehow less than what
    they paid[,]” 
    id.
     Consequently, despite the plaintiffs’ suggestion that “some
    indeterminate part of their premiums went toward paying for security measures” and
    that the value of their premiums were diminished as a result of the security breach, the
    Court concluded that the plaintiffs had failed to demonstrate that they had suffered an
    economic injury that gave rise to standing to sue. 
    Id.
     (adding that “[n]othing in the
    [c]omplaint makes a plausible case that Plaintiffs were cheated out of their
    premiums[,]” and “[a]s a result, no injury lies”).
    So it is here. Much like the plaintiffs in S.A.I.C., Austin-Spearman alleges that
    she paid for an AARP membership—and also that she got one. (See Def.’s Mot. at 28
    (“Plaintiff does not allege that she was denied any membership benefit or service for
    which she paid when purchasing her AARP membership.”).) AARP members purchase
    a set of benefits that includes supporting the AARP’s advocacy efforts (see Am. Compl.
    ¶ 1; Hr’g Tr. at 19:15–16); getting a subscription to the AARP magazine (see Hr’g Tr.
    at 19:19–20); and accessing “discounts on shopping, dining, and travel as well as
    financial and insurance-related products and services” (Am. Compl. ¶ 1). Austin-
    Spearman does not allege that she was denied any of these things; instead, she merely
    alleges that AARP’s privacy protections were not as stringent as she believed they
    would be. (See, e.g., Am. Compl. ¶¶ 83, 108, 123, 135, 138, 156.) This Court finds
    that, having not established that she actually lost any of the value of her membership,
    22
    Austin-Spearman has not plausibly claimed that she overpaid for the AARP membership
    agreement such that she was injured economically and now has standing to sue.
    IV.     CONCLUSION
    In this Court’s analysis, Austin-Spearman’s “overpayment” theory of economic
    injury does not add up. The complaint’s allegations do not establish that Defendants’
    practices regarding PII violate the organization’s online Privacy Policy; thus, no
    cognizable injury possibly could have resulted. Moreover, and in any event, it is
    entirely implausible that Austin-Spearman overpaid for the membership as a result of
    the AARP’s purported violation of their privacy promises for two reasons. First, the
    terms of the Privacy Policy—which were not even known to Austin-Spearman at the
    time she joined the organization—are not a part of the AARP membership contract.
    And second, even if adherence to the Privacy Policy was a contract term that
    Defendants breached, the complaint’s allegations do not establish that the privacy
    promises are so essential to the organization’s membership agreement that AARP did
    not render substantial performance such that Austin-Spearman was deprived of the
    benefit of her bargain. Thus, whatever the merits of Austin-Spearman’s case, she has
    not sufficiently alleged that she overpaid for the AARP membership and thereby
    suffered an injury-in-fact that gives her Article III standing to sue. 11
    Accordingly, as set forth in the separate order accompanying this memorandum
    opinion, AARP’s motion to dismiss is GRANTED, and Austin-Spearman’s complaint is
    11
    This Court does not opine as to whether or not some other theory of injury would have sufficed to
    provide Austin-Spearman with standing to sue. Cf. S.A.I.C., 45 F. Supp. 3d at 29 (noting that
    “disclosure of personally identifiable information alone, along with some attendant emotional distress,
    may constitute ‘injury enough to open the courthouse door’ in privacy actions”) (quoting Doe v. Chao,
    
    540 U.S. 614
    , 62425 (2004)). It is a plaintiff’s burden to establish this Court’s jurisdiction, see
    Clapper v. Amnesty Int’l USA, 
    133 S. Ct. 1138
    , 1148 (2013), and Austin-Spearman specifically and
    23
    dismissed. See Gen. Motors Corp. v. E.P.A., 
    363 F.3d 442
    , 448 (D.C. Cir. 2004) (“As a
    court of limited jurisdiction, we begin, and end, with an examination of our
    jurisdiction.”).
    DATE: July 28, 2015                             Ketanji Brown Jackson
    KETANJI BROWN JACKSON
    United States District Judge
    expressly disavows any other standing argument, relying solely on the “overpayment” theory of actual
    injury. (See Pl.’s Opp’n at 25–26 (rejecting Defendants’ argument that “Plaintiff’s theory of damages is
    somehow that her PII . . . was compromised, and that that alone forms the basis for her injury[,]” and
    clarifying that Plaintiff’s damages theory “focuses on the money she paid to Defendants and her failure
    to receive what she bargained for.” (emphasis in original)).) For the reasons stated in this
    Memorandum Opinion, this Court concludes that Austin-Spearman’s overpayment injury argument
    fails.
    24
    

Document Info

Docket Number: Civil Action No. 2014-1288

Citation Numbers: 119 F. Supp. 3d 1, 2015 U.S. Dist. LEXIS 98069

Judges: Judge Ketanji Brown Jackson

Filed Date: 7/28/2015

Precedential Status: Precedential

Modified Date: 11/7/2024

Authorities (21)

Kramer v. United States , 460 F. Supp. 2d 108 ( 2006 )

Charles Kowal v. MCI Communications Corporation , 16 F.3d 1271 ( 1994 )

Sparrow, Victor H. v. United Airlines Inc , 216 F.3d 1111 ( 2000 )

Equal Employment Opportunity Commission v. St. Francis ... , 117 F.3d 621 ( 1997 )

City of Waukesha v. Environmental Protection Agency , 320 F.3d 228 ( 2003 )

North Carolina Fisheries Ass'n, Inc. v. Gutierrez , 518 F. Supp. 2d 62 ( 2007 )

Lozano v. AT & T Wireless Services, Inc. , 504 F.3d 718 ( 2007 )

Birdsong v. Apple, Inc. , 590 F.3d 955 ( 2009 )

ferd-schneider-v-dumbarton-developers-inc-a-dc-corporation-dba , 767 F.2d 1007 ( 1985 )

Lujan v. Defenders of Wildlife , 112 S. Ct. 2130 ( 1992 )

Bell Atlantic Corp. v. Twombly , 127 S. Ct. 1955 ( 2007 )

Ashcroft v. Iqbal , 129 S. Ct. 1937 ( 2009 )

Clapper v. Amnesty International USA , 133 S. Ct. 1138 ( 2013 )

Sununu v. Philippine Airlines, Inc. , 638 F. Supp. 2d 35 ( 2009 )

Thomas, Oscar v. Principi, Anthony , 394 F.3d 970 ( 2005 )

General Motors Corp. v. Environmental Protection Agency , 363 F.3d 442 ( 2004 )

Dolly Kyle Browning and Direct Outstanding Creations ... , 292 F.3d 235 ( 2002 )

elizabeth-rivera-arkansas-carpenters-health-and-welfare-fund-on-behalf-of , 283 F.3d 315 ( 2002 )

Chaplaincy of Full Gospel Churches v. United States Navy , 534 F.3d 756 ( 2008 )

Allen v. Wright , 104 S. Ct. 3315 ( 1984 )

View All Authorities »