Austin-Spearman v. AARP & AARP Services Inc. , 119 F. Supp. 3d 1 ( 2015 )

                            UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF COLUMBIA
)
Ethel Austin-Spearman,                           )
)
Plaintiff,                        )
)
v.                                        )       Civil Action No. 14-cv-1288 (KBJ)
)
AARP and AARP Services Inc.,                     )
)
Defendants.                       )
)
MEMORANDUM OPINION
Plaintiff Ethel Austin-Spearman is an internet savvy woman. According to her
complaint, she became a member of Facebook’s social network in 2007, and she
frequently accesses that website and others through the web browser on her computer.
(See Am. Compl., ECF No. 23, ¶¶ 71–72.) Moreover, whenever Austin-Spearman
registers for a new online service, she diligently reads the website’s Terms of Service
and the Privacy Policy. (See id. ¶ 77.) 1 It is the terms of the Privacy Policy on the
AARP’s internet website that have given rise to the instant action—Austin-Spearman
alleges that Defendants AARP and AARP Services Inc. (collectively, “Defendants”)
have violated the Privacy Policy because the AARP’s website is configured to permit
companies like Facebook and Adobe to collect personally identifiable information
1
A website’s Terms of Service “describe the terms and conditions that govern the relationship between
the user of a Web site and its operator.” Jonathan D. Frieden, Essential Elements of Effective Terms of
Use, 18 J. Internet L. 3 (2014). Similarly, a website’s Privacy Policy “explain[s] how the [website
operator] applies specific fair information practices to the collection, use, storage, and dissemination of
personal information” that website users provide to the website operator in the course of using the
website. Corey A. Ciocchetti, E-Commerce and Information Privacy: Privacy Policies As Personal
Information Protectors, 44 Am. Bus. L. J. 55, 68 (2007).
(“PII”) about the user. 2 Austin-Spearman’s class action complaint contains five
counts—breach of contract, unjust enrichment, intentional misrepresentation, fraud by
omission, and violation of the D.C. Consumer Protection Procedures Act (“DCCPPA”),

 to 28-3913 (2012)—and Austin-Spearman maintains that
Defendants’ breach of the AARP’s own privacy promises has injured her economically
because she would not have tendered the fee to purchase an AARP membership had she
known that the organization would permit the collection of her PII by Facebook and
other third parties.
Before this Court at present is Defendants’ motion to dismiss the complaint for
lack of Article III standing and for failure to state a claim upon which relief can be
granted. For the reasons explained below, this Court finds that the complaint’s
allegations are insufficient to establish that Defendants’ practices regarding user data
violate the AARP’s internet Privacy Policy, and in any event, it is entirely implausible
that Austin-Spearman has suffered the injury she relies upon for standing (an economic
injury) as a result of the AARP’s purported violation of its internet-usage Privacy
Policy. Therefore, the Court concludes that Austin-Spearman does not have Article III
standing to sue, and as a result, Defendants’ motion to dismiss the complaint will be
GRANTED. A separate order consistent with this opinion will issue.
2
There is no “uniform definition” of the term “personally identifiable information,” Paul M. Schwartz
& Daniel J. Solove, The Pii Problem: Privacy and A New Concept of Personally Identifiable
Information, 

, 1816 (2011); however, Plaintiff’s complaint lists the following
examples: name, age, race, email address, state of residence, health insurance information, employment
data, and family demographic information (see Am. Compl. ¶ 48).
2
I.        BACKGROUND
A.     Plaintiff’s Allegations
In late 2010, longtime Facebook member and an experienced internet user
Austin-Spearman navigated to www.aarp.org to learn about AARP membership. (See
Am. Compl. ¶¶ 72–73.) 3 The AARP is an organization that advocates for people over
the age of 50; the fee that one pays to become an AARP member supports the
organization’s lobbying and litigation efforts, and AARP members also have access to
“discounts on shopping, dining, and travel as well as financial and insurance-related
products and services.” (Id. ¶ 1.) A person who is 50 years of age or older can become
a member of the AARP by mailing in a paper form along with the requisite membership
fee, or by purchasing a membership online, through the AARP’s website. (See 

.) Paid AARP members may then opt to establish an online account with the
organization, which is accomplished by creating login credentials—a user name and
password—and also by “enter[ing] their demographic information (first name, last
name, country, zip code, and birthday) on AARP’s website.” (Id. ¶ 23.) Notably, the
AARP’s website is set up such that any person can create an online AARP account
without first becoming an AARP member; however, AARP members must register
online if they wish to access certain discounts and special offers that are available to
AARP members only through the member’s AARP online account. (See 

.)
Austin-Spearman purchased a three-year AARP membership for $43 through
AARP’s website (see 

); then, she proceeded to create an online AARP account
(see 

). To establish her account, Austin-Spearman entered the requisite
3
The AARP was formerly called the American Association of Retired Persons.
3
registration information, and she also viewed, and agreed to, AARP’s Privacy Policy.
(See 

)
The terms of AARP’s online Privacy Policy are central to the parties’ dispute,
and they are recited in detail in Plaintiffs’ complaint. 4 The Privacy Policy is seven-
pages long and is divided by subject-matter into twelve sections; as a general matter,
the policy explains the types of information that are captured when people visit the
AARP website. Section 3—which is entitled “Information We Collect From You”—
states, in relevant part, that
[w]hen you join AARP, we collect basic information such as
your name, contact information, preferences and date of
birth. We collect information about your participation in
AARP activities, including member services and discounts
obtained by using your membership card.
AARP also collects information on our website. We collect
both information that identifies you as a particular
individual (“personally identifiable information”) and
anonymous information that is not associated with a specific
individual (“nonpersonally identifiable information”). When
you visit our website, some information may be collected
automatically as part of the site’s operation. We also collect
information we receive from you during online registration
and when you complete other forms.
4
Neither Plaintiff nor Defendants attached the entire Privacy Policy to their pleadings; however,
Plaintiff notes in the complaint that “AARP’s Privacy Policy is displayed” at “www.AARP.org/about-
aarp/info-05-2010/privacypolicy.html” (Am. Compl. ¶ 25), and the complaint includes screenshots of
paragraphs from the privacy policy document as it appears on the website (see 

 ¶¶ 27–28; Fig. 2).
Moreover, at the hearing on Defendants’ Motion to Dismiss, both Plaintiff and Defendants agreed that
AARP’s entire Privacy Policy—and not just the portions quoted in the complaint—has been
incorporated into Plaintiff’s complaint and that the Court may therefore consider the entire Privacy
Policy when ruling on the motion to dismiss. (See Hr’g Tr. at 45:4–12.) See also Equal Empl.
Opportunity Comm’n v. St. Francis Xavier Parochial Sch., 

, 624 (D.C. Cir. 1997) (noting
that, when presented with a motion to dismiss, a court may consider “documents . . . incorporated in the
complaint”). Therefore, the Court will assume that the privacy policy at the web address provided by
the Plaintiff is the same privacy policy that existed at the time Austin-Spearman first accessed the
AARP website.
4
AARP, Your Privacy Rights – Privacy Policy (“AARP Privacy Policy”) at Sec. 3,
Information We Collect From You, ¶ 2. 5 (See also Am. Compl. ¶ 27.) The next section
of the policy (Section 4) addresses “Information Collected By Third Parties”—it is the
first paragraph of Section 4 that is the basis for the allegations made in Austin-
Spearman’s complaint:
We may allow third-party analytics companies, research
companies or ad networks to collect nonpersonally
identifiable information on our website. These companies
may use tracking technologies, including cookies and Web
beacons, to collect information about users of our site in
order to analyze, report on or customize advertising on our
site or on other sites. For information about how to opt-out
of the customization of advertising from many ad networks,
you can visit here.
AARP Privacy Policy at Sec. 4, Information Collected by Third Parties, ¶ 1. Notably,
the third paragraph of Section 4 also specifically cautions that “[i]f you stay logged into
your social media accounts . . . while visiting our website[,] those social media
companies may collect information about you.” Id. ¶ 3. Furthermore, in Section 5, the
Privacy Policy states that AARP itself “may share your information[,] including your
personally identifiable information[,] with companies we hire to provide certain []
services such as . . . improving advertising services . . . and managing databases or
other technology.” AARP Privacy Policy at Sec. 5, With Whom Your Information May
be Shared, ¶ 7.
Despite these disclosures, Austin-Spearman’s complaint alleges that the AARP
website violates the express terms of the AARP online Privacy Policy because the
AARP website is configured to permit Facebook and Adobe to collect members’ PII.
5
Available at www.AARP.org/about-aarp/info-05-2010/privacypolicy.html (last visited June 25, 2015).
5
(See Am. Compl. ¶¶ 35–55.) Specifically, according to the complaint, “[t]he first
sentence [of Section 4, paragraph 1] assures members that AARP only allows certain
third parties to collect ‘nonpersonally identifiable information’ from its website[.]” (Id.
¶ 29 (emphasis added).) The complaint also emphasizes that “the last sentence [of the
first paragraph of Section 4] presents a hyperlink to another page that, among other
things, lists “the specific third party companies that collect data from the site[,]” and
that “[n]either Facebook nor Adobe is found on this list.” (Id. ¶ 31.)
The technical particulars of how AARP allegedly permits Facebook to collect
website users’ PII are detailed at length in the Plaintiff’s complaint and are not
disputed. Suffice it to say here that Facebook’s software places “cookies” on a user’s
computer when a Facebook user opts to remain logged in, and that these cookies
interact with certain codes in AARP’s website to permit “data about the user’s
browsing” to “be silently transmitted back to Facebook.” (Id. ¶¶ 38–41.) 6 Austin-
Spearman acknowledges that she checks the “keep me logged in” box on her Facebook
account when she navigates to the AARP website, or uses a Facebook plugin to log into
the AARP website, and that, as a result, Facebook captures the titles of the articles and
videos that Austin-Spearman accesses and views as she browses AARP’s website. (See
Id. ¶¶ 35–45, 71, 81.) However, her core contention is that Defendants are to blame for
facilitating this “[p]rivacy [h]azard” (id. at 17), because, in purported contravention of
the AARP’s own Privacy Policy, AARP has coded its website to permit the placement
of cookies, and thus Facebook can track the activities of users who are simultaneously
6
The complaint defines a “cookie” as “a simple text file placed onto a user’s computer that can be used
to track browsing activity and report said activity back to the server that originally placed the cookie.”
(Am. Compl. ¶ 38 n. 9.)
6
logged into the social media site or have arrived at the AARP site via a Facebook plugin
(see id. ¶¶ 35–45).
Austin-Spearman also alleges that Defendants permitted Adobe to collect PII
data related to people who visit the AARP website, and that this practice, too, breaches
AARP’s Privacy Policy. (See id. ¶¶ 46–55.) According to Plaintiff, Adobe collects PII
“using a code developed by Adobe that AARP has integrated into its website.” (Id.
¶ 46; see also id. ¶¶ 47–48 (explaining that “[t]he process starts with AARP placing a
cookie onto the website visitor’s computer,” and “[i]f the visitor is a registered member,
the cookie . . . will be populated with PII retrieved from AARP’s database.”).) “As a
member navigates through the AARP website, the special Adobe code forces the
member’s web browser to extract information from the cookie and transmit it, along
with data revealing the online materials being accessed and viewed by the member (i.e.,
on the AARP website), to Adobe’s analytics servers.” (Id. ¶ 48.) Plaintiff asserts that,
in this way, AARP has provided Adobe with “free rein [sic] to collect information from
the cookies stored on members’ computers while using the AARP website[,]” and that
such information ultimately is used to “display targeted advertisements to members[.]”
(Id. ¶ 50.)
The problem with all this, according to Plaintiff, is that “Austin-Spearman did
not consent, agree, or otherwise permit AARP to release her PII to any third party
company (i.e., outside of those disclosures expressly provided for in AARP’s Privacy
Policy),” and yet “when she used AARP’s website[,] AARP routinely permitted third
parties Facebook and Adobe to collect her PII, along with the precise materials that she
viewed, the titles of articles read and videos watched on AARP’s website[.]” (Id. ¶ 81.)
7
Moreover, “[h]ad AARP informed Austin-Spearman that it allows third parties to
collect member PII through the AARP website at the time that she purchased her
membership, she either (i) would not have paid for an AARP membership in the first
place or (ii) would not have used the AARP website at all (and thus, would give up her
paid-for membership benefits only accessible through the website).” (Id. ¶ 82.) The
complaint also suggests that Defendants have an ulterior motive for this allegedly
intentional and harmful violation of the constraints in their own Privacy Policy: “upon
information and belief” AARP “directly profits” from these practices (id. ¶ 53) in at
least two ways: (1) “AARP receives royalty payments when members sign up for life
insurance plans through . . . targeted advertisements” that can be generated as a result
of the PII collection methods described (id. ¶ 53), and (2) “AARP is able to sell
advertising space on its website at a premium price” because its “usage of Adobe’s
collection methodologies and analytics services . . . allows it to serve targeted
advertising to its members” (id. ¶ 54).
B.      Procedural History
On July 29, 2014, Austin-Spearman filed the instant lawsuit against AARP and
its wholly owned subsidiary, AARP Services Inc. (“collectively, AARP”). (See
generally Compl., ECF No. 1.) 7 The gravamen of the complaint is Austin-Spearman’s
insistence that AARP’s Privacy Policy assures users that third parties are only permitted
to collect nonpersonally identifiable information from the AARP website, and that, in
any event, such data and information can only be captured by certain identified third
7
That same day, Austin-Spearman filed a Motion for Class Certification. (See Mot. to Cert. Class, ECF
No. 2.) The Court stayed consideration of that motion until further order of the Court. (See Minute
Entry dated Oct. 29, 2014.)
8
parties. (See Am. Compl. ¶ 29.) Austin-Spearman considers this promise to have been
violated as a result of the alleged collection of PII by Facebook and Adobe, and she
also believes that AARP’s practice of sharing information with Facebook and Adobe
lessened the value of her AARP membership (see id. ¶ 82), because she views
compliance with AARP’s Privacy Policy as part of her membership contract with the
organization (see id. ¶¶ 75–81). Thus, Austin-Spearman’s five-count amended
complaint, which was filed on October 24, 2014, claims that AARP’s information
sharing practices violate the DCCPPA, and also constitute intentional
misrepresentation, fraud by omission, unjust enrichment, and breach of contract. (See
id. at ¶¶ 95–109 (count one: violation of the DCCPPA); 110–24 (count two: intentional
misrepresentation); 125–36 (count three: fraud by omission); 137–43 (count four: unjust
enrichment); 144–58 (count five: breach of contract (in the alternative to unjust
enrichment)).)
On November 10, 2014, Defendants filed the instant motion to dismiss Austin-
Spearman’s amended complaint. (See Mot. to Dismiss Am. Compl. with Prejudice
(“Defs.’ Mot.”), ECF No. 24.) 8 Defendants primarily argue that Austin-Spearman lacks
an injury-in-fact that would support Article III standing to bring these claims, and thus,
that her complaint must be dismissed pursuant to Rule 12(b)(1) for lack of subject
matter jurisdiction. (See Def.’s Mem. in Supp. of Def.’s Mot. (“Def.’s Mem.”), ECF
No. 24-1, at 24–30.) Defendants also contend that Austin-Spearman has failed to state
8
This is the second motion to dismiss these defendants have filed. The first motion was filed October
3, 2014, in response to Plaintiff’s original complaint. (See Mot. to Dismiss Compl. with Prejudice, ECF
No. 18.) Plaintiff filed an amended complaint on October 24, 2014 (see Am. Compl., ECF No. 23; see
also Resp. to Mot. to Dismiss Compl. with Prejudice and Notice of Intent to Amend Pursuant to Rule
15(a)(1), ECF No. 22), and in light of Plaintiff’s filing of an Amended Complaint, the Court dismissed
Defendants’ original Motion to Dismiss without prejudice. (See Minute Entry dated Oct. 29, 2014.)
9
a claim upon which relief can be granted for various reasons. (See id. at 30–48.) 9 This
Court held a hearing on Defendants’ motion on May 28, 2015. (See Minute Entry dated
May 28, 2015.)
II.    LEGAL STANDARDS
A.      Article III Standing
Article III of the United States Constitution limits judicial power to “cases” and
“controversies.” U.S. Const. art. III § 2, cl. 1. “The concept of standing is part of this
limitation[,]” Simon v. E. Kentucky Welfare Rights Organization, 

, 37
(1976); therefore, “[a] showing of standing ‘is an essential and unchanging’ predicate to
any exercise of [federal court] jurisdiction[,]” Florida Audubon Soc. v. Bentsen, 

, 663 (D.C. Cir. 1996) (citing Lujan v. Defenders of Wildlife, 

, 560
(1992)). See also Allen v. Wright, 

, 752 (1984) (“[T]he law of Art. III
standing is built on a single basic idea—the idea of separation of powers.”).
Consequently, “[e]very plaintiff in federal court bears the burden of establishing the
three elements that make up the ‘irreducible constitutional minimum’ of Article III
standing: injury-in-fact, causation, and redressability.” Dominguez v. UAL Corp., 

, 1362 (D.C. Cir. 2012) (quoting Lujan, 

560–61).
It is well established that an injury-in-fact is “an invasion of a legally protected
interest that is both (a) concrete and particularized and (b) actual or imminent, as
opposed to merely conjectural or hypothetical.” Humane Soc’y of United States v.
9
Specifically, Defendants maintain that the DCCPPA does not apply to AARP (see Mem. in Supp. of
Mot. to Dismiss First Am. Compl. with Prejudice (“Defs.’ Mem.”), ECF No. 24, at 30–35); that
Plaintiff’s fraud claims are untimely (id. at 36–39); that Plaintiff has failed to plead any facts
supporting her speculation that AARP benefits from the challenged conduct (id. at 39–41); and that
general statements like those contained in the AARP Privacy Policy are not bargained for agreements
(id. at 42–43).
10
Vilsack, 

, 34 (D.D.C. 2013). Although “[e]conomic harm . . . is a
canonical example of injury[-]in[-]fact sufficient to establish standing[,]” N. Carolina
Fisheries Ass’n, Inc. v. Gutierrez, 

, 82 (D.D.C. 2007), “[m]erely
asking for money does not establish an injury[-]in[-]fact[,]” Rivera v. Wyeth-Ayerst
Labs., 

, 319 (5th Cir. 2002). Rather, a cognizable overpayment injury
ordinarily relates to the harm that results from there being a “difference between what
[plaintiff] contracted for and what she actually received[,]” Sanchez v. Wal-Mart Stores,
Inc., No. 06-cv-2573, 

, at *3 (E.D. Cal. Aug. 6, 2008); see also Tae
Hee Lee v. Toyota Motor Sales, U.S.A., Inc., 

, 972 (C.D. Cal. 2014)
(“There can be no serious dispute that a purchaser of a product who receives the benefit
of his bargain has not suffered an Article III injury-in-fact traceable to the defendant’s
conduct.”).
B.     Federal Rule of Civil Procedure 12(b)(1)
“In reviewing the standing question” in the context of a motion to dismiss under
Rule 12(b)(1), a court “must be ‘careful not to decide the questions on the merits for or
against the plaintiff, and must therefore assume that on the merits the plaintiffs would
be successful in their claims.’” In re Navy Chaplaincy, 

, 760 (D.C. Cir.
2008) (quoting City of Waukesha v. EPA, 

, 235 (D.C. Cir. 2003)). The
court must also accept as true all factual allegations in the complaint, and must
“construe the complaint liberally, granting plaintiff the benefit of all inferences that can
be derived from the facts alleged.” Thomas v. Principi, 

, 972 (D.C. Cir.
2005). However, “the court need not accept factual inferences drawn by plaintiffs if
those inferences are not supported by facts alleged in the complaint, nor must the Court
accept plaintiff’s legal conclusions.” Disner v. United States, 

, 87
11
(D.D.C. 2012) (internal quotation marks and citation omitted). Moreover, and
importantly, “[u]nder Rule 12(b)(1), the Court may dispose of the motion on the basis
of the complaint alone, or it may consider materials beyond the pleadings ‘as it deems
appropriate to resolve the question whether it has jurisdiction to hear the case.’”
Neighborhood Assistance Corp. of Am. v. Consumer Fin. Prot. Bureau, 

, 121 (D.D.C. 2012) (quoting Scolaro v. D.C. Bd. of Elections & Ethics, 

, 22 (D.D.C. 2000)).
C.     Federal Rule of Civil Procedure 12(b)(6)
When evaluating a motion to dismiss for failure to state a claim upon which
relief can be granted under Rule 12(b)(6), a court looks for sufficient facts alleged in
the complaint “to raise a right to relief above the speculative level[.]” Bell Atl. Corp. v.
Twombly, 

, 555 (2007) (internal quotation marks and citation omitted).
“[D]etailed factual allegations” are not necessary to withstand a Rule 12(b)(6) motion,

 but a plaintiff must plead enough facts to make the claim seem plausible on its face,
see Ashcroft v. Iqbal, 

, 678 (2009). In evaluating the plausibility of
Plaintiff’s claim, the court must accept as true all factual allegations in the complaint,
and the plaintiff should receive the benefit of all inferences that can be derived from the
facts alleged. See Iqbal, 

; see also Sparrow v. United Air Lines, Inc.,

, 1113 (D.C. Cir. 2000). “While the complaint is to be construed
liberally in plaintiff’s favor, the Court need not accept inferences drawn by the plaintiff
if those inferences are unsupported by facts alleged in the complaint; nor must the
Court accept plaintiff’s legal conclusions.” Kramer v. United States, 

, 110 (D.D.C. 2006) (citing Kowal v. MCI Commc’ns Corp., 

, 1276
(D.C. Cir. 1994)). Accordingly, “‘legal conclusions cast in the form of factual
12
allegations’ are insufficient to survive a motion to dismiss.” Henok v. Chase Home
Fin., LLC, 

, 114 (D.D.C. 2013) (quoting Browning v. Clinton, 

, 242 (D.C. Cir. 2002)).
III.      ANALYSIS
Defendants argue that, for all of Austin-Spearman’s alleged surprise and outrage
regarding the collection of her PII by Facebook and Adobe through AARP’s website,
Austin-Spearman has failed to assert any plausible way in which Defendants’
information sharing practices have injured her, and thus she lacks Article III standing to
pursue this lawsuit. (See Defs.’ Mot. at 24–30.) 10 Austin-Spearman adamantly rejects
this assertion—she points to the complaint’s allegation that she paid $43 for an AARP
membership in consideration for “access to [Defendants’] exclusive online
marketplace” and their promise to adhere to the Privacy Policy with respect to her
internet usage (Pl.’s Opp’n to Def.’s Mot. (“Pl.’s Opp’n”), ECF No. 28, at 18; see also
Am. Compl. ¶ 77), and she argues that “because Defendants never intended to deliver
that [privacy policy] aspect of her purchase, [she] necessarily paid more than
Defendants’ services were worth[,] and suffered damages as a result.” (Pl.’s Opp’n at
19; see also Am. Compl. ¶ 82 (asserting that, if Austin-Spearman had known about
Defendants’ practices, she “would have viewed her paid-for membership as worth less
than the $43 she paid” for it).) Thus, Austin-Spearman seeks to proceed on an
“overpayment” theory of injury—i.e., Austin-Spearman maintains that she suffered
“concrete economic harm because she paid for access to Defendant’s online services,
but didn’t receive the full benefit of her bargain.” (Pl.’s Opp’n at 18 (emphasis
10
Page numbers throughout this Opinion refer to those that the Court’s electronic filing system assigns.
13
omitted).)
For the two reasons explained fully below, this Court rejects Austin-Spearman’s
“economic injury” contention as entirely implausible, even after crediting the
allegations in Austin-Spearman’s complaint. In short, the Court first concludes that
Defendants’ alleged violation of their own Privacy Policy could not have injured
Austin-Spearman because the complaint fails to establish that any such violation
occurred. Moreover, and in any event, the Court finds that compliance with the Privacy
Policy was not a term of Austin-Spearman’s membership contract with AARP on the
facts alleged in the complaint (so its alleged breach could not have given rise to any
economic injury), and even if the Privacy Policy were a term of the membership
agreement, it was certainly not such an integral part of that contract that the alleged
breach of the policy deprived Austin-Spearman of the benefit of her bargain.
Consequently, Austin-Spearman lacks Article III standing to sue, and this Court lacks
subject matter jurisdiction over Austin-Spearman’s complaint.
A. The Complaint Does Not Establish That Defendants Violated The Terms
Of The AARP’s Online Privacy Policy
Austin-Spearman’s first hurdle in making a plausible case that she has suffered
economic injury due to the Defendants’ violation of the online AARP Privacy Policy is
to present allegations that permit an inference that Defendants have, in fact, violated the
Privacy Policy. To this end, the complaint quotes parts of the Privacy Policy at length
(see Am. Compl. ¶¶ 27–28), and it also describes in extraordinary detail the technical
aspects of the manner in which the website permits third parties to gather information
using cookies and codes (see 

 ¶¶ 34–65). What the complaint does not do, however,
is substantiate Plaintiff’s repeated bald assertions that AARP’s Privacy Policy promises
14
its members that the organization “would not allow third parties to collect their PII.”
(Id. ¶ 101; see also id. ¶¶ 29, 32, 79, 81–85).
Stated simply, such a promise is not even close to what the actual Privacy Policy
says, no matter how many times Plaintiff makes this assertion. (See, e.g., Am. Compl. ¶
107 (characterizing the Policy as promising that “its members’ PII will be kept
private”).) The purported basis for Plaintiff’s fervent belief that the Privacy Policy
promises not to release the PII of AARP members is the first paragraph of Section 4,
and in particular, the statement that “[w]e may allow third-party analytics companies,
research companies, or ad networks to collect nonpersonally identifiable information on
our website[.]” (Am. Compl. ¶ 28.) According to Plaintiff, this statement “assures
members that AARP only allows certain third parties to collect ‘nonpersonally
identifiable information’ from its website” (Am. Compl. ¶ 29 (emphasis added); see
also Mot. to Dismiss Hr’g Tr. (“Hr’g Tr.”), at 8:22–8:24, May 28, 2015)). But that is
plainly not what the first sentence of the first paragraph of Section 4 says; indeed, that
language does not address the collection or distribution of PII at all.
What is more, when Sections 4 and 5 are read together, and when the document
is viewed as a whole, the AARP Privacy Policy tells a completely different story about
what happens to member data than the narrative that appears in the allegations of
Plaintiff’s complaint. This Court agrees with Defendants that, as relevant here, the
AARP’s Privacy Policy clearly notifies website users of certain things regarding what
the organization permits with respect to user data, to wit: (1) that the website collects
users’ PII, see AARP Privacy Policy at Sec. 3, Information We Collect From You, ¶ 2;
(2) that AARP permits certain third parties to collect non-PII data, see id. at Sec. 4,
15
Information Collected By Third Parties, ¶ 1; (3) that if a person stays logged into social
media accounts while visiting AARP’s website, the social media companies may collect
data and information about that person, see id. at Sec. 4, Information Collected by Third
Parties, ¶¶ 2–3; and (4) that AARP may share data and information about its members
with companies that help AARP with advertising, see id. at Sec. 5, With Whom Your
Information May be Shared, ¶ 8.
Significantly, the policy does not state that third parties will be prevented from
gaining access to PII data entered into the AARP website under all circumstances, as
Austin-Spearman argues. And given what the policy actually says about social media
companies, it is entirely implausible to suggest, as Austin-Spearman does, that although
she checks the “keep me logged in” box on her Facebook account or uses a Facebook
plugin to log into the AARP website—thereby permitting Facebook to capture PII
information about her as she navigates through the AARP website—she was surprised
and upset by this practice, or that Facebook’s information collection was inconsistent
with the representations in AARP’s Privacy Policy and she was injured as a result. (See
Am. Compl. ¶¶ 35–45, 71, 81.) Similarly, this Court discerns nothing untoward about
the fact that AARP allegedly has asked Adobe to collect and analyze information about
people who use the AARP website so that advertising can be tailored to the individual
website user (Am. Compl. ¶ 46–55, 81), because the Privacy Policy expressly discloses
that AARP itself “may share your information . . . with companies we hire to provide
certain [] services such as . . . improving advertising services . . . and managing
databases or other technology[,]” AARP Privacy Policy at Sec. 5, With Whom Your
Information May be Shared, ¶ 8.
16
The bottom line is this: the facts that Austin-Spearman says support a finding
that Defendants have violated the AARP’s Privacy Policy do not permit any reasonable
inference that a violation actually occurred, given the plain and express terms of the
Privacy Policy. And because there was no violation on the facts as alleged, Plaintiff
cannot have been injured as a result of this purported breach. Cf., e.g., In re Fruit Juice
Products Marketing and Sales Practices Litig., 

, 512 (D. Mass. 2011)
(rejecting the plaintiffs’ benefit of the bargain theory of standing because “[p]laintiffs
received the benefit of the bargain, as a matter of law” where “[p]laintiff[s] paid for
fruit juice and they received fruit juice”). For this reason alone, Austin-Spearman’s
contention that she has Article III standing to sue fails.
B.     It Is Not Plausible That Defendants’ Alleged Breach Of The Privacy
Policy Resulted In Economic Injury To Austin-Spearman
Even if one assumes arguendo that AARP violated its own Privacy Policy, this
Court finds it entirely implausible that any economic injury to Austin-Spearman
resulted from that breach for two reasons.
First of all, the complaint’s allegations simply do not establish that AARP’s
online Privacy Policy was part of the AARP membership agreement. Although Austin-
Spearman asserts that her $43 membership fee was partly paid in consideration for the
organization’s enforceable promise that her PII would be kept private (see Pl.’s Opp’n
at 18–19), the complaint lays out a chronology that establishes that Austin Spearman
did not even see the AARP Privacy Policy until after she had already become a paid
member of AARP—i.e., she first purchased her membership, then signed up for an
online account, and then reviewed the Privacy Policy for the first time (see Am. Compl.
¶¶ 72–80). This means that, as Defendants forcefully argue, “the terms of the Privacy
17
Policy could not possibly have factored into the value of her AARP membership (even
her subjective belief of the value) when she purchased it.” (Defs.’ Mot. at 29.)
Moreover, it is well established that not all promises rise to the level of binding
contractual obligations. For example, a promise that is offered freely and equally to all
people—without regard to who has provided consideration and who has not—is not a
contract. See Trustees of Dartmouth Coll. v. Woodward, 

, 612 (1819)
(“There can be no contract in which the party does not receive some personal, private,
individual benefit. To make . . . a private contract, there must be a private beneficial
interest vested in the party who pays the consideration.”). Here, despite Austin-
Spearman’s allegation that her membership fee was tendered (at least in part) as
consideration for AARP’s promise to adhere to its Privacy Policy (see Am. Compl.
¶¶ 79–81), the Privacy Policy indisputably applies to both members and non-members
alike. See AARP Privacy Policy at Sec. 1, Nuts and Bolts of Our Privacy Policy, ¶ 1
(noting that the policy applies to those who “join AARP”; those who “participate in
AARP events and offerings”; and even those who simply “visit our website”).
Consequently, Austin-Spearman’s payment was not provided in consideration for the
promises that AARP made in the Privacy Policy, or, put another way, the promises
made in AARP’s Privacy Policy were not a part of Austin-Spearman’s binding AARP
membership contract. See In re LinkedIn Privacy Litig., 

, 1093
(N.D. Cal. 2013) (rejecting plaintiffs’ “overpayment” theory of standing because
LinkedIn’s User Agreement and Privacy Policy were the same for the premium (paid)
membership as they were for the basic (free) membership, and the complaint “[did] not
sufficiently demonstrate that included in Plaintiffs’ bargain for premium membership
18
was the promise of a particular (or greater) level of security that was not part of the free
membership”).
Second, it is clear on the facts as alleged in Austin-Spearman’s complaint that
Austin-Spearman actually received the benefit of her bargain with AARP. See Sanchez
v. Wal-Mart Stores, Inc., 

, at *3 (explaining that a plaintiff only has
standing to bring a breach of contract action based on alleged economic injury where
she can plausibly allege that she did not receive the benefit of her bargain with the
defendant). The complaint explains that the AARP is a membership organization that
advocates for people over the age of 50, and that website usage—including the
discounts that are only available online—is but one part of the benefits that accrue to
members. (See Am. Compl. ¶¶ 1–2.) The complaint does not (and apparently cannot)
contend that website usage is the primary benefit of an AARP membership, nor that it is
even an essential part of the bundle of rights that are conferred to AARP members, and
this flaw is fatal to Austin-Spearman’s economic injury theory of standing. See, e.g.,
Birdsong v. Apple, Inc., 

, 961 (9th Cir. 2009) (dismissing complaint partly
on standing grounds because “[t]he plaintiffs’ alleged injury in fact is premised on the
loss of a ‘safety’ benefit that was not part of the bargain to begin with”); Williams v.
Purdue Pharma Co., 

, 176 (D.D.C. 2003) (dismissing complaint on
standing grounds because “[a]lthough the plaintiffs allege a benefit of the bargain
theory of injury, they do not allege that [defendant’s pain relief drug] failed to provide
them effective pain relief” and therefore “it must be assumed that [defendant’s pain
relief drug] worked for plaintiffs and that consequently they got what they paid for”
(internal quotation marks and citations omitted)).
19
To be sure, the instant complaint struggles valiantly to convey that AARP-
website usage was subjectively important to Austin-Spearman herself. (See Am.
Compl. ¶ 76 (“[A]t the time [Austin-Spearman] paid for her membership, Austin-
Spearman valued her personal privacy and expected that AARP would not permit third
parties to collect her PII without first obtaining her permission to do so[.]”); 

(“Had AARP informed Austin-Spearman that it allows third parties to collect member
PII . . . she either (i) would not have paid for an AARP membership in the first place or
(ii) would not have used the AARP website at all[.]”).) But conclusory statements
regarding a plaintiff’s own beliefs and expectations are not sufficient to support an
alleged “overpayment” injury; rather, a plaintiff must allege facts that demonstrate that
the breached term was objectively essential to the contract at issue, such that the
violation effectively robbed the plaintiff of her payment because what she received was
not what the parties agreed she had purchased. In other words, a plaintiff is not entitled
to demand perfect realization of every hope and dream with respect to contract
performance; instead, the plaintiff has received the benefit of her bargain where the
defendant has substantially performed on the contract. See Schneider v. Dumbarton
Developers, Inc., 

, 1013 (D.C. Cir. 1985); see also Sununu v. Philippine
Airlines, Inc., 

, 39 (D.D.C. 2009) (noting that “‘[s]ubstantial
performance’ is generally considered to exist when a contracting party has failed to
render full performance but any defects in performance are considered minor”). Thus,
to sustain her claim that she has standing based on her overpayment for the AARP
membership, Austin-Spearman must plausibly allege that Defendants failed to render
substantial performance of the AARP membership contract. Compare, e.g., Lozano v.
20
AT&T Wireless Servs., Inc., 

, 733 (9th Cir. 2007) (holding that the plaintiff
was denied the benefit of the bargain, and therefore had standing, where plaintiff did
not receive the full number of agreed-upon minutes he purchased in a wireless cellular
phone service agreement) with Rivera v. WyethAyerst Labs., 

, 319–21 (5th
Cir. 2002) (holding that the plaintiff was not denied the benefit of the bargain, and
therefore lacked standing, where plaintiff had bought a prescription painkiller that was
later withdrawn from the market but plaintiff found the painkiller to be effective and
did not suffer harmful side effects).
The analysis and holding of In re Science Applications International Corp.
Backup Tape Data Theft Litigation (“S.A.I.C.”), 

 (D.D.C. 2014), make
clear that Austin-Spearman has failed to mount this standing hurdle. After an unknown
thief stole the plaintiffs’ personal information and medical records from a technology
company that handles data for the federal government, the plaintiffs in S.A.I.C. (who
were members of the U.S. military enrolled in certain health care plans) filed a
complaint against their health insurance company, the Department of Defense, and
several others. See id at 19. The complaint asserted approximately 20 causes of action,
including breach of contract, and with respect to Article III standing, the plaintiffs
claimed that the theft had caused them to suffer an economic injury-in-fact due to the
diminution in the value of their insurance premiums—in plaintiffs’ view, the premiums
were tendered in part as consideration for the defendant’s promise of keeping their
personal health information secure, and thus plaintiffs had paid for a service they did
not receive. See 

. The Court rejected plaintiffs’ economic injury argument,
reasoning that the plaintiffs had “allege[d] that they were paying for ‘health and dental
21
insurance[,]’” and did not “claim that they were denied coverage or services in any way
whatsoever[,]” 

, and they also “ha[d] not alleged facts that show that the market
value of their insurance coverage (plus security services) was somehow less than what
they paid[,]” 

 Consequently, despite the plaintiffs’ suggestion that “some
indeterminate part of their premiums went toward paying for security measures” and
that the value of their premiums were diminished as a result of the security breach, the
Court concluded that the plaintiffs had failed to demonstrate that they had suffered an
economic injury that gave rise to standing to sue. 

 (adding that “[n]othing in the
[c]omplaint makes a plausible case that Plaintiffs were cheated out of their
premiums[,]” and “[a]s a result, no injury lies”).
So it is here. Much like the plaintiffs in S.A.I.C., Austin-Spearman alleges that
she paid for an AARP membership—and also that she got one. (See Def.’s Mot. at 28
(“Plaintiff does not allege that she was denied any membership benefit or service for
which she paid when purchasing her AARP membership.”).) AARP members purchase
a set of benefits that includes supporting the AARP’s advocacy efforts (see Am. Compl.
¶ 1; Hr’g Tr. at 19:15–16); getting a subscription to the AARP magazine (see Hr’g Tr.
at 19:19–20); and accessing “discounts on shopping, dining, and travel as well as
financial and insurance-related products and services” (Am. Compl. ¶ 1). Austin-
Spearman does not allege that she was denied any of these things; instead, she merely
alleges that AARP’s privacy protections were not as stringent as she believed they
would be. (See, e.g., Am. Compl. ¶¶ 83, 108, 123, 135, 138, 156.) This Court finds
that, having not established that she actually lost any of the value of her membership,
22
Austin-Spearman has not plausibly claimed that she overpaid for the AARP membership
agreement such that she was injured economically and now has standing to sue.
IV.     CONCLUSION
In this Court’s analysis, Austin-Spearman’s “overpayment” theory of economic
injury does not add up. The complaint’s allegations do not establish that Defendants’
practices regarding PII violate the organization’s online Privacy Policy; thus, no
cognizable injury possibly could have resulted. Moreover, and in any event, it is
entirely implausible that Austin-Spearman overpaid for the membership as a result of
the AARP’s purported violation of their privacy promises for two reasons. First, the
terms of the Privacy Policy—which were not even known to Austin-Spearman at the
time she joined the organization—are not a part of the AARP membership contract.
And second, even if adherence to the Privacy Policy was a contract term that
Defendants breached, the complaint’s allegations do not establish that the privacy
promises are so essential to the organization’s membership agreement that AARP did
not render substantial performance such that Austin-Spearman was deprived of the
benefit of her bargain. Thus, whatever the merits of Austin-Spearman’s case, she has
not sufficiently alleged that she overpaid for the AARP membership and thereby
suffered an injury-in-fact that gives her Article III standing to sue. 11
Accordingly, as set forth in the separate order accompanying this memorandum
opinion, AARP’s motion to dismiss is GRANTED, and Austin-Spearman’s complaint is
11
This Court does not opine as to whether or not some other theory of injury would have sufficed to
provide Austin-Spearman with standing to sue. Cf. S.A.I.C., 45 F. Supp. 3d at 29 (noting that
“disclosure of personally identifiable information alone, along with some attendant emotional distress,
may constitute ‘injury enough to open the courthouse door’ in privacy actions”) (quoting Doe v. Chao,

, 62425 (2004)). It is a plaintiff’s burden to establish this Court’s jurisdiction, see
Clapper v. Amnesty Int’l USA, 

, 1148 (2013), and Austin-Spearman specifically and
23
dismissed. See Gen. Motors Corp. v. E.P.A., 

, 448 (D.C. Cir. 2004) (“As a
court of limited jurisdiction, we begin, and end, with an examination of our
jurisdiction.”).
DATE: July 28, 2015                             Ketanji Brown Jackson
KETANJI BROWN JACKSON
United States District Judge
expressly disavows any other standing argument, relying solely on the “overpayment” theory of actual
injury. (See Pl.’s Opp’n at 25–26 (rejecting Defendants’ argument that “Plaintiff’s theory of damages is
somehow that her PII . . . was compromised, and that that alone forms the basis for her injury[,]” and
clarifying that Plaintiff’s damages theory “focuses on the money she paid to Defendants and her failure
to receive what she bargained for.” (emphasis in original)).) For the reasons stated in this
Memorandum Opinion, this Court concludes that Austin-Spearman’s overpayment injury argument
fails.
24