Court Partially Dismisses Google Mobile App Spyware Case, Citing Lack of Damages

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Android mobile device users who alleged that Google Inc. used spyware in applications to collect their personally identifiable information (PII) without their knowledge and consent generally failed to adequately allege that the company's actions damaged them, the U.S. District Court for the Northern District of California ruled March 26 in an unpublished opinion (In re Google Android Consumer Privacy Litigation, N.D. Cal., No. 3:11-md-02264-JSW, unpublished opinion 3/26/13).

The plaintiffs alleged that Google and mobile advertising companies AdMob Inc. and AdWhirl Inc. used code hidden in mobile apps to secretly collect their names, gender, ZIP codes, app activity information, geolocation data, and the universally unique device identifiers of their phones. They also alleged that Google misrepresented that their PII would be anonymized.

The court's conclusion that diminution in the value of PII is not a basis for Article III standing is one of the latest in a long string of cases addressing the issue. “Although the Ninth Circuit has yet to address the issue, district courts have been reluctant to find standing based solely on a theory that the value of a plaintiff's PII has been diminished[,]” the court said.

Only several allegations were sufficient to support standing, the plaintiffs' claim that the batteries in their mobile devices discharge more quickly as a result of Google's actions and their claim that their constitutional right to privacy was violated, the court said.

With the exception of those allegations, the court granted the defendants' motion to dismiss with leave to amend.

In a March 26 unpublished opinion in a separate case, the court similarly concluded that the diminished value of PII stemming from Pandora Media Inc.'s dissemination of users' PII to advertisers was insufficient to create standing (Yunker v. Pandora Media Inc., No. 3:11-cv-03113-JSW (N.D. Cal. Mar. 26, 2013) (12 PVLR 559, 4/1/13).

Diminished Value of PII, Overpayment Insufficient

The court concluded that most of the plaintiffs' alleged injuries were insufficient to support Article III standing.

The plaintiffs failed to allege enough facts demonstrating “what harm, if any, resulted from the access to and tracking of their PII,” such as which mobile devices they used and which apps tracked their data, the court said in rejecting their alleged diminished PII value injury.

“Plaintiffs also do not allege they attempted to sell their personal information, that they would do so in the future, or that they were foreclosed from entering into a value for value transaction relating to their PII … [,]” the court added.

The plaintiffs also failed to allege which Android devices they purchased and how much those devices cost, and they did not identify which of the defendants' statements were material to their decision to purchase a device or download an app, the court explained in rejecting their alleged device overpayment injury.

The plaintiffs also failed to identify the nature of the costs that they allegedly incurred as a result of the defendants' utilization of their computer resources.

Narrow Ground for Standing

The court found that the plaintiffs' allegation that they were injured because the defendants' conduct caused the batteries in their mobile devices to discharge more quickly sufficient to support Article III standing only as to Google.

The court said the allegations concerning the chemical changes to the battery material were “nearly identical” to those in Goodman v. HTC America Inc., No. 2:11-cv-01793 (W.D. Wash. June 26, 2012) (11 PVLR 1106, 7/9/12).

But the plaintiffs failed to allege that this injury was fairly traceable to AdMob's or AdWhirl's conduct, the court said.

Only the alleged violation of the constitutional right to privacy was sufficient to support the plaintiffs' theory of injury based on alleged violations of constitutional and statutory rights. The statutory claims required a separate showing of damage or loss, the court said.

All Counts Dismissed

The plaintiff also failed to state claims upon which relief can be granted, often due to their reliance on the same factual allegations to demonstrate injury for standing, the court concluded.

The court said it was unable to infer that the allegations of battery life damage would reach the $5,000 damage threshold of the Computer Fraud and Abuse Act (18 U.S.C. § 1030), even when aggregated.

The plaintiffs did not sufficiently allege the violation of another law to support a claim under the unlawful prong of California's Unfair Competition Law (UCL) (Cal. Bus. & Prof. Code §§ 17200-17210), and allegations concerning the collection and distribution of personal information were insufficient to state a claim under the UCL's unfair prong, the court concluded. Nor did the plaintiffs adequately allege that they relied on the defendants' misrepresentations to support a claim under the UCL's fraudulent prong.

The court said the plaintiffs' allegations that the defendants violated their constitutional right to privacy “are not sufficient to allege that the Google Defendants' conduct constitutes an egregious breach of social norms.”

The plaintiffs did not allege that the defendants accessed a network “without permission” to support a claim under the California's Comprehensive Computer Data Access and Fraud Act (Cal. Penal Code § 502), the court said. The court added that the plaintiffs did not allege facts that demonstrated “that the tracking codes have been designed in such a way to render ineffective any barriers the Plaintiffs might wish to use to prevent access to their PII.”

The plaintiffs also failed to state a claim for negligence, the court said, suggesting that Google's alleged duty to protect PII as the proprietor of the Android market arose from private contractual arrangements instead of tort law.

Nor were the allegations of reduced battery capacity and the installation of unwanted code that collects PII sufficient to support the plaintiffs' trespass to chattels claim, the court concluded.

William M. Audet and Mariana, S. Cole of Audet & Partners LLP, in San Francisco; and Scott A. Kamber and David A. Stampley, of KamberLaw LLP, in New York City, along with Deborah Kravitz from KamberLaw's Healdsburg, Calif. office, served as interim class co-counsel. David H. Kramer and Michael H. Rubin, of Wilson Sonsini Goodrich & Rosati, in Palo Alto, Calif., represented the defendants.

Full text of the court's opinion is available at

Request Bloomberg Law: Privacy & Data Security