The Northern District of California recently dismissed with prejudice a putative class action lawsuit against Google, which alleged that the company used a secret program called “Android Lockbox” to spy on Android smartphone users. See Order Granting Motion to Dismiss, Hammerling v. Google LLC, No. 21-cv-09004-CRB (N.D. Cal. December 1, 2022). The Court previously dismissed the case in July and gave plaintiffs leave to amend, but signaled that the complaint’s deficiencies would be “difficult to cure.” Finding that plaintiffs had failed to cure the previous deficiencies, the court dismissed with prejudice on all ten claims.
The lawsuit rested on claims that Google tracked real-time data on usage and engagement of third-party apps on Android devices without users’ knowledge or consent. Plaintiffs alleged that Google could learn sensitive personal information about users through this tracking. The amended complaint contained the same claims as the previous complaint: privacy-related claims, fraud claims, contract claims, and a UCL claim. Although the amended complaint was largely similar to the previous complaint, plaintiffs added (1) new alleged facts about the “unique insights” into their lives provided by their use of third-party apps, (2) specific pieces of information allegedly collected by Google via the third-party apps, (3) allegations that one of the plaintiffs read Google’s privacy policy but did not understand it to mean Google would collect this information, and (4) allegations that their data was not “de-identified or anonymized” but rather “directly associated” with their individual Google accounts.
The Court held that plaintiffs’ privacy claims failed because the data collection, even with new allegations of specific pieces of information and “insights” collected by Google, was not highly offensive to a reasonable person. Rather, the Court stated that much of the data collected is better characterized as “routine commercial behavior.” As to the fraud claims, the Court again held that plaintiffs failed to plausibly allege that they relied on any misrepresentation. The Court noted that viewing Google’s privacy policy after purchasing an Andriod device could not show that plaintiff relied on the privacy policy in making the purchase. Similarly, the Court noted that plaintiffs’ amended allegations that they relied on misrepresentations made on the settings pages of their Andriod device could not show reliance because plaintiffs did not plead that they continued to use their phone after viewing these pages in reliance on the statements made therein. The Court also rejected plaintiffs’ contract claims again because plaintiffs still did not show the requisite breach based on the statements identified in Google’s privacy policy. Finally, plaintiffs’ UCL claim, which was anchored in the unfair prong based on the privacy-related allegations, failed because the Court held that a UCL claim based on the unfair prong could not survive if the conduct, here the privacy-related allegations, was not also found to be fraudulent and unlawful.