Austin-Spearman v. AARP & AARP Services Inc.

UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA ) Ethel Austin-Spearman, ) ) Plaintiff, ) ) v. ) Civil Action No. 14-cv-1288 (KBJ) ) AARP and AARP Services Inc., ) ) Defendants. ) ) MEMORANDUM OPINION Plaintiff Ethel Austin-Spearman is an internet savvy woman. According to her complaint, she became a member of Facebook’s social network in 2007, and she frequently accesses that website and others through the web browser on her computer. (See Am. Compl., ECF No. 23, ¶¶ 71–72.) Moreover, whenever Austin-Spearman registers for a new online service, she diligently reads the website’s Terms of Service and the Privacy Policy. (See id. ¶ 77.) 1 It is the terms of the Privacy Policy on the AARP’s internet website that have given rise to the instant action—Austin-Spearman alleges that Defendants AARP and AARP Services Inc. (collectively, “Defendants”) have violated the Privacy Policy because the AARP’s website is configured to permit companies like Facebook and Adobe to collect personally identifiable information 1 A website’s Terms of Service “describe the terms and conditions that govern the relationship between the user of a Web site and its operator.” Jonathan D. Frieden, Essential Elements of Effective Terms of Use, 18 J. Internet L. 3 (2014). Similarly, a website’s Privacy Policy “explain[s] how the [website operator] applies specific fair information practices to the collection, use, storage, and dissemination of personal information” that website users provide to the website operator in the course of using the website. Corey A. Ciocchetti, E-Commerce and Information Privacy: Privacy Policies As Personal Information Protectors, 44 Am. Bus. L. J. 55, 68 (2007). (“PII”) about the user. 2 Austin-Spearman’s class action complaint contains five counts—breach of contract, unjust enrichment, intentional misrepresentation, fraud by omission, and violation of the D.C. Consumer Protection Procedures Act (“DCCPPA”), D.C. Code §§ 28-3901 to 28-3913 (2012)—and Austin-Spearman maintains that Defendants’ breach of the AARP’s own privacy promises has injured her economically because she would not have tendered the fee to purchase an AARP membership had she known that the organization would permit the collection of her PII by Facebook and other third parties. Before this Court at present is Defendants’ motion to dismiss the complaint for lack of Article III standing and for failure to state a claim upon which relief can be granted. For the reasons explained below, this Court finds that the complaint’s allegations are insufficient to establish that Defendants’ practices regarding user data violate the AARP’s internet Privacy Policy, and in any event, it is entirely implausible that Austin-Spearman has suffered the injury she relies upon for standing (an economic injury) as a result of the AARP’s purported violation of its internet-usage Privacy Policy. Therefore, the Court concludes that Austin-Spearman does not have Article III standing to sue, and as a result, Defendants’ motion to dismiss the complaint will be GRANTED. A separate order consistent with this opinion will issue. 2 There is no “uniform definition” of the term “personally identifiable information,” Paul M. Schwartz & Daniel J. Solove, The Pii Problem: Privacy and A New Concept of Personally Identifiable Information, 86 N.Y.U. L. Rev. 1814, 1816 (2011); however, Plaintiff’s complaint lists the following examples: name, age, race, email address, state of residence, health insurance information, employment data, and family demographic information (see Am. Compl. ¶ 48). 2 I. BACKGROUND A. Plaintiff’s Allegations In late 2010, longtime Facebook member and an experienced internet user Austin-Spearman navigated to www.aarp.org to learn about AARP membership. (See Am. Compl. ¶¶ 72–73.) 3 The AARP is an organization that advocates for people over the age of 50; the fee that one pays to become an AARP member supports the organization’s lobbying and litigation efforts, and AARP members also have access to “discounts on shopping, dining, and travel as well as financial and insurance-related products and services.” (Id. ¶ 1.) A person who is 50 years of age or older can become a member of the AARP by mailing in a paper form along with the requisite membership fee, or by purchasing a membership online, through the AARP’s website. (See id. ¶¶ 19, 23.) Paid AARP members may then opt to establish an online account with the organization, which is accomplished by creating login credentials—a user name and password—and also by “enter[ing] their demographic information (first name, last name, country, zip code, and birthday) on AARP’s website.” (Id. ¶ 23.) Notably, the AARP’s website is set up such that any person can create an online AARP account without first becoming an AARP member; however, AARP members must register online if they wish to access certain discounts and special offers that are available to AARP members only through the member’s AARP online account. (See id. ¶¶ 2, 20.) Austin-Spearman purchased a three-year AARP membership for $43 through AARP’s website (see id. ¶ 74); then, she proceeded to create an online AARP account (see id. ¶ 77). To establish her account, Austin-Spearman entered the requisite 3 The AARP was formerly called the American Association of Retired Persons. 3 registration information, and she also viewed, and agreed to, AARP’s Privacy Policy. (See id. ¶ 77) The terms of AARP’s online Privacy Policy are central to the parties’ dispute, and they are recited in detail in Plaintiffs’ complaint. 4 The Privacy Policy is seven- pages long and is divided by subject-matter into twelve sections; as a general matter, the policy explains the types of information that are captured when people visit the AARP website. Section 3—which is entitled “Information We Collect From You”— states, in relevant part, that [w]hen you join AARP, we collect basic information such as your name, contact information, preferences and date of birth. We collect information about your participation in AARP activities, including member services and discounts obtained by using your membership card. AARP also collects information on our website. We collect both information that identifies you as a particular individual (“personally identifiable information”) and anonymous information that is not associated with a specific individual (“nonpersonally identifiable information”). When you visit our website, some information may be collected automatically as part of the site’s operation. We also collect information we receive from you during online registration and when you complete other forms. 4 Neither Plaintiff nor Defendants attached the entire Privacy Policy to their pleadings; however, Plaintiff notes in the complaint that “AARP’s Privacy Policy is displayed” at “www.AARP.org/about- aarp/info-05-2010/privacypolicy.html” (Am. Compl. ¶ 25), and the complaint includes screenshots of paragraphs from the privacy policy document as it appears on the website (see id. ¶¶ 27–28; Fig. 2). Moreover, at the hearing on Defendants’ Motion to Dismiss, both Plaintiff and Defendants agreed that AARP’s entire Privacy Policy—and not just the portions quoted in the complaint—has been incorporated into Plaintiff’s complaint and that the Court may therefore consider the entire Privacy Policy when ruling on the motion to dismiss. (See Hr’g Tr. at 45:4–12.) See also Equal Empl. Opportunity Comm’n v. St. Francis Xavier Parochial Sch., 117 F.3d 621, 624 (D.C. Cir. 1997) (noting that, when presented with a motion to dismiss, a court may consider “documents . . . incorporated in the complaint”). 4 AARP, Your Privacy Rights – Privacy Policy (“AARP Privacy Policy”) at Sec. 3, Information We Collect From You, ¶ 2. 5 (See also Am. Compl. ¶ 27.) The next section of the policy (Section 4) addresses “Information Collected By Third Parties”—it is the first paragraph of Section 4 that is the basis for the allegations made in Austin- Spearman’s complaint: We may allow third-party analytics companies, research companies or ad networks to collect nonpersonally identifiable information on our website. These companies may use tracking technologies, including cookies and Web beacons, to collect information about users of our site in order to analyze, report on or customize advertising on our site or on other sites. For information about how to opt-out of the customization of advertising from many ad networks, you can visit here. AARP Privacy Policy at Sec. 4, Information Collected by Third Parties, ¶ 1. Notably, the third paragraph of Section 4 also specifically cautions that “[i]f you stay logged into your social media accounts . . . while visiting our website[,] those social media companies may collect information about you.” Id. ¶ 3. Furthermore, in Section 5, the Privacy Policy states that AARP itself “may share your information[,] including your personally identifiable information[,] with companies we hire to provide certain [] services such as . . . improving advertising services . . . and managing databases or other technology.” AARP Privacy Policy at Sec. 5, With Whom Your Information May be Shared, ¶ 7. Despite these disclosures, Austin-Spearman’s complaint alleges that the AARP website violates the express terms of the AARP online Privacy Policy because the AARP website is configured to permit Facebook and Adobe to collect members’ PII. 5 Available at www.AARP.org/about-aarp/info-05-2010/privacypolicy.html (last visited June 25, 2015). 5 (See Am. Compl. ¶¶ 35–55.) Specifically, according to the complaint, “[t]he first sentence [of Section 4, paragraph 1] assures members that AARP only allows certain third parties to collect ‘nonpersonally identifiable information’ from its website[.]” (Id. ¶ 29 (emphasis added).) The complaint also emphasizes that “the last sentence [of the first paragraph of Section 4] presents a hyperlink to another page that, among other things, lists “the specific third party companies that collect data from the site[,]” and that “[n]either Facebook nor Adobe is found on this list.” (Id. ¶ 31.) The technical particulars of how AARP allegedly permits Facebook to collect website users’ PII are detailed at length in the Plaintiff’s complaint and are not disputed. Suffice it to say here that Facebook’s software places “cookies” on a user’s computer when a Facebook user opts to remain logged in, and that these cookies interact with certain codes in AARP’s website to permit “data about the user’s browsing” to “be silently transmitted back to Facebook.” (Id. ¶¶ 38–41.) 6 Austin- Spearman acknowledges that she checks the “keep me logged in” box on her Facebook account when she navigates to the AARP website, or uses a Facebook plugin to log into the AARP website, and that, as a result, Facebook captures the titles of the articles and videos that Austin-Spearman accesses and views as she browses AARP’s website. (See Id. ¶¶ 35–45, 71, 81.) However, her core contention is that Defendants are to blame for facilitating this “[p]rivacy [h]azard” (id. at 17), because, in purported contravention of the AARP’s own Privacy Policy, AARP has coded its website to permit the placement of cookies, and thus Facebook can track the activities of users who are simultaneously 6 The complaint defines a “cookie” as “a simple text file placed onto a user’s computer that can be used to track browsing activity and report said activity back to the server that originally placed the cookie.” (Am. Compl. ¶ 38 n. 9.) 6 logged into the social media site or have arrived at the AARP site via a Facebook plugin (see id. ¶¶ 35–45). Austin-Spearman also alleges that Defendants permitted Adobe to collect PII data related to people who visit the AARP website, and that this practice, too, breaches AARP’s Privacy Policy. (See id. ¶¶ 46–55.) According to Plaintiff, Adobe collects PII “using a code developed by Adobe that AARP has integrated into its website.” (Id. ¶ 46; see also id. ¶¶ 47–48 (explaining that “[t]he process starts with AARP placing a cookie onto the website visitor’s computer,” and “[i]f the visitor is a registered member, the cookie . . . will be populated with PII retrieved from AARP’s database.”).) “As a member navigates through the AARP website, the special Adobe code forces the member’s web browser to extract information from the cookie and transmit it, along with data revealing the online materials being accessed and viewed by the member (i.e., on the AARP website), to Adobe’s analytics servers.” (Id. ¶ 48.) Plaintiff asserts that, in this way, AARP has provided Adobe with “free rein [sic] to collect information from the cookies stored on members’ computers while using the AARP website[,]” and that such information ultimately is used to “display targeted advertisements to members[.]” (Id. ¶ 50.) The problem with all this, according to Plaintiff, is that “Austin-Spearman did not consent, agree, or otherwise permit AARP to release her PII to any third party company (i.e., outside of those disclosures expressly provided for in AARP’s Privacy Policy),” and yet “when she used AARP’s website[,] AARP routinely permitted third parties Facebook and Adobe to collect her PII, along with the precise materials that she viewed, the titles of articles read and videos watched on AARP’s website[.]” (Id. ¶ 81.) 7 Moreover, “[h]ad AARP informed Austin-Spearman that it allows third parties to collect member PII through the AARP website at the time that she purchased her membership, she either (i) would not have paid for an AARP membership in the first place or (ii) would not have used the AARP website at all (and thus, would give up her paid-for membership benefits only accessible through the website).” (Id. ¶ 82.) The complaint also suggests that Defendants have an ulterior motive for this allegedly intentional and harmful violation of the constraints in their own Privacy Policy: “upon information and belief” AARP “directly profits” from these practices (id. ¶ 53) in at least two ways: (1) “AARP receives royalty payments when members sign up for life insurance plans through . . . targeted advertisements” that can be generated as a result of the PII collection methods described (id. ¶ 53), and (2) “AARP is able to sell advertising space on its website at a premium price” because its “usage of Adobe’s collection methodologies and analytics services . . . allows it to serve targeted advertising to its members” (id. ¶ 54). B. Procedural History On July 29, 2014, Austin-Spearman filed the instant lawsuit against AARP and its wholly owned subsidiary, AARP Services Inc. (“collectively, AARP”). (See generally Compl., ECF No. 1.) 7 The gravamen of the complaint is Austin-Spearman’s insistence that AARP’s Privacy Policy assures users that third parties are only permitted to collect nonpersonally identifiable information from the AARP website, and that, in any event, such data and information can only be captured by certain identified third 7 That same day, Austin-Spearman filed a Motion for Class Certification. (See Mot. to Cert. Class, ECF No. 2.) The Court stayed consideration of that motion until further order of the Court. (See Minute Entry dated Oct. 29, 2014.) 8 parties. (See Am. Compl. ¶ 29.) Austin-Spearman considers this promise to have been violated as a result of the alleged collection of PII by Facebook and Adobe, and she also believes that AARP’s practice of sharing information with Facebook and Adobe lessened the value of her AARP membership (see id. ¶ 82), because she views compliance with AARP’s Privacy Policy as part of her membership contract with the organization (see id. ¶¶ 75–81). Thus, Austin-Spearman’s five-count amended complaint, which was filed on October 24, 2014, claims that AARP’s information sharing practices violate the DCCPPA, and also constitute intentional misrepresentation, fraud by omission, unjust enrichment, and breach of contract. (See id. at ¶¶ 95–109 (count one: violation of the DCCPPA); 110–24 (count two: intentional misrepresentation); 125–36 (count three: fraud by omission); 137–43 (count four: unjust enrichment); 144–58 (count five: breach of contract (in the alternative to unjust enrichment)).) On November 10, 2014, Defendants filed the instant motion to dismiss Austin- Spearman’s amended complaint. (See Mot. to Dismiss Am. Compl. with Prejudice (“Defs.’ Mot.”), ECF No. 24.) 8 Defendants primarily argue that Austin-Spearman lacks an injury-in-fact that would support Article III standing to bring these claims, and thus, that her complaint must be dismissed pursuant to Rule 12(b)(1) for lack of subject matter jurisdiction. (See Def.’s Mem. in Supp. of Def.’s Mot. (“Def.’s Mem.”), ECF No. 24-1, at 24–30.) Defendants also contend that Austin-Spearman has failed to state 8 This is the second motion to dismiss these defendants have filed. The first motion was filed October 3, 2014, in response to Plaintiff’s original complaint. (See Mot. to Dismiss Compl. with Prejudice, ECF No. 18.) Plaintiff filed an amended complaint on October 24, 2014 (see Am. Compl., ECF No. 23; see also Resp. to Mot. to Dismiss Compl. with Prejudice and Notice of Intent to Amend Pursuant to Rule 15(a)(1), ECF No. 22), and in light of Plaintiff’s filing of an Amended Complaint, the Court dismissed Defendants’ original Motion to Dismiss without prejudice. (See Minute Entry dated Oct. 29, 2014.) 9 a claim upon which relief can be granted for various reasons. (See id. at 30–48.) 9 This Court held a hearing on Defendants’ motion on May 28, 2015. (See Minute Entry dated May 28, 2015.) II. LEGAL STANDARDS A. Article III Standing Article III of the United States Constitution limits judicial power to “cases” and “controversies.” U.S. Const. art. III § 2, cl. 1. “The concept of standing is part of this limitation[,]” Simon v. E. Kentucky Welfare Rights Organization, 426 U.S. 26, 37 (1976); therefore, “[a] showing of standing ‘is an essential and unchanging’ predicate to any exercise of [federal court] jurisdiction[,]” Florida Audubon Soc. v. Bentsen, 94 F.3d 658, 663 (D.C. Cir. 1996) (citing Lujan v. Defenders of Wildlife, 504 U.S. 555, 560 (1992)). See also Allen v. Wright, 468 U.S. 737, 752 (1984) (“[T]he law of Art. III standing is built on a single basic idea—the idea of separation of powers.”). Consequently, “[e]very plaintiff in federal court bears the burden of establishing the three elements that make up the ‘irreducible constitutional minimum’ of Article III standing: injury-in-fact, causation, and redressability.” Dominguez v. UAL Corp., 666 F.3d 1359, 1362 (D.C. Cir. 2012) (quoting Lujan, 504 U.S. at 560–61). It is well established that an injury-in-fact is “an invasion of a legally protected interest that is both (a) concrete and particularized and (b) actual or imminent, as opposed to merely conjectural or hypothetical.” Humane Soc’y of United States v. 9 Specifically, Defendants maintain that the DCCPPA does not apply to AARP (see Mem. in Supp. of Mot. to Dismiss First Am. Compl. with Prejudice (“Defs.’ Mem.”), ECF No. 24, at 30–35); that Plaintiff’s fraud claims are untimely (id. at 36–39); that Plaintiff has failed to plead any facts supporting her speculation that AARP benefits from the challenged conduct (id. at 39–41); and that general statements like those contained in the AARP Privacy Policy are not bargained for agreements (id. at 42–43). 10 Vilsack, 19 F. Supp. 3d 24, 34 (D.D.C. 2013). Although “[e]conomic harm . . . is a canonical example of injury[-]in[-]fact sufficient to establish standing[,]” N. Carolina Fisheries Ass’n, Inc. v. Gutierrez, 518 F. Supp. 2d 62, 82 (D.D.C. 2007), “[m]erely asking for money does not establish an injury[-]in[-]fact[,]” Rivera v. Wyeth-Ayerst Labs., 283 F.3d 315, 319 (5th Cir. 2002). Rather, a cognizable overpayment injury ordinarily relates to the harm that results from there being a “difference between what [plaintiff] contracted for and what she actually received[,]” Sanchez v. Wal-Mart Stores, Inc., No. 06-cv-2573, 2008 WL 3272101, at *3 (E.D. Cal. Aug. 6, 2008); see also Tae Hee Lee v. Toyota Motor Sales, U.S.A., Inc., 992 F. Supp. 2d 962, 972 (C.D. Cal. 2014) (“There can be no serious dispute that a purchaser of a product who receives the benefit of his bargain has not suffered an Article III injury-in-fact traceable to the defendant’s conduct.”). B. Federal Rule of Civil Procedure 12(b)(1) “In reviewing the standing question” in the context of a motion to dismiss under Rule 12(b)(1), a court “must be ‘careful not to decide the questions on the merits for or against the plaintiff, and must therefore assume that on the merits the plaintiffs would be successful in their claims.’” In re Navy Chaplaincy, 534 F.3d 756, 760 (D.C. Cir. 2008) (quoting City of Waukesha v. EPA, 320 F.3d 228, 235 (D.C. Cir. 2003)). The court must also accept as true all factual allegations in the complaint, and must “construe the complaint liberally, granting plaintiff the benefit of all inferences that can be derived from the facts alleged.” Thomas v. Principi, 394 F.3d 970, 972 (D.C. Cir. 2005). However, “the court need not accept factual inferences drawn by plaintiffs if those inferences are not supported by facts alleged in the complaint, nor must the Court accept plaintiff’s legal conclusions.” Disner v. United States, 888 F. Supp. 2d 83, 87 11 (D.D.C. 2012) (internal quotation marks and citation omitted). Moreover, and importantly, “[u]nder Rule 12(b)(1), the Court may dispose of the motion on the basis of the complaint alone, or it may consider materials beyond the pleadings ‘as it deems appropriate to resolve the question whether it has jurisdiction to hear the case.’” Neighborhood Assistance Corp. of Am. v. Consumer Fin. Prot. Bureau, 907 F. Supp. 2d 112, 121 (D.D.C. 2012) (quoting Scolaro v. D.C. Bd. of Elections & Ethics, 104 F.Supp.2d 18, 22 (D.D.C. 2000)). C. Federal Rule of Civil Procedure 12(b)(6) When evaluating a motion to dismiss for failure to state a claim upon which relief can be granted under Rule 12(b)(6), a court looks for sufficient facts alleged in the complaint “to raise a right to relief above the speculative level[.]” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007) (internal quotation marks and citation omitted). “[D]etailed factual allegations” are not necessary to withstand a Rule 12(b)(6) motion, id., but a plaintiff must plead enough facts to make the claim seem plausible on its face, see Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). In evaluating the plausibility of Plaintiff’s claim, the court must accept as true all factual allegations in the complaint, and the plaintiff should receive the benefit of all inferences that can be derived from the facts alleged. See Iqbal, 556 U.S. at 678; see also Sparrow v. United Air Lines, Inc., 216 F.3d 1111, 1113 (D.C. Cir. 2000). “While the complaint is to be construed liberally in plaintiff’s favor, the Court need not accept inferences drawn by the plaintiff if those inferences are unsupported by facts alleged in the complaint; nor must the Court accept plaintiff’s legal conclusions.” Kramer v. United States, 460 F. Supp. 2d 108, 110 (D.D.C. 2006) (citing Kowal v. MCI Commc’ns Corp., 16 F.3d 1271, 1276 (D.C. Cir. 1994)). Accordingly, “‘legal conclusions cast in the form of factual 12 allegations’ are insufficient to survive a motion to dismiss.” Henok v. Chase Home Fin., LLC, 915 F.Supp.2d 109, 114 (D.D.C. 2013) (quoting Browning v. Clinton, 292 F.3d 235, 242 (D.C. Cir. 2002)). III. ANALYSIS Defendants argue that, for all of Austin-Spearman’s alleged surprise and outrage regarding the collection of her PII by Facebook and Adobe through AARP’s website, Austin-Spearman has failed to assert any plausible way in which Defendants’ information sharing practices have injured her, and thus she lacks Article III standing to pursue this lawsuit. (See Defs.’ Mot. at 24–30.) 10 Austin-Spearman adamantly rejects this assertion—she points to the complaint’s allegation that she paid $43 for an AARP membership in consideration for “access to [Defendants’] exclusive online marketplace” and their promise to adhere to the Privacy Policy with respect to her internet usage (Pl.’s Opp’n to Def.’s Mot. (“Pl.’s Opp’n”), ECF No. 28, at 18; see also Am. Compl. ¶ 77), and she argues that “because Defendants never intended to deliver that [privacy policy] aspect of her purchase, [she] necessarily paid more than Defendants’ services were worth[,] and suffered damages as a result.” (Pl.’s Opp’n at 19; see also Am. Compl. ¶ 82 (asserting that, if Austin-Spearman had known about Defendants’ practices, she “would have viewed her paid-for membership as worth less than the $43 she paid” for it).) Thus, Austin-Spearman seeks to proceed on an “overpayment” theory of injury—i.e., Austin-Spearman maintains that she suffered “concrete economic harm because she paid for access to Defendant’s online services, but didn’t receive the full benefit of her bargain.” (Pl.’s Opp’n at 18 (emphasis 10 Page numbers throughout this Opinion refer to those that the Court’s electronic filing system assigns. 13 omitted).) For the two reasons explained fully below, this Court rejects Austin-Spearman’s “economic injury” contention as entirely implausible, even after crediting the allegations in Austin-Spearman’s complaint. In short, the Court first concludes that Defendants’ alleged violation of their own Privacy Policy could not have injured Austin-Spearman because the complaint fails to establish that any such violation occurred. Moreover, and in any event, the Court finds that compliance with the Privacy Policy was not a term of Austin-Spearman’s membership contract with AARP on the facts alleged in the complaint (so its alleged breach could not have given rise to any economic injury), and even if the Privacy Policy were a term of the membership agreement, it was certainly not such an integral part of that contract that the alleged breach of the policy deprived Austin-Spearman of the benefit of her bargain. Consequently, Austin-Spearman lacks Article III standing to sue, and this Court lacks subject matter jurisdiction over Austin-Spearman’s complaint. A. The Complaint Does Not Establish That Defendants Violated The Terms Of The AARP’s Online Privacy Policy Austin-Spearman’s first hurdle in making a plausible case that she has suffered economic injury due to the Defendants’ violation of the online AARP Privacy Policy is to present allegations that permit an inference that Defendants have, in fact, violated the Privacy Policy. To this end, the complaint quotes parts of the Privacy Policy at length (see Am. Compl. ¶¶ 27–28), and it also describes in extraordinary detail the technical aspects of the manner in which the website permits third parties to gather information using cookies and codes (see id. ¶¶ 34–65). What the complaint does not do, however, is substantiate Plaintiff’s repeated bald assertions that AARP’s Privacy Policy promises 14 its members that the organization “would not allow third parties to collect their PII.” (Id. ¶ 101; see also id. ¶¶ 29, 32, 79, 81–85). Stated simply, such a promise is not even close to what the actual Privacy Policy says, no matter how many times Plaintiff makes this assertion. (See, e.g., Am. Compl. ¶ 107 (characterizing the Policy as promising that “its members’ PII will be kept private”).) The purported basis for Plaintiff’s fervent belief that the Privacy Policy promises not to release the PII of AARP members is the first paragraph of Section 4, and in particular, the statement that “[w]e may allow third-party analytics companies, research companies, or ad networks to collect nonpersonally identifiable information on our website[.]” (Am. Compl. ¶ 28.) According to Plaintiff, this statement “assures members that AARP only allows certain third parties to collect ‘nonpersonally identifiable information’ from its website” (Am. Compl. ¶ 29 (emphasis added); see also Mot. to Dismiss Hr’g Tr. (“Hr’g Tr.”), at 8:22–8:24, May 28, 2015)). But that is plainly not what the first sentence of the first paragraph of Section 4 says; indeed, that language does not address the collection or distribution of PII at all. What is more, when Sections 4 and 5 are read together, and when the document is viewed as a whole, the AARP Privacy Policy tells a completely different story about what happens to member data than the narrative that appears in the allegations of Plaintiff’s complaint. This Court agrees with Defendants that, as relevant here, the AARP’s Privacy Policy clearly notifies website users of certain things regarding what the organization permits with respect to user data, to wit: (1) that the website collects users’ PII, see AARP Privacy Policy at Sec. 3, Information We Collect From You, ¶ 2; (2) that AARP permits certain third parties to collect non-PII data, see id. at Sec. 4, 15 Information Collected By Third Parties, ¶ 1; (3) that if a person stays logged into social media accounts while visiting AARP’s website, the social media companies may collect data and information about that person, see id. at Sec. 4, Information Collected by Third Parties, ¶¶ 2–3; and (4) that AARP may share data and information about its members with companies that help AARP with advertising, see id. at Sec. 5, With Whom Your Information May be Shared, ¶ 8. Significantly, the policy does not state that third parties will be prevented from gaining access to PII data entered into the AARP website under all circumstances, as Austin-Spearman argues. And given what the policy actually says about social media companies, it is entirely implausible to suggest, as Austin-Spearman does, that although she checks the “keep me logged in” box on her Facebook account or uses a Facebook plugin to log into the AARP website—thereby permitting Facebook to capture PII information about her as she navigates through the AARP website—she was surprised and upset by this practice, or that Facebook’s information collection was inconsistent with the representations in AARP’s Privacy Policy and she was injured as a result. (See Am. Compl. ¶¶ 35–45, 71, 81.) Similarly, this Court discerns nothing untoward about the fact that AARP allegedly has asked Adobe to collect and analyze information about people who use the AARP website so that advertising can be tailored to the individual website user (Am. Compl. ¶ 46–55, 81), because the Privacy Policy expressly discloses that AARP itself “may share your information . . . with companies we hire to provide certain [] services such as . . . improving advertising services . . . and managing databases or other technology[,]” AARP Privacy Policy at Sec. 5, With Whom Your Information May be Shared, ¶ 8. 16 The bottom line is this: the facts that Austin-Spearman says support a finding that Defendants have violated the AARP’s Privacy Policy do not permit any reasonable inference that a violation actually occurred, given the plain and express terms of the Privacy Policy. And because there was no violation on the facts as alleged, Plaintiff cannot have been injured as a result of this purported breach. Cf., e.g., In re Fruit Juice Products Marketing and Sales Practices Litig., 831 F.Supp.2d 507, 512 (D. Mass. 2011) (rejecting the plaintiffs’ benefit of the bargain theory of standing because “[p]laintiffs received the benefit of the bargain, as a matter of law” where “[p]laintiff[s] paid for fruit juice and they received fruit juice”). For this reason alone, Austin-Spearman’s contention that she has Article III standing to sue fails. B. It Is Not Plausible That Defendants’ Alleged Breach Of The Privacy Policy Resulted In Economic Injury To Austin-Spearman Even if one assumes arguendo that AARP violated its own Privacy Policy, this Court finds it entirely implausible that any economic injury to Austin-Spearman resulted from that breach for two reasons. First of all, the complaint’s allegations simply do not establish that AARP’s online Privacy Policy was part of the AARP membership agreement. Although Austin- Spearman asserts that her $43 membership fee was partly paid in consideration for the organization’s enforceable promise that her PII would be kept private (see Pl.’s Opp’n at 18–19), the complaint lays out a chronology that establishes that Austin Spearman did not even see the AARP Privacy Policy until after she had already become a paid member of AARP—i.e., she first purchased her membership, then signed up for an online account, and then reviewed the Privacy Policy for the first time (see Am. Compl. ¶¶ 72–80). This means that, as Defendants forcefully argue, “the terms of the Privacy 17 Policy could not possibly have factored into the value of her AARP membership (even her subjective belief of the value) when she purchased it.” (Defs.’ Mot. at 29.) Moreover, it is well established that not all promises rise to the level of binding contractual obligations. For example, a promise that is offered freely and equally to all people—without regard to who has provided consideration and who has not—is not a contract. See Trustees of Dartmouth Coll. v. Woodward, 17 U.S. 518, 612 (1819) (“There can be no contract in which the party does not receive some personal, private, individual benefit. To make . . . a private contract, there must be a private beneficial interest vested in the party who pays the consideration.”). Here, despite Austin- Spearman’s allegation that her membership fee was tendered (at least in part) as consideration for AARP’s promise to adhere to its Privacy Policy (see Am. Compl. ¶¶ 79–81), the Privacy Policy indisputably applies to both members and non-members alike. See AARP Privacy Policy at Sec. 1, Nuts and Bolts of Our Privacy Policy, ¶ 1 (noting that the policy applies to those who “join AARP”; those who “participate in AARP events and offerings”; and even those who simply “visit our website”). Consequently, Austin-Spearman’s payment was not provided in consideration for the promises that AARP made in the Privacy Policy, or, put another way, the promises made in AARP’s Privacy Policy were not a part of Austin-Spearman’s binding AARP membership contract. See In re LinkedIn Privacy Litig., 932 F. Supp. 2d 1089, 1093 (N.D. Cal. 2013) (rejecting plaintiffs’ “overpayment” theory of standing because LinkedIn’s User Agreement and Privacy Policy were the same for the premium (paid) membership as they were for the basic (free) membership, and the complaint “[did] not sufficiently demonstrate that included in Plaintiffs’ bargain for premium membership 18 was the promise of a particular (or greater) level of security that was not part of the free membership”). Second, it is clear on the facts as alleged in Austin-Spearman’s complaint that Austin-Spearman actually received the benefit of her bargain with AARP. See Sanchez v. Wal-Mart Stores, Inc., 2008 WL 3272101, at *3 (explaining that a plaintiff only has standing to bring a breach of contract action based on alleged economic injury where she can plausibly allege that she did not receive the benefit of her bargain with the defendant). The complaint explains that the AARP is a membership organization that advocates for people over the age of 50, and that website usage—including the discounts that are only available online—is but one part of the benefits that accrue to members. (See Am. Compl. ¶¶ 1–2.) The complaint does not (and apparently cannot) contend that website usage is the primary benefit of an AARP membership, nor that it is even an essential part of the bundle of rights that are conferred to AARP members, and this flaw is fatal to Austin-Spearman’s economic injury theory of standing. See, e.g., Birdsong v. Apple, Inc., 590 F.3d 955, 961 (9th Cir. 2009) (dismissing complaint partly on standing grounds because “[t]he plaintiffs’ alleged injury in fact is premised on the loss of a ‘safety’ benefit that was not part of the bargain to begin with”); Williams v. Purdue Pharma Co., 297 F. Supp. 2d 171, 176 (D.D.C. 2003) (dismissing complaint on standing grounds because “[a]lthough the plaintiffs allege a benefit of the bargain theory of injury, they do not allege that [defendant’s pain relief drug] failed to provide them effective pain relief” and therefore “it must be assumed that [defendant’s pain relief drug] worked for plaintiffs and that consequently they got what they paid for” (internal quotation marks and citations omitted)). 19 To be sure, the instant complaint struggles valiantly to convey that AARP- website usage was subjectively important to Austin-Spearman herself. (See Am. Compl. ¶ 76 (“[A]t the time [Austin-Spearman] paid for her membership, Austin- Spearman valued her personal privacy and expected that AARP would not permit third parties to collect her PII without first obtaining her permission to do so[.]”); id. ¶ 82 (“Had AARP informed Austin-Spearman that it allows third parties to collect member PII . . . she either (i) would not have paid for an AARP membership in the first place or (ii) would not have used the AARP website at all[.]”).) But conclusory statements regarding a plaintiff’s own beliefs and expectations are not sufficient to support an alleged “overpayment” injury; rather, a plaintiff must allege facts that demonstrate that the breached term was objectively essential to the contract at issue, such that the violation effectively robbed the plaintiff of her payment because what she received was not what the parties agreed she had purchased. In other words, a plaintiff is not entitled to demand perfect realization of every hope and dream with respect to contract performance; instead, the plaintiff has received the benefit of her bargain where the defendant has substantially performed on the contract. See Schneider v. Dumbarton Developers, Inc., 767 F.2d 1007, 1013 (D.C. Cir. 1985); see also Sununu v. Philippine Airlines, Inc., 638 F. Supp. 2d 35, 39 (D.D.C. 2009) (noting that “‘[s]ubstantial performance’ is generally considered to exist when a contracting party has failed to render full performance but any defects in performance are considered minor”). Thus, to sustain her claim that she has standing based on her overpayment for the AARP membership, Austin-Spearman must plausibly allege that Defendants failed to render substantial performance of the AARP membership contract. Compare, e.g., Lozano v. 20 AT&T Wireless Servs., Inc., 504 F.3d 718, 733 (9th Cir. 2007) (holding that the plaintiff was denied the benefit of the bargain, and therefore had standing, where plaintiff did not receive the full number of agreed-upon minutes he purchased in a wireless cellular phone service agreement) with Rivera v. WyethAyerst Labs., 283 F.3d 315, 319–21 (5th Cir. 2002) (holding that the plaintiff was not denied the benefit of the bargain, and therefore lacked standing, where plaintiff had bought a prescription painkiller that was later withdrawn from the market but plaintiff found the painkiller to be effective and did not suffer harmful side effects). The analysis and holding of In re Science Applications International Corp. Backup Tape Data Theft Litigation (“S.A.I.C.”), 45 F. Supp. 3d 14 (D.D.C. 2014), make clear that Austin-Spearman has failed to mount this standing hurdle. After an unknown thief stole the plaintiffs’ personal information and medical records from a technology company that handles data for the federal government, the plaintiffs in S.A.I.C. (who were members of the U.S. military enrolled in certain health care plans) filed a complaint against their health insurance company, the Department of Defense, and several others. See id at 19. The complaint asserted approximately 20 causes of action, including breach of contract, and with respect to Article III standing, the plaintiffs claimed that the theft had caused them to suffer an economic injury-in-fact due to the diminution in the value of their insurance premiums—in plaintiffs’ view, the premiums were tendered in part as consideration for the defendant’s promise of keeping their personal health information secure, and thus plaintiffs had paid for a service they did not receive. See id. at 30. The Court rejected plaintiffs’ economic injury argument, reasoning that the plaintiffs had “allege[d] that they were paying for ‘health and dental 21 insurance[,]’” and did not “claim that they were denied coverage or services in any way whatsoever[,]” id. at 30, and they also “ha[d] not alleged facts that show that the market value of their insurance coverage (plus security services) was somehow less than what they paid[,]” id. Consequently, despite the plaintiffs’ suggestion that “some indeterminate part of their premiums went toward paying for security measures” and that the value of their premiums were diminished as a result of the security breach, the Court concluded that the plaintiffs had failed to demonstrate that they had suffered an economic injury that gave rise to standing to sue. Id. (adding that “[n]othing in the [c]omplaint makes a plausible case that Plaintiffs were cheated out of their premiums[,]” and “[a]s a result, no injury lies”). So it is here. Much like the plaintiffs in S.A.I.C., Austin-Spearman alleges that she paid for an AARP membership—and also that she got one. (See Def.’s Mot. at 28 (“Plaintiff does not allege that she was denied any membership benefit or service for which she paid when purchasing her AARP membership.”).) AARP members purchase a set of benefits that includes supporting the AARP’s advocacy efforts (see Am. Compl. ¶ 1; Hr’g Tr. at 19:15–16); getting a subscription to the AARP magazine (see Hr’g Tr. at 19:19–20); and accessing “discounts on shopping, dining, and travel as well as financial and insurance-related products and services” (Am. Compl. ¶ 1). Austin- Spearman does not allege that she was denied any of these things; instead, she merely alleges that AARP’s privacy protections were not as stringent as she believed they would be. (See, e.g., Am. Compl. ¶¶ 83, 108, 123, 135, 138, 156.) This Court finds that, having not established that she actually lost any of the value of her membership, 22 Austin-Spearman has not plausibly claimed that she overpaid for the AARP membership agreement such that she was injured economically and now has standing to sue. IV. CONCLUSION In this Court’s analysis, Austin-Spearman’s “overpayment” theory of economic injury does not add up. The complaint’s allegations do not establish that Defendants’ practices regarding PII violate the organization’s online Privacy Policy; thus, no cognizable injury possibly could have resulted. Moreover, and in any event, it is entirely implausible that Austin-Spearman overpaid for the membership as a result of the AARP’s purported violation of their privacy promises for two reasons. First, the terms of the Privacy Policy—which were not even known to Austin-Spearman at the time she joined the organization—are not a part of the AARP membership contract. And second, even if adherence to the Privacy Policy was a contract term that Defendants breached, the complaint’s allegations do not establish that the privacy promises are so essential to the organization’s membership agreement that AARP did not render substantial performance such that Austin-Spearman was deprived of the benefit of her bargain. Thus, whatever the merits of Austin-Spearman’s case, she has not sufficiently alleged that she overpaid for the AARP membership and thereby suffered an injury-in-fact that gives her Article III standing to sue. 11 Accordingly, as set forth in the separate order accompanying this memorandum opinion, AARP’s motion to dismiss is GRANTED, and Austin-Spearman’s complaint is 11 This Court does not opine as to whether or not some other theory of injury would have sufficed to provide Austin-Spearman with standing to sue. Cf. S.A.I.C., 45 F. Supp. 3d at 29 (noting that “disclosure of personally identifiable information alone, along with some attendant emotional distress, may constitute ‘injury enough to open the courthouse door’ in privacy actions”) (quoting Doe v. Chao, 540 U.S. 614, 62425 (2004)). It is a plaintiff’s burden to establish this Court’s jurisdiction, see Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138, 1148 (2013), and Austin-Spearman specifically and 23 dismissed. See Gen. Motors Corp. v. E.P.A., 363 F.3d 442, 448 (D.C. Cir. 2004) (“As a court of limited jurisdiction, we begin, and end, with an examination of our jurisdiction.”). DATE: June 30, 2015 Ketanji Brown Jackson KETANJI BROWN JACKSON United States District Judge expressly disavows any other standing argument, relying solely on the “overpayment” theory of actual injury. (See Pl.’s Opp’n at 25–26 (rejecting Defendants’ argument that “Plaintiff’s theory of damages is somehow that her PII . . . was compromised, and that that alone forms the basis for her injury[,]” and clarifying that Plaintiff’s damages theory “focuses on the money she paid to Defendants and her failure to receive what she bargained for.” (emphasis in original)).) For the reasons stated in this Memorandum Opinion, this Court concludes that Austin-Spearman’s overpayment injury argument fails. 24