NOT FOR PUBLICATION FILED
UNITED STATES COURT OF APPEALS MAR 5 2024
MOLLY C. DWYER, CLERK
U.S. COURT OF APPEALS
FOR THE NINTH CIRCUIT
MARIE HAMMERLING; KAY JACKSON, No. 22-17024
individually and on behalf of all others
similarly situated, D.C. No.
3:21-cv-09004-CRB
Plaintiffs-Appellants,
v. MEMORANDUM*
GOOGLE, LLC, a Delaware limited liability
company,
Defendant-Appellee.
Appeal from the United States District Court
for the Northern District of California
Charles R. Breyer, Senior District Judge, Presiding
Argued and Submitted February 14, 2024
San Francisco, California
Before: MILLER, BADE, and VANDYKE, Circuit Judges.
In this putative class action, Plaintiffs-Appellants Marie Hammerling and Kay
Jackson sued Defendant-Appellee Google, LLC, alleging that Google
(1) surreptitiously collected personal information from Android users by tracking
*
This disposition is not appropriate for publication and is not precedent except as
provided by Ninth Circuit Rule 36-3.
their download and use of third-party mobile applications (“apps”) and (2) used that
data for purposes other than those contemplated by the Privacy Policy. Plaintiffs
brought ten claims for relief, including claims for fraud, breach of contract, and
invasion of privacy, and accompanying requests for injunctive and declaratory relief.
The district court dismissed the amended complaint with prejudice under Federal
Rule of Civil Procedure 12(b)(6), and Plaintiffs appealed. We have jurisdiction
under 28 U.S.C. § 1291. We review Rule 12(b)(6) dismissals de novo, Ballinger v.
City of Oakland, 24 F.4th 1287, 1292 (9th Cir. 2022), and we affirm.
1. Plaintiffs allege three related fraud claims under California’s various
consumer protection statutes. See Cal. Civ. Code § 1709 (“section 1709”); Cal. Bus.
& Prof. Code §§ 17200 et seq. (Unfair Competition Law or “UCL”); Cal. Civ. Code
§§ 1750 et seq. (Consumer Legal Remedies Act or “CLRA”). To plead a fraud claim
under any of these statutes, Plaintiffs must allege (among other elements) that
Google made an actionable misrepresentation. Lazar v. Superior Ct., 909 P.2d 981,
984–85 (Cal. 1996) (section 1709); Durell v. Sharp Healthcare, 108 Cal. Rptr. 3d
682, 687, 697 (Ct. App. 2010) (UCL and CLRA). An actionable misrepresentation
can result from either an affirmative misstatement of a material fact or an omission
of a material fact. Hodsdon v. Mars, Inc., 891 F.3d 857, 861 (9th Cir. 2018); Durell,
108 Cal. Rptr. 3d at 697.
2
Google urges that it has not made an actionable misstatement or omission
because it affirmatively disclosed the challenged data collection practices in its
Privacy Policy. The Policy, which applies broadly to all Google’s products and
services, explains that Google collects data about users’ “[a]ctivity on third-party
sites and apps that use [Google’s] services.”1 The Policy defines Google’s
“services” to include the “Android operating system.” Given that express definition
of “services,” Google contends that by explaining it collects data on “third-
party … apps that use [Google’s] services” it has sufficiently explained that Google
collects activity data in third-party apps downloaded to Android devices because
those third-party apps “use” the Android operating system. We agree.
The district court, in its first dismissal order, rejected Google’s reading of the
operative phrase “apps that use [Google’s] services” because, in its view, “it [wa]s
at least as plausible that a reasonable consumer would read” the phrase to mean
“apps ‘that require users to sign into Google services.’” When considering the
operative complaint, the district court did not revisit its analysis of that phrase,
explaining that it could not conclude that Plaintiffs were aware of and consented to
1
Plaintiffs also fault Google for using the data “in order to unfairly compete with
rivals and develop competing products.” Google’s product development efforts fit
comfortably within the Policy’s explanation that Google reserved the right to use the
data to “[m]aintain & improve [its] services,” “[d]evelop new services,” and
“[p]rovide personalized services, including content and ads.” Plaintiffs thus fail to
state a claim based on any alleged misrepresentation regarding Google’s use of the
data it collected.
3
its breadth. We review questions of contract interpretation de novo, Doe I v. Wal-
Mart Stores, Inc., 572 F.3d 677, 681 (9th Cir. 2009), and we disagree with the district
court. Read in the context of the Policy as a whole, the phrase “apps that use
[Google’s] services” unambiguously discloses Google’s collection of user activity
data in third-party apps.
Essential to the district court’s reasoning was its observation that under
Google’s reading, “somewhat counterintuitively, every single app could be
construed as an ‘app[] that use[s] our services’ because … the Policy defines
Google’s services to include the operating system itself.” But where a contract
expressly defines a term, we cannot reject that definition simply because it may
deviate from our expectations. “The words of a contract are to be understood in their
ordinary and popular sense … unless used by the parties in a technical sense, or
unless a special meaning is given to them by usage, in which case the latter must be
followed.” Cal. Civ. Code § 1644 (emphasis added); see also L.A. Lakers, Inc. v.
Fed. Ins. Co., 869 F.3d 795, 801 (9th Cir. 2017). The Policy’s broad definition of
“service” clearly includes the Android operating system, which all apps on an
Android phone use.
Nor, as Plaintiffs contend, does Google’s reading render the phrase “apps that
use [Google’s] services” mere surplusage. The Privacy Policy, which applies to
Google’s entire “range of services” used by “millions of people daily,” must be read
4
in context and construed as a whole. See Whittlestone, Inc. v. Handi-Craft Co., 618
F.3d 970, 975 n.2 (9th Cir. 2010) (quoting Cal. Civ. Code § 1641). While it is true
that every third-party app on an Android device uses Google’s services because all
such apps depend on the Android operating system, that is not necessarily true for
every third-party app on other, non-Android devices. The Policy provides many
other examples of Google services—including Maps, YouTube, and Chrome—that
might just as easily be used, for example, on an iPhone or a laptop running Windows.
Thus, the phrase “apps that use [Google’s] services” both (1) provides an important
limitation on Google’s ability to collect data and (2) unambiguously applies to all
third-party apps that use Android.
Because Google disclosed the challenged data collection efforts in the Policy,
Plaintiffs’ fraud claims fail to allege an actionable misrepresentation and were
therefore properly dismissed.
2. Plaintiffs’ contract claims were correctly dismissed for the same reason.
Under California law, a breach-of-contract claim has four elements: (1) existence of
a contract, (2) plaintiff’s performance, (3) defendant’s breach, and (4) damages. In
re Facebook, Inc. Internet Tracking Litig. (“Facebook Tracking”), 956 F.3d 589,
610 (9th Cir. 2020). Plaintiffs contend that Google breached the contract by
collecting their activity data from third-party apps, but as explained above, the
contract expressly contemplates such collection. Plaintiffs thus fail to state a claim
5
for breach of contract. And because the parties have an express contract governing
the subject matter, Plaintiffs cannot seek to hold Google accountable for an implied
contract in the alternative. “California courts have made clear that these two causes
of action are mutually exclusive: ‘There cannot be a valid, express contract and an
implied contract, each embracing the same subject matter, existing at the same
time.’” Berkla v. Corel Corp., 302 F.3d 909, 918 (9th Cir. 2002) (quoting Wal-Noon
Corp. v. Hill, 119 Cal. Rptr. 646, 650 (Ct. App. 1975)).
3. Google’s disclosure similarly precludes Plaintiffs’ claims for invasion of
privacy under common law and the California Constitution.2 “Because of the
similarity of the tests, courts consider the claims together and ask whether: (1) there
exists a reasonable expectation of privacy, and (2) the intrusion was highly
offensive.” Facebook Tracking, 956 F.3d at 601 (citing Hernandez v. Hillsides, Inc.,
211 P.3d 1063, 1073 (Cal. 2009)). “[T]he relevant question” as to the first element
“is whether a user would reasonably expect that [Google] would have access to the
user’s individual data.” Id. at 602. Unlike Facebook Tracking, where the “privacy
disclosures at the time allegedly failed to acknowledge” the challenged data
collection practices, id., the Policy here expressly disclosed Google’s intention to
track their activity on third-party apps. As a result, Plaintiffs have no reasonable
2
Because Plaintiffs did not appeal the dismissal of their claim under California’s
Invasion of Privacy Act, we do not consider that claim.
6
expectation of privacy in that data.3 Their invasion of privacy claims were therefore
properly dismissed.
AFFIRMED.
3
That leaves only Plaintiffs’ claims for unjust enrichment and for injunctive and
declaratory relief. Assuming an independent claim for unjust enrichment exists
under California law, it cannot lie where the defendant has not committed some
predicate actionable wrong. McBride v. Boughton, 20 Cal. Rptr. 3d 115, 121–22
(Ct. App. 2004) (“[R]estitution may be awarded where the defendant obtained a
benefit from the plaintiff by fraud, duress, conversion, or similar conduct.”). Here,
where Plaintiffs have identified no actionable wrong, their derivative claim for
unjust enrichment claim fails, as do their claims for injunctive and declaratory relief.
7