                            UNITED STATES DISTRICT COURT
                            FOR THE DISTRICT OF COLUMBIA


                                                 )
Ethel Austin-Spearman,                           )
                                                 )
               Plaintiff,                        )
                                                 )
       v.                                        )       Civil Action No. 14-cv-1288 (KBJ)
                                                 )
AARP and AARP Services Inc.,                     )
                                                 )
               Defendants.                       )
                                                 )

                                   MEMORANDUM OPINION

        Plaintiff Ethel Austin-Spearman is an internet savvy woman. According to her

complaint, she became a member of Facebook’s social network in 2007, and she

frequently accesses that website and others through the web browser on her computer.

(See Am. Compl., ECF No. 23, ¶¶ 71–72.) Moreover, whenever Austin-Spearman

registers for a new online service, she diligently reads the website’s Terms of Service

and the Privacy Policy. (See id. ¶ 77.) 1 It is the terms of the Privacy Policy on the

AARP’s internet website that have given rise to the instant action—Austin-Spearman

alleges that Defendants AARP and AARP Services Inc. (collectively, “Defendants”)

have violated the Privacy Policy because the AARP’s website is configured to permit

companies like Facebook and Adobe to collect personally identifiable information




1
  A website’s Terms of Service “describe the terms and conditions that govern the relationship between
the user of a Web site and its operator.” Jonathan D. Frieden, Essential Elements of Effective Terms of
Use, 18 J. Internet L. 3 (2014). Similarly, a website’s Privacy Policy “explain[s] how the [website
operator] applies specific fair information practices to the collection, use, storage, and dissemination of
personal information” that website users provide to the website operator in the course of using the
website. Corey A. Ciocchetti, E-Commerce and Information Privacy: Privacy Policies As Personal
Information Protectors, 44 Am. Bus. L. J. 55, 68 (2007).
(“PII”) about the user. 2 Austin-Spearman’s class action complaint contains five

counts—breach of contract, unjust enrichment, intentional misrepresentation, fraud by

omission, and violation of the D.C. Consumer Protection Procedures Act (“DCCPPA”),

D.C. Code §§ 28-3901 to 28-3913 (2012)—and Austin-Spearman maintains that

Defendants’ breach of the AARP’s own privacy promises has injured her economically

because she would not have tendered the fee to purchase an AARP membership had she

known that the organization would permit the collection of her PII by Facebook and

other third parties.

       Before this Court at present is Defendants’ motion to dismiss the complaint for

lack of Article III standing and for failure to state a claim upon which relief can be

granted. For the reasons explained below, this Court finds that the complaint’s

allegations are insufficient to establish that Defendants’ practices regarding user data

violate the AARP’s internet Privacy Policy, and in any event, it is entirely implausible

that Austin-Spearman has suffered the injury she relies upon for standing (an economic

injury) as a result of the AARP’s purported violation of its internet-usage Privacy

Policy. Therefore, the Court concludes that Austin-Spearman does not have Article III

standing to sue, and as a result, Defendants’ motion to dismiss the complaint will be

GRANTED. A separate order consistent with this opinion will issue.




2
 There is no “uniform definition” of the term “personally identifiable information,” Paul M. Schwartz
& Daniel J. Solove, The Pii Problem: Privacy and A New Concept of Personally Identifiable
Information, 86 N.Y.U. L. Rev. 1814, 1816 (2011); however, Plaintiff’s complaint lists the following
examples: name, age, race, email address, state of residence, health insurance information, employment
data, and family demographic information (see Am. Compl. ¶ 48).


                                                  2
I.        BACKGROUND

          A.     Plaintiff’s Allegations

          In late 2010, longtime Facebook member and an experienced internet user

Austin-Spearman navigated to www.aarp.org to learn about AARP membership. (See

Am. Compl. ¶¶ 72–73.) 3 The AARP is an organization that advocates for people over

the age of 50; the fee that one pays to become an AARP member supports the

organization’s lobbying and litigation efforts, and AARP members also have access to

“discounts on shopping, dining, and travel as well as financial and insurance-related

products and services.” (Id. ¶ 1.) A person who is 50 years of age or older can become

a member of the AARP by mailing in a paper form along with the requisite membership

fee, or by purchasing a membership online, through the AARP’s website. (See id.

¶¶ 19, 23.) Paid AARP members may then opt to establish an online account with the

organization, which is accomplished by creating login credentials—a user name and

password—and also by “enter[ing] their demographic information (first name, last

name, country, zip code, and birthday) on AARP’s website.” (Id. ¶ 23.) Notably, the

AARP’s website is set up such that any person can create an online AARP account

without first becoming an AARP member; however, AARP members must register

online if they wish to access certain discounts and special offers that are available to

AARP members only through the member’s AARP online account. (See id. ¶¶ 2, 20.)

          Austin-Spearman purchased a three-year AARP membership for $43 through

AARP’s website (see id. ¶ 74); then, she proceeded to create an online AARP account

(see id. ¶ 77). To establish her account, Austin-Spearman entered the requisite



3
    The AARP was formerly called the American Association of Retired Persons.


                                                   3
registration information, and she also viewed, and agreed to, AARP’s Privacy Policy.

(See id. ¶ 77)

        The terms of AARP’s online Privacy Policy are central to the parties’ dispute,

and they are recited in detail in Plaintiffs’ complaint. 4 The Privacy Policy is seven-

pages long and is divided by subject-matter into twelve sections; as a general matter,

the policy explains the types of information that are captured when people visit the

AARP website. Section 3—which is entitled “Information We Collect From You”—

states, in relevant part, that

                 [w]hen you join AARP, we collect basic information such as
                 your name, contact information, preferences and date of
                 birth. We collect information about your participation in
                 AARP activities, including member services and discounts
                 obtained by using your membership card.

                 AARP also collects information on our website. We collect
                 both information that identifies you as a particular
                 individual (“personally identifiable information”) and
                 anonymous information that is not associated with a specific
                 individual (“nonpersonally identifiable information”). When
                 you visit our website, some information may be collected
                 automatically as part of the site’s operation. We also collect
                 information we receive from you during online registration
                 and when you complete other forms.




4
  Neither Plaintiff nor Defendants attached the entire Privacy Policy to their pleadings; however,
Plaintiff notes in the complaint that “AARP’s Privacy Policy is displayed” at “www.AARP.org/about-
aarp/info-05-2010/privacypolicy.html” (Am. Compl. ¶ 25), and the complaint includes screenshots of
paragraphs from the privacy policy document as it appears on the website (see id. ¶¶ 27–28; Fig. 2).
Moreover, at the hearing on Defendants’ Motion to Dismiss, both Plaintiff and Defendants agreed that
AARP’s entire Privacy Policy—and not just the portions quoted in the complaint—has been
incorporated into Plaintiff’s complaint and that the Court may therefore consider the entire Privacy
Policy when ruling on the motion to dismiss. (See Hr’g Tr. at 45:4–12.) See also Equal Empl.
Opportunity Comm’n v. St. Francis Xavier Parochial Sch., 117 F.3d 621, 624 (D.C. Cir. 1997) (noting
that, when presented with a motion to dismiss, a court may consider “documents . . . incorporated in the
complaint”). Therefore, the Court will assume that the privacy policy at the web address provided by
the Plaintiff is the same privacy policy that existed at the time Austin-Spearman first accessed the
AARP website.



                                                   4
AARP, Your Privacy Rights – Privacy Policy (“AARP Privacy Policy”) at Sec. 3,

Information We Collect From You, ¶ 2. 5 (See also Am. Compl. ¶ 27.) The next section

of the policy (Section 4) addresses “Information Collected By Third Parties”—it is the

first paragraph of Section 4 that is the basis for the allegations made in Austin-

Spearman’s complaint:

                  We may allow third-party analytics companies, research
                  companies or ad networks to collect nonpersonally
                  identifiable information on our website. These companies
                  may use tracking technologies, including cookies and Web
                  beacons, to collect information about users of our site in
                  order to analyze, report on or customize advertising on our
                  site or on other sites. For information about how to opt-out
                  of the customization of advertising from many ad networks,
                  you can visit here.

AARP Privacy Policy at Sec. 4, Information Collected by Third Parties, ¶ 1. Notably,

the third paragraph of Section 4 also specifically cautions that “[i]f you stay logged into

your social media accounts . . . while visiting our website[,] those social media

companies may collect information about you.” Id. ¶ 3. Furthermore, in Section 5, the

Privacy Policy states that AARP itself “may share your information[,] including your

personally identifiable information[,] with companies we hire to provide certain []

services such as . . . improving advertising services . . . and managing databases or

other technology.” AARP Privacy Policy at Sec. 5, With Whom Your Information May

be Shared, ¶ 7.

          Despite these disclosures, Austin-Spearman’s complaint alleges that the AARP

website violates the express terms of the AARP online Privacy Policy because the

AARP website is configured to permit Facebook and Adobe to collect members’ PII.



5
    Available at www.AARP.org/about-aarp/info-05-2010/privacypolicy.html (last visited June 25, 2015).


                                                   5
(See Am. Compl. ¶¶ 35–55.) Specifically, according to the complaint, “[t]he first

sentence [of Section 4, paragraph 1] assures members that AARP only allows certain

third parties to collect ‘nonpersonally identifiable information’ from its website[.]” (Id.

¶ 29 (emphasis added).) The complaint also emphasizes that “the last sentence [of the

first paragraph of Section 4] presents a hyperlink to another page that, among other

things, lists “the specific third party companies that collect data from the site[,]” and

that “[n]either Facebook nor Adobe is found on this list.” (Id. ¶ 31.)

        The technical particulars of how AARP allegedly permits Facebook to collect

website users’ PII are detailed at length in the Plaintiff’s complaint and are not

disputed. Suffice it to say here that Facebook’s software places “cookies” on a user’s

computer when a Facebook user opts to remain logged in, and that these cookies

interact with certain codes in AARP’s website to permit “data about the user’s

browsing” to “be silently transmitted back to Facebook.” (Id. ¶¶ 38–41.) 6 Austin-

Spearman acknowledges that she checks the “keep me logged in” box on her Facebook

account when she navigates to the AARP website, or uses a Facebook plugin to log into

the AARP website, and that, as a result, Facebook captures the titles of the articles and

videos that Austin-Spearman accesses and views as she browses AARP’s website. (See

Id. ¶¶ 35–45, 71, 81.) However, her core contention is that Defendants are to blame for

facilitating this “[p]rivacy [h]azard” (id. at 17), because, in purported contravention of

the AARP’s own Privacy Policy, AARP has coded its website to permit the placement

of cookies, and thus Facebook can track the activities of users who are simultaneously



6
  The complaint defines a “cookie” as “a simple text file placed onto a user’s computer that can be used
to track browsing activity and report said activity back to the server that originally placed the cookie.”
(Am. Compl. ¶ 38 n. 9.)


                                                    6
logged into the social media site or have arrived at the AARP site via a Facebook plugin

(see id. ¶¶ 35–45).

       Austin-Spearman also alleges that Defendants permitted Adobe to collect PII

data related to people who visit the AARP website, and that this practice, too, breaches

AARP’s Privacy Policy. (See id. ¶¶ 46–55.) According to Plaintiff, Adobe collects PII

“using a code developed by Adobe that AARP has integrated into its website.” (Id.

¶ 46; see also id. ¶¶ 47–48 (explaining that “[t]he process starts with AARP placing a

cookie onto the website visitor’s computer,” and “[i]f the visitor is a registered member,

the cookie . . . will be populated with PII retrieved from AARP’s database.”).) “As a

member navigates through the AARP website, the special Adobe code forces the

member’s web browser to extract information from the cookie and transmit it, along

with data revealing the online materials being accessed and viewed by the member (i.e.,

on the AARP website), to Adobe’s analytics servers.” (Id. ¶ 48.) Plaintiff asserts that,

in this way, AARP has provided Adobe with “free rein [sic] to collect information from

the cookies stored on members’ computers while using the AARP website[,]” and that

such information ultimately is used to “display targeted advertisements to members[.]”

(Id. ¶ 50.)

       The problem with all this, according to Plaintiff, is that “Austin-Spearman did

not consent, agree, or otherwise permit AARP to release her PII to any third party

company (i.e., outside of those disclosures expressly provided for in AARP’s Privacy

Policy),” and yet “when she used AARP’s website[,] AARP routinely permitted third

parties Facebook and Adobe to collect her PII, along with the precise materials that she

viewed, the titles of articles read and videos watched on AARP’s website[.]” (Id. ¶ 81.)




                                            7
Moreover, “[h]ad AARP informed Austin-Spearman that it allows third parties to

collect member PII through the AARP website at the time that she purchased her

membership, she either (i) would not have paid for an AARP membership in the first

place or (ii) would not have used the AARP website at all (and thus, would give up her

paid-for membership benefits only accessible through the website).” (Id. ¶ 82.) The

complaint also suggests that Defendants have an ulterior motive for this allegedly

intentional and harmful violation of the constraints in their own Privacy Policy: “upon

information and belief” AARP “directly profits” from these practices (id. ¶ 53) in at

least two ways: (1) “AARP receives royalty payments when members sign up for life

insurance plans through . . . targeted advertisements” that can be generated as a result

of the PII collection methods described (id. ¶ 53), and (2) “AARP is able to sell

advertising space on its website at a premium price” because its “usage of Adobe’s

collection methodologies and analytics services . . . allows it to serve targeted

advertising to its members” (id. ¶ 54).

       B.      Procedural History

       On July 29, 2014, Austin-Spearman filed the instant lawsuit against AARP and

its wholly owned subsidiary, AARP Services Inc. (“collectively, AARP”). (See

generally Compl., ECF No. 1.) 7 The gravamen of the complaint is Austin-Spearman’s

insistence that AARP’s Privacy Policy assures users that third parties are only permitted

to collect nonpersonally identifiable information from the AARP website, and that, in

any event, such data and information can only be captured by certain identified third



7
 That same day, Austin-Spearman filed a Motion for Class Certification. (See Mot. to Cert. Class, ECF
No. 2.) The Court stayed consideration of that motion until further order of the Court. (See Minute
Entry dated Oct. 29, 2014.)


                                                 8
parties. (See Am. Compl. ¶ 29.) Austin-Spearman considers this promise to have been

violated as a result of the alleged collection of PII by Facebook and Adobe, and she

also believes that AARP’s practice of sharing information with Facebook and Adobe

lessened the value of her AARP membership (see id. ¶ 82), because she views

compliance with AARP’s Privacy Policy as part of her membership contract with the

organization (see id. ¶¶ 75–81). Thus, Austin-Spearman’s five-count amended

complaint, which was filed on October 24, 2014, claims that AARP’s information

sharing practices violate the DCCPPA, and also constitute intentional

misrepresentation, fraud by omission, unjust enrichment, and breach of contract. (See

id. at ¶¶ 95–109 (count one: violation of the DCCPPA); 110–24 (count two: intentional

misrepresentation); 125–36 (count three: fraud by omission); 137–43 (count four: unjust

enrichment); 144–58 (count five: breach of contract (in the alternative to unjust

enrichment)).)

       On November 10, 2014, Defendants filed the instant motion to dismiss Austin-

Spearman’s amended complaint. (See Mot. to Dismiss Am. Compl. with Prejudice

(“Defs.’ Mot.”), ECF No. 24.) 8 Defendants primarily argue that Austin-Spearman lacks

an injury-in-fact that would support Article III standing to bring these claims, and thus,

that her complaint must be dismissed pursuant to Rule 12(b)(1) for lack of subject

matter jurisdiction. (See Def.’s Mem. in Supp. of Def.’s Mot. (“Def.’s Mem.”), ECF

No. 24-1, at 24–30.) Defendants also contend that Austin-Spearman has failed to state


8
 This is the second motion to dismiss these defendants have filed. The first motion was filed October
3, 2014, in response to Plaintiff’s original complaint. (See Mot. to Dismiss Compl. with Prejudice, ECF
No. 18.) Plaintiff filed an amended complaint on October 24, 2014 (see Am. Compl., ECF No. 23; see
also Resp. to Mot. to Dismiss Compl. with Prejudice and Notice of Intent to Amend Pursuant to Rule
15(a)(1), ECF No. 22), and in light of Plaintiff’s filing of an Amended Complaint, the Court dismissed
Defendants’ original Motion to Dismiss without prejudice. (See Minute Entry dated Oct. 29, 2014.)



                                                   9
a claim upon which relief can be granted for various reasons. (See id. at 30–48.) 9 This

Court held a hearing on Defendants’ motion on May 28, 2015. (See Minute Entry dated

May 28, 2015.)


II.    LEGAL STANDARDS

       A.      Article III Standing

       Article III of the United States Constitution limits judicial power to “cases” and

“controversies.” U.S. Const. art. III § 2, cl. 1. “The concept of standing is part of this

limitation[,]” Simon v. E. Kentucky Welfare Rights Organization, 426 U.S. 26, 37

(1976); therefore, “[a] showing of standing ‘is an essential and unchanging’ predicate to

any exercise of [federal court] jurisdiction[,]” Florida Audubon Soc. v. Bentsen, 94 F.3d

658, 663 (D.C. Cir. 1996) (citing Lujan v. Defenders of Wildlife, 504 U.S. 555, 560

(1992)). See also Allen v. Wright, 468 U.S. 737, 752 (1984) (“[T]he law of Art. III

standing is built on a single basic idea—the idea of separation of powers.”).

Consequently, “[e]very plaintiff in federal court bears the burden of establishing the

three elements that make up the ‘irreducible constitutional minimum’ of Article III

standing: injury-in-fact, causation, and redressability.” Dominguez v. UAL Corp., 666

F.3d 1359, 1362 (D.C. Cir. 2012) (quoting Lujan, 504 U.S. at 560–61).

       It is well established that an injury-in-fact is “an invasion of a legally protected

interest that is both (a) concrete and particularized and (b) actual or imminent, as

opposed to merely conjectural or hypothetical.” Humane Soc’y of United States v.


9
  Specifically, Defendants maintain that the DCCPPA does not apply to AARP (see Mem. in Supp. of
Mot. to Dismiss First Am. Compl. with Prejudice (“Defs.’ Mem.”), ECF No. 24, at 30–35); that
Plaintiff’s fraud claims are untimely (id. at 36–39); that Plaintiff has failed to plead any facts
supporting her speculation that AARP benefits from the challenged conduct (id. at 39–41); and that
general statements like those contained in the AARP Privacy Policy are not bargained for agreements
(id. at 42–43).


                                                 10
Vilsack, 19 F. Supp. 3d 24, 34 (D.D.C. 2013). Although “[e]conomic harm . . . is a

canonical example of injury[-]in[-]fact sufficient to establish standing[,]” N. Carolina

Fisheries Ass’n, Inc. v. Gutierrez, 518 F. Supp. 2d 62, 82 (D.D.C. 2007), “[m]erely

asking for money does not establish an injury[-]in[-]fact[,]” Rivera v. Wyeth-Ayerst

Labs., 283 F.3d 315, 319 (5th Cir. 2002). Rather, a cognizable overpayment injury

ordinarily relates to the harm that results from there being a “difference between what

[plaintiff] contracted for and what she actually received[,]” Sanchez v. Wal-Mart Stores,

Inc., No. 06-cv-2573, 2008 WL 3272101, at *3 (E.D. Cal. Aug. 6, 2008); see also Tae

Hee Lee v. Toyota Motor Sales, U.S.A., Inc., 992 F. Supp. 2d 962, 972 (C.D. Cal. 2014)

(“There can be no serious dispute that a purchaser of a product who receives the benefit

of his bargain has not suffered an Article III injury-in-fact traceable to the defendant’s

conduct.”).

       B.     Federal Rule of Civil Procedure 12(b)(1)

       “In reviewing the standing question” in the context of a motion to dismiss under

Rule 12(b)(1), a court “must be ‘careful not to decide the questions on the merits for or

against the plaintiff, and must therefore assume that on the merits the plaintiffs would

be successful in their claims.’” In re Navy Chaplaincy, 534 F.3d 756, 760 (D.C. Cir.

2008) (quoting City of Waukesha v. EPA, 320 F.3d 228, 235 (D.C. Cir. 2003)). The

court must also accept as true all factual allegations in the complaint, and must

“construe the complaint liberally, granting plaintiff the benefit of all inferences that can

be derived from the facts alleged.” Thomas v. Principi, 394 F.3d 970, 972 (D.C. Cir.

2005). However, “the court need not accept factual inferences drawn by plaintiffs if

those inferences are not supported by facts alleged in the complaint, nor must the Court

accept plaintiff’s legal conclusions.” Disner v. United States, 888 F. Supp. 2d 83, 87


                                            11
(D.D.C. 2012) (internal quotation marks and citation omitted). Moreover, and

importantly, “[u]nder Rule 12(b)(1), the Court may dispose of the motion on the basis

of the complaint alone, or it may consider materials beyond the pleadings ‘as it deems

appropriate to resolve the question whether it has jurisdiction to hear the case.’”

Neighborhood Assistance Corp. of Am. v. Consumer Fin. Prot. Bureau, 907 F. Supp. 2d

112, 121 (D.D.C. 2012) (quoting Scolaro v. D.C. Bd. of Elections & Ethics, 104

F.Supp.2d 18, 22 (D.D.C. 2000)).

       C.     Federal Rule of Civil Procedure 12(b)(6)

       When evaluating a motion to dismiss for failure to state a claim upon which

relief can be granted under Rule 12(b)(6), a court looks for sufficient facts alleged in

the complaint “to raise a right to relief above the speculative level[.]” Bell Atl. Corp. v.

Twombly, 550 U.S. 544, 555 (2007) (internal quotation marks and citation omitted).

“[D]etailed factual allegations” are not necessary to withstand a Rule 12(b)(6) motion,

id., but a plaintiff must plead enough facts to make the claim seem plausible on its face,

see Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). In evaluating the plausibility of

Plaintiff’s claim, the court must accept as true all factual allegations in the complaint,

and the plaintiff should receive the benefit of all inferences that can be derived from the

facts alleged. See Iqbal, 556 U.S. at 678; see also Sparrow v. United Air Lines, Inc.,

216 F.3d 1111, 1113 (D.C. Cir. 2000). “While the complaint is to be construed

liberally in plaintiff’s favor, the Court need not accept inferences drawn by the plaintiff

if those inferences are unsupported by facts alleged in the complaint; nor must the

Court accept plaintiff’s legal conclusions.” Kramer v. United States, 460 F. Supp. 2d

108, 110 (D.D.C. 2006) (citing Kowal v. MCI Commc’ns Corp., 16 F.3d 1271, 1276

(D.C. Cir. 1994)). Accordingly, “‘legal conclusions cast in the form of factual


                                             12
allegations’ are insufficient to survive a motion to dismiss.” Henok v. Chase Home

Fin., LLC, 915 F.Supp.2d 109, 114 (D.D.C. 2013) (quoting Browning v. Clinton, 292

F.3d 235, 242 (D.C. Cir. 2002)).


III.      ANALYSIS

          Defendants argue that, for all of Austin-Spearman’s alleged surprise and outrage

regarding the collection of her PII by Facebook and Adobe through AARP’s website,

Austin-Spearman has failed to assert any plausible way in which Defendants’

information sharing practices have injured her, and thus she lacks Article III standing to

pursue this lawsuit. (See Defs.’ Mot. at 24–30.) 10 Austin-Spearman adamantly rejects

this assertion—she points to the complaint’s allegation that she paid $43 for an AARP

membership in consideration for “access to [Defendants’] exclusive online

marketplace” and their promise to adhere to the Privacy Policy with respect to her

internet usage (Pl.’s Opp’n to Def.’s Mot. (“Pl.’s Opp’n”), ECF No. 28, at 18; see also

Am. Compl. ¶ 77), and she argues that “because Defendants never intended to deliver

that [privacy policy] aspect of her purchase, [she] necessarily paid more than

Defendants’ services were worth[,] and suffered damages as a result.” (Pl.’s Opp’n at

19; see also Am. Compl. ¶ 82 (asserting that, if Austin-Spearman had known about

Defendants’ practices, she “would have viewed her paid-for membership as worth less

than the $43 she paid” for it).) Thus, Austin-Spearman seeks to proceed on an

“overpayment” theory of injury—i.e., Austin-Spearman maintains that she suffered

“concrete economic harm because she paid for access to Defendant’s online services,

but didn’t receive the full benefit of her bargain.” (Pl.’s Opp’n at 18 (emphasis


10
     Page numbers throughout this Opinion refer to those that the Court’s electronic filing system assigns.


                                                     13
omitted).)

       For the two reasons explained fully below, this Court rejects Austin-Spearman’s

“economic injury” contention as entirely implausible, even after crediting the

allegations in Austin-Spearman’s complaint. In short, the Court first concludes that

Defendants’ alleged violation of their own Privacy Policy could not have injured

Austin-Spearman because the complaint fails to establish that any such violation

occurred. Moreover, and in any event, the Court finds that compliance with the Privacy

Policy was not a term of Austin-Spearman’s membership contract with AARP on the

facts alleged in the complaint (so its alleged breach could not have given rise to any

economic injury), and even if the Privacy Policy were a term of the membership

agreement, it was certainly not such an integral part of that contract that the alleged

breach of the policy deprived Austin-Spearman of the benefit of her bargain.

Consequently, Austin-Spearman lacks Article III standing to sue, and this Court lacks

subject matter jurisdiction over Austin-Spearman’s complaint.

       A. The Complaint Does Not Establish That Defendants Violated The Terms
          Of The AARP’s Online Privacy Policy

       Austin-Spearman’s first hurdle in making a plausible case that she has suffered

economic injury due to the Defendants’ violation of the online AARP Privacy Policy is

to present allegations that permit an inference that Defendants have, in fact, violated the

Privacy Policy. To this end, the complaint quotes parts of the Privacy Policy at length

(see Am. Compl. ¶¶ 27–28), and it also describes in extraordinary detail the technical

aspects of the manner in which the website permits third parties to gather information

using cookies and codes (see id. ¶¶ 34–65). What the complaint does not do, however,

is substantiate Plaintiff’s repeated bald assertions that AARP’s Privacy Policy promises



                                            14
its members that the organization “would not allow third parties to collect their PII.”

(Id. ¶ 101; see also id. ¶¶ 29, 32, 79, 81–85).

       Stated simply, such a promise is not even close to what the actual Privacy Policy

says, no matter how many times Plaintiff makes this assertion. (See, e.g., Am. Compl. ¶

107 (characterizing the Policy as promising that “its members’ PII will be kept

private”).) The purported basis for Plaintiff’s fervent belief that the Privacy Policy

promises not to release the PII of AARP members is the first paragraph of Section 4,

and in particular, the statement that “[w]e may allow third-party analytics companies,

research companies, or ad networks to collect nonpersonally identifiable information on

our website[.]” (Am. Compl. ¶ 28.) According to Plaintiff, this statement “assures

members that AARP only allows certain third parties to collect ‘nonpersonally

identifiable information’ from its website” (Am. Compl. ¶ 29 (emphasis added); see

also Mot. to Dismiss Hr’g Tr. (“Hr’g Tr.”), at 8:22–8:24, May 28, 2015)). But that is

plainly not what the first sentence of the first paragraph of Section 4 says; indeed, that

language does not address the collection or distribution of PII at all.

       What is more, when Sections 4 and 5 are read together, and when the document

is viewed as a whole, the AARP Privacy Policy tells a completely different story about

what happens to member data than the narrative that appears in the allegations of

Plaintiff’s complaint. This Court agrees with Defendants that, as relevant here, the

AARP’s Privacy Policy clearly notifies website users of certain things regarding what

the organization permits with respect to user data, to wit: (1) that the website collects

users’ PII, see AARP Privacy Policy at Sec. 3, Information We Collect From You, ¶ 2;

(2) that AARP permits certain third parties to collect non-PII data, see id. at Sec. 4,




                                             15
Information Collected By Third Parties, ¶ 1; (3) that if a person stays logged into social

media accounts while visiting AARP’s website, the social media companies may collect

data and information about that person, see id. at Sec. 4, Information Collected by Third

Parties, ¶¶ 2–3; and (4) that AARP may share data and information about its members

with companies that help AARP with advertising, see id. at Sec. 5, With Whom Your

Information May be Shared, ¶ 8.

       Significantly, the policy does not state that third parties will be prevented from

gaining access to PII data entered into the AARP website under all circumstances, as

Austin-Spearman argues. And given what the policy actually says about social media

companies, it is entirely implausible to suggest, as Austin-Spearman does, that although

she checks the “keep me logged in” box on her Facebook account or uses a Facebook

plugin to log into the AARP website—thereby permitting Facebook to capture PII

information about her as she navigates through the AARP website—she was surprised

and upset by this practice, or that Facebook’s information collection was inconsistent

with the representations in AARP’s Privacy Policy and she was injured as a result. (See

Am. Compl. ¶¶ 35–45, 71, 81.) Similarly, this Court discerns nothing untoward about

the fact that AARP allegedly has asked Adobe to collect and analyze information about

people who use the AARP website so that advertising can be tailored to the individual

website user (Am. Compl. ¶ 46–55, 81), because the Privacy Policy expressly discloses

that AARP itself “may share your information . . . with companies we hire to provide

certain [] services such as . . . improving advertising services . . . and managing

databases or other technology[,]” AARP Privacy Policy at Sec. 5, With Whom Your

Information May be Shared, ¶ 8.




                                            16
       The bottom line is this: the facts that Austin-Spearman says support a finding

that Defendants have violated the AARP’s Privacy Policy do not permit any reasonable

inference that a violation actually occurred, given the plain and express terms of the

Privacy Policy. And because there was no violation on the facts as alleged, Plaintiff

cannot have been injured as a result of this purported breach. Cf., e.g., In re Fruit Juice

Products Marketing and Sales Practices Litig., 831 F.Supp.2d 507, 512 (D. Mass. 2011)

(rejecting the plaintiffs’ benefit of the bargain theory of standing because “[p]laintiffs

received the benefit of the bargain, as a matter of law” where “[p]laintiff[s] paid for

fruit juice and they received fruit juice”). For this reason alone, Austin-Spearman’s

contention that she has Article III standing to sue fails.

       B.     It Is Not Plausible That Defendants’ Alleged Breach Of The Privacy
              Policy Resulted In Economic Injury To Austin-Spearman

       Even if one assumes arguendo that AARP violated its own Privacy Policy, this

Court finds it entirely implausible that any economic injury to Austin-Spearman

resulted from that breach for two reasons.

       First of all, the complaint’s allegations simply do not establish that AARP’s

online Privacy Policy was part of the AARP membership agreement. Although Austin-

Spearman asserts that her $43 membership fee was partly paid in consideration for the

organization’s enforceable promise that her PII would be kept private (see Pl.’s Opp’n

at 18–19), the complaint lays out a chronology that establishes that Austin Spearman

did not even see the AARP Privacy Policy until after she had already become a paid

member of AARP—i.e., she first purchased her membership, then signed up for an

online account, and then reviewed the Privacy Policy for the first time (see Am. Compl.

¶¶ 72–80). This means that, as Defendants forcefully argue, “the terms of the Privacy



                                             17
Policy could not possibly have factored into the value of her AARP membership (even

her subjective belief of the value) when she purchased it.” (Defs.’ Mot. at 29.)

       Moreover, it is well established that not all promises rise to the level of binding

contractual obligations. For example, a promise that is offered freely and equally to all

people—without regard to who has provided consideration and who has not—is not a

contract. See Trustees of Dartmouth Coll. v. Woodward, 17 U.S. 518, 612 (1819)

(“There can be no contract in which the party does not receive some personal, private,

individual benefit. To make . . . a private contract, there must be a private beneficial

interest vested in the party who pays the consideration.”). Here, despite Austin-

Spearman’s allegation that her membership fee was tendered (at least in part) as

consideration for AARP’s promise to adhere to its Privacy Policy (see Am. Compl.

¶¶ 79–81), the Privacy Policy indisputably applies to both members and non-members

alike. See AARP Privacy Policy at Sec. 1, Nuts and Bolts of Our Privacy Policy, ¶ 1

(noting that the policy applies to those who “join AARP”; those who “participate in

AARP events and offerings”; and even those who simply “visit our website”).

Consequently, Austin-Spearman’s payment was not provided in consideration for the

promises that AARP made in the Privacy Policy, or, put another way, the promises

made in AARP’s Privacy Policy were not a part of Austin-Spearman’s binding AARP

membership contract. See In re LinkedIn Privacy Litig., 932 F. Supp. 2d 1089, 1093

(N.D. Cal. 2013) (rejecting plaintiffs’ “overpayment” theory of standing because

LinkedIn’s User Agreement and Privacy Policy were the same for the premium (paid)

membership as they were for the basic (free) membership, and the complaint “[did] not

sufficiently demonstrate that included in Plaintiffs’ bargain for premium membership




                                            18
was the promise of a particular (or greater) level of security that was not part of the free

membership”).

       Second, it is clear on the facts as alleged in Austin-Spearman’s complaint that

Austin-Spearman actually received the benefit of her bargain with AARP. See Sanchez

v. Wal-Mart Stores, Inc., 2008 WL 3272101, at *3 (explaining that a plaintiff only has

standing to bring a breach of contract action based on alleged economic injury where

she can plausibly allege that she did not receive the benefit of her bargain with the

defendant). The complaint explains that the AARP is a membership organization that

advocates for people over the age of 50, and that website usage—including the

discounts that are only available online—is but one part of the benefits that accrue to

members. (See Am. Compl. ¶¶ 1–2.) The complaint does not (and apparently cannot)

contend that website usage is the primary benefit of an AARP membership, nor that it is

even an essential part of the bundle of rights that are conferred to AARP members, and

this flaw is fatal to Austin-Spearman’s economic injury theory of standing. See, e.g.,

Birdsong v. Apple, Inc., 590 F.3d 955, 961 (9th Cir. 2009) (dismissing complaint partly

on standing grounds because “[t]he plaintiffs’ alleged injury in fact is premised on the

loss of a ‘safety’ benefit that was not part of the bargain to begin with”); Williams v.

Purdue Pharma Co., 297 F. Supp. 2d 171, 176 (D.D.C. 2003) (dismissing complaint on

standing grounds because “[a]lthough the plaintiffs allege a benefit of the bargain

theory of injury, they do not allege that [defendant’s pain relief drug] failed to provide

them effective pain relief” and therefore “it must be assumed that [defendant’s pain

relief drug] worked for plaintiffs and that consequently they got what they paid for”

(internal quotation marks and citations omitted)).




                                            19
       To be sure, the instant complaint struggles valiantly to convey that AARP-

website usage was subjectively important to Austin-Spearman herself. (See Am.

Compl. ¶ 76 (“[A]t the time [Austin-Spearman] paid for her membership, Austin-

Spearman valued her personal privacy and expected that AARP would not permit third

parties to collect her PII without first obtaining her permission to do so[.]”); id. ¶ 82

(“Had AARP informed Austin-Spearman that it allows third parties to collect member

PII . . . she either (i) would not have paid for an AARP membership in the first place or

(ii) would not have used the AARP website at all[.]”).) But conclusory statements

regarding a plaintiff’s own beliefs and expectations are not sufficient to support an

alleged “overpayment” injury; rather, a plaintiff must allege facts that demonstrate that

the breached term was objectively essential to the contract at issue, such that the

violation effectively robbed the plaintiff of her payment because what she received was

not what the parties agreed she had purchased. In other words, a plaintiff is not entitled

to demand perfect realization of every hope and dream with respect to contract

performance; instead, the plaintiff has received the benefit of her bargain where the

defendant has substantially performed on the contract. See Schneider v. Dumbarton

Developers, Inc., 767 F.2d 1007, 1013 (D.C. Cir. 1985); see also Sununu v. Philippine

Airlines, Inc., 638 F. Supp. 2d 35, 39 (D.D.C. 2009) (noting that “‘[s]ubstantial

performance’ is generally considered to exist when a contracting party has failed to

render full performance but any defects in performance are considered minor”). Thus,

to sustain her claim that she has standing based on her overpayment for the AARP

membership, Austin-Spearman must plausibly allege that Defendants failed to render

substantial performance of the AARP membership contract. Compare, e.g., Lozano v.




                                            20
AT&T Wireless Servs., Inc., 504 F.3d 718, 733 (9th Cir. 2007) (holding that the plaintiff

was denied the benefit of the bargain, and therefore had standing, where plaintiff did

not receive the full number of agreed-upon minutes he purchased in a wireless cellular

phone service agreement) with Rivera v. WyethAyerst Labs., 283 F.3d 315, 319–21 (5th

Cir. 2002) (holding that the plaintiff was not denied the benefit of the bargain, and

therefore lacked standing, where plaintiff had bought a prescription painkiller that was

later withdrawn from the market but plaintiff found the painkiller to be effective and

did not suffer harmful side effects).

       The analysis and holding of In re Science Applications International Corp.

Backup Tape Data Theft Litigation (“S.A.I.C.”), 45 F. Supp. 3d 14 (D.D.C. 2014), make

clear that Austin-Spearman has failed to mount this standing hurdle. After an unknown

thief stole the plaintiffs’ personal information and medical records from a technology

company that handles data for the federal government, the plaintiffs in S.A.I.C. (who

were members of the U.S. military enrolled in certain health care plans) filed a

complaint against their health insurance company, the Department of Defense, and

several others. See id at 19. The complaint asserted approximately 20 causes of action,

including breach of contract, and with respect to Article III standing, the plaintiffs

claimed that the theft had caused them to suffer an economic injury-in-fact due to the

diminution in the value of their insurance premiums—in plaintiffs’ view, the premiums

were tendered in part as consideration for the defendant’s promise of keeping their

personal health information secure, and thus plaintiffs had paid for a service they did

not receive. See id. at 30. The Court rejected plaintiffs’ economic injury argument,

reasoning that the plaintiffs had “allege[d] that they were paying for ‘health and dental




                                            21
insurance[,]’” and did not “claim that they were denied coverage or services in any way

whatsoever[,]” id. at 30, and they also “ha[d] not alleged facts that show that the market

value of their insurance coverage (plus security services) was somehow less than what

they paid[,]” id. Consequently, despite the plaintiffs’ suggestion that “some

indeterminate part of their premiums went toward paying for security measures” and

that the value of their premiums were diminished as a result of the security breach, the

Court concluded that the plaintiffs had failed to demonstrate that they had suffered an

economic injury that gave rise to standing to sue. Id. (adding that “[n]othing in the

[c]omplaint makes a plausible case that Plaintiffs were cheated out of their

premiums[,]” and “[a]s a result, no injury lies”).

       So it is here. Much like the plaintiffs in S.A.I.C., Austin-Spearman alleges that

she paid for an AARP membership—and also that she got one. (See Def.’s Mot. at 28

(“Plaintiff does not allege that she was denied any membership benefit or service for

which she paid when purchasing her AARP membership.”).) AARP members purchase

a set of benefits that includes supporting the AARP’s advocacy efforts (see Am. Compl.

¶ 1; Hr’g Tr. at 19:15–16); getting a subscription to the AARP magazine (see Hr’g Tr.

at 19:19–20); and accessing “discounts on shopping, dining, and travel as well as

financial and insurance-related products and services” (Am. Compl. ¶ 1). Austin-

Spearman does not allege that she was denied any of these things; instead, she merely

alleges that AARP’s privacy protections were not as stringent as she believed they

would be. (See, e.g., Am. Compl. ¶¶ 83, 108, 123, 135, 138, 156.) This Court finds

that, having not established that she actually lost any of the value of her membership,




                                            22
Austin-Spearman has not plausibly claimed that she overpaid for the AARP membership

agreement such that she was injured economically and now has standing to sue.


IV.     CONCLUSION

        In this Court’s analysis, Austin-Spearman’s “overpayment” theory of economic

injury does not add up. The complaint’s allegations do not establish that Defendants’

practices regarding PII violate the organization’s online Privacy Policy; thus, no

cognizable injury possibly could have resulted. Moreover, and in any event, it is

entirely implausible that Austin-Spearman overpaid for the membership as a result of

the AARP’s purported violation of their privacy promises for two reasons. First, the

terms of the Privacy Policy—which were not even known to Austin-Spearman at the

time she joined the organization—are not a part of the AARP membership contract.

And second, even if adherence to the Privacy Policy was a contract term that

Defendants breached, the complaint’s allegations do not establish that the privacy

promises are so essential to the organization’s membership agreement that AARP did

not render substantial performance such that Austin-Spearman was deprived of the

benefit of her bargain. Thus, whatever the merits of Austin-Spearman’s case, she has

not sufficiently alleged that she overpaid for the AARP membership and thereby

suffered an injury-in-fact that gives her Article III standing to sue. 11

        Accordingly, as set forth in the separate order accompanying this memorandum

opinion, AARP’s motion to dismiss is GRANTED, and Austin-Spearman’s complaint is


11
   This Court does not opine as to whether or not some other theory of injury would have sufficed to
provide Austin-Spearman with standing to sue. Cf. S.A.I.C., 45 F. Supp. 3d at 29 (noting that
“disclosure of personally identifiable information alone, along with some attendant emotional distress,
may constitute ‘injury enough to open the courthouse door’ in privacy actions”) (quoting Doe v. Chao,
540 U.S. 614, 62425 (2004)). It is a plaintiff’s burden to establish this Court’s jurisdiction, see
Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138, 1148 (2013), and Austin-Spearman specifically and


                                                  23
dismissed. See Gen. Motors Corp. v. E.P.A., 363 F.3d 442, 448 (D.C. Cir. 2004) (“As a

court of limited jurisdiction, we begin, and end, with an examination of our

jurisdiction.”).



DATE: July 28, 2015                             Ketanji Brown Jackson
                                                KETANJI BROWN JACKSON
                                                United States District Judge




expressly disavows any other standing argument, relying solely on the “overpayment” theory of actual
injury. (See Pl.’s Opp’n at 25–26 (rejecting Defendants’ argument that “Plaintiff’s theory of damages is
somehow that her PII . . . was compromised, and that that alone forms the basis for her injury[,]” and
clarifying that Plaintiff’s damages theory “focuses on the money she paid to Defendants and her failure
to receive what she bargained for.” (emphasis in original)).) For the reasons stated in this
Memorandum Opinion, this Court concludes that Austin-Spearman’s overpayment injury argument
fails.


                                                  24
