The United States District Court for the District of Columbia recently dismissed a putative class action alleging that AARP violated its website privacy policy by allowing Facebook and Adobe to collect personal information about its users. The plaintiff alleged that AARP and its subsidiary AARP Services, Inc. (collectively, “AARP”), which advocate for individuals over the age of 50, breached their privacy policy by representing to users that certain third parties might collect nonpersonally identifiable information from its website when, in actuality, the website was set up to allow undisclosed third parties Facebook and Adobe to capture personally identifiable information (PII) instead. Plaintiff argued that, had she known this, she would not have paid membership fees to AARP and/or utilized its online services; and that the sharing of information with third parties devalued her membership. Thus, plaintiff brought a putative class action alleging breach of contract, intentional misrepresentation, fraud by omission, unjust enrichment, and violation of the D.C. Consumer Protection Procedures Act. Defendants moved to dismiss the complaint, arguing that plaintiff did not have standing under Article III because she failed to show that she suffered an injury-in-fact. The court agreed.
First, the court noted that, to establish an “overpayment” theory of injury, a plaintiff must show that there is a difference between what she contracted for and what she received. Here, though, the court rejected plaintiff’s contention that she was injured, as AARP’s compliance with its privacy policy was not a term of the membership contract and, even if it were, the alleged breach did not deprive plaintiff of the benefit of her bargain. The court found that, contrary to plaintiff’s allegations, the privacy policy did not promise that third parties would not be allowed to collect PII; in fact, it plainly disclosed that the website collected PII, that third parties collected non-PII, that AARP would share user data with companies involved in advertising and other services, and that social media companies might collect data about a user who visited the AARP website while logged into their social media accounts. Thus, no alleged breach could have occurred, and plaintiff therefore could not have been injured.
Additionally, the court found that even if AARP had breached its privacy policy, plaintiff had not suffered economic injury. Plaintiff admitted that she did not review the privacy policy until after signing up for her membership; thus, it could not have factored into the membership’s value. Furthermore, because the website privacy policy applied to both members and nonmembers, it was not part of the membership contract. Lastly, the court found that website usage was not an integral benefit of membership and plaintiff therefore received the benefit of her bargain. In order to prove her overpayment theory of injury, plaintiff would need to show that AARP had not substantially performed under the contract. Ultimately, though, plaintiff’s allegations that the privacy policy did not provide as much protection as she thought did not amount to economic injury, as “a plaintiff is not entitled to demand perfect realization of every hope and dream with respect to contract performance.” Because plaintiff alleged that she paid for—and received—an AARP membership, she was not denied the benefit of her bargain. Thus, the court found that plaintiff lacked Article III standing and dismissed the putative class action.
Austin-Spearman v. AARP, No. 14-cv-1288 (D.D.C. July 28, 2015).