On August 16, 2016, in Carlsen v. GameStop, Inc., the Eighth Circuit affirmed dismissal of a putative class action alleging that GameStop violated its privacy policy by sharing users' Facebook IDs and browsing history with Facebook. GameStop's privacy policy stated that personally identifiable information would not be shared, and noted that personally identifiable information "may include: your name, home address and zip code, telephone number, e-mail address and (for those purchasing products online) credit card or checking account information including billing and shipping addresses and zip codes." While the phrase "may include" suggested that the list was non-exhaustive, the policy did not specifically include Facebook IDs and browsing history on its list of personally identifiable information. Accordingly, the Court held that "the protection [plaintiff] argues GameStop failed to provide was not among the protections for which he bargained by agreeing to the terms of service, and GameStop thus could not have breached its contract with [plaintiff]." The district court had previously dismissed the action but on different grounds, finding that the named plaintiff lacked standing.