The October 2015 term for the U.S. Supreme Court included some major events, the largest of which was the death of staunch conservative and well-known textualist, Justice Antonin Scalia. After the passing of Justice Scalia, many feared the Court would be stuck with 4-4 decisions on many of the big cases left pending. Should that happen, those decisions would have no effect on cases with similar issues pending in other courts. While there have been some split decisions, other major opinions came down with enough force to have binding effect going forward. Privacy cases, including a decision on standing within that realm, top the list of cases you should know about.
• Spokeo v. Robins
Faced with a question of whether a statutory violation was sufficient to satisfy Article III’s injury-in-fact standing requirement, the Supreme Court in May handed down its hotly anticipated decision in Spokeo v. Robins. Justice Samuel Alito authored the 6-2 decision in which the justices ruled that consumers can bring claims for statutory damages.
The Court rejected the position argued by corporate advocates – that economic harm is required – but did require Plaintiffs to allege a tangible or intangible concrete injury. “Concrete” injury is not “necessarily synonymous with ‘tangible.’” Instead, as the Court specifically pointed out, “intangible injuries can nevertheless be concrete.”
Those on both sides of the table are left wondering, then, where is the line to determine whether an intangible injury is concrete? Very little guidance was presented on that question, though the Court did opine that, when it comes to the Fair Credit Reporting Act (FCRA) allegations in this particular case, “Congress plainly sought to curb the dissemination of false information by adopting procedures designed to decrease that risk.”
The Court cautioned, though, not all violations of the FCRA will automatically result in the kind of concrete harm that the Constitution requires for standing. For example, it is “difficult to imagine” how getting someone’s zip code wrong, “without more, could work any concrete harm.”
The two dissenting justices, Justice Ginsburg and Justice Sotomayor, actually concurred in much of the reasoning. Their dissent resulted from their disagreement with the majority’s decision that the case should be remanded to determine if the Plaintiff alleged a concrete injury – they believe he met that burden. For all intents and purposes, then, the decision that consumers do have standing to assert statutory violations is essentially unanimous.
• P.F. Chang’s
The Seventh Circuit in April reversed a lower court’s dismissal of a proposed class of P.F. Chang’s China Bistro Inc. customers suing the restaurant chain over a data breach, declaring that the customers have standing to sue for fraud-prevention expenses. In their briefing to the Court of Appeals, P.F. Chang’s had argued that “Plaintiffs have no actual or imminently impending damage. This defeats their cases whether viewed in terms of their lack of standing or their lack of an essential element of their claims.”
The Seventh Circuit disagreed, finding that it is plausible to infer a substantial risk of harm from the June 2014 data breach, since a primary motivation for hackers is to make fraudulent charges on payment cards or to assume customers’ identities. According to the panel, a Plaintiff in a data breach case, then, need only “cross the line from conceivable to plausible,” and the Plaintiffs here had done so.
• Yershov, Nickelodeon, and Facebook
The First and Third Circuit have recently attempted to apply the outdated Video Privacy Protection Act, which was enacted in 1988, to modern technologies such as tracking cookies and GPS technology.
Initially, the First Circuit announced a ruling in April in Alexander Yershov v. Gannett Satellite Information Network, Inc. that revived a putative class action brought by a USA Today smartphone app user alleging that USA Today’s parent Gannett illegally collected his browsing data to sell to advertisers. In its decision, the First Circuit held that when Gannett sent to Adobe the title of the video viewed, along with the device’s unique device identifier and GPS coordinates, such information amounted to personally identifiable information covered by the statute.
Then, less than two months later, the Third Circuit handed down an opinion in In re: Nickelodeon Consumer Privacy Litigation striking down video privacy claims being asserted against Google and Viacom on the grounds that the “static digital identifiers,” such as internet protocol addresses that Viacom shared with Google, could not be considered personally identifiable information under the statute.
Although these cases appear to be inapposite, the Third Circuit was careful to stress in its opinion that it did not believe its decision created a circuit split with the First Circuit’s looser definition of personally identifiable information because the First Circuit had acknowledged that there was a certain point when linking information becomes too uncertain to trigger liability. Thus, a potential opening for Plaintiffs has been created, as well as additional pitfalls that video service providers need to consider.
The use of another increasingly popular privacy statute, the Illinois Biometric Information Privacy Act (IBIPA), was strengthened in May when the Northern District of California in In re: Facebook Biometric Information Privacy Litigation rejected Facebook’s argument that the parties’ California choice-of-law provision barred the Plaintiffs’ claims under Illinois law.
The IBIPA has been raised in several suits accusing companies of collecting and retaining face scans and similar biometric data without providing consumers with proper notice. In this case, Plaintiffs’ claims centered on the legality of the site’s facial-recognition and tagging features. The judge here basically stated that Illinois has a fundamental interest in the privacy of its citizens, and to allow Facebook or any other big corporation to use boilerplate choice-of-law provisions would effectively abolish any state laws that protect consumer privacy. Thus, this ruling a company’s ability to use choice-of-law provisions in its terms of service to reduce the risk of being subject to litigation under conflicting state privacy laws.
All in all, these cases are good news for plaintiffs, though they create some new pleading requirements for privacy cases and standing. Having overcome the standing challenges to statutory claims, in particular, is a huge benefit to consumers. Statutes like those discussed in this article are intended to protect customers by penalizing negligent companies. Taking away a consumer’s ability to enforce those statutory damages would have gutted the statutes and, therefore, the incentive for compliance, to the point of uselessness. If you need more information on any part of the above, contact Rebecca Gilliland at 800-898-2034 or by email at Rebecca.Gilliland@beasleyallen.com.
Contact us today for a free legal consultation with an experienced attorney.
Fields marked *may be required for submission.
If you would like to subscribe to the Jere Beasley Report digital edition, simply visit our Subscriptions page and provide the necessary information or call us at 800-898-2034.
Attorney Advertising - Prior results do not guarantee a similar outcome.