Spokeo Bolsters Defendants in Privacy Class Actions

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

May 16 — The U.S. Supreme Court's 6–2 decision in Spokeo Inc. v. Robins May 16 may bolster defendants' positions in future privacy and data breach class actions, privacy attorneys told Bloomberg BNA May 16.

The issue before the court was whether a bare statutory violation, without other “concrete” injury, is enough to give plaintiffs standing and access to the courts (212 PRA 212, 11/3/15).

Justice Samuel Alito wrote that the appellate court failed to fully consider the injury-in-fact standard and that the “Article III standing analysis was incomplete.” The injury-in-fact standard requires a plaintiff to show that they suffered “concrete and particularized” harm. Finding that the U.S. Court of Appeals for the Ninth Circuit failed to properly analyze the “concrete requirement,” the court remanded the case.

The decision is a “carefully crafted and measured ruling—which was perhaps necessary to garner the six-Justice collation who signed on to the majority opinion,” Peter Karanjia, partner at Davis Wright Tremaine LLP and member of its privacy & security group, said.

Although the court's decision may look narrow on the first look, “Spokeo is a fairly strong decision in the defense favor,” David Almeida, class action partner at Sheppard Mullin in Chicago, said.

The Supreme Court's decision “puts up another constitutional bulwark in our federalist system,” Joe Jacquot, a consumer protection partner at Foley & Lardner LLP, said. “The Court clarified that injury-in-fact standing requires an injury that must ‘actually exist'—beyond just a procedural violation of the statute.”

“The decision still ensures the harm must be actual,” he said.

Pro-Defendant Decision

Spokeo will impact class actions alleging violations of the Telephone Consumer Protection Act (TCPA), Fair and Accurate Credit Transactions Act (FACTA), Video Privacy Protection Act (VPPA) and the Fair Credit Reporting Act (FCRA). Spokeo may garner favorable outcomes for defendants in these cases, privacy attorneys said.

“Many of these types of cases are filed based on nothing more than hyper-technical violations of various consumer protection and privacy-related statutes,” Almeida said. In Spokeo, the “Supreme Court is sending the signal that technicalities do not provide Article III standing,” he said. For example, in a TCPA case “if consent has been obtained it does not matter whether the consent was oral or written,” he said.

Adam Levin, litigation partner at Hogan Lovells in Washington, agreed that “it is no longer enough to allege a bare procedural violation of consumer statutes” and plaintiffs “must “plausibly allege concrete harm or a risk of real harm.”

Almeida said that Justice Alito's decision also indicates that “technical inaccuracies or ‘harms' may be so trivial as to fail Article III standing.” For example, simply allowing a third party to view personal information where no actual harm has occurred “may be so trivial as to fail to pass the Article III threshold,” he said.

However, actual harm can still occur in these kinds of cases if plaintiffs can prove more than a mere technicality. Thomas Rohback, class action partner at Axinn, Veltrop & Harkrider LLP in Connecticut, said that “Spokeo will not preclude class actions where the harm is real.” However, plaintiffs “will have to show similarly meaningful errors, and not technical mistakes of no consequence,” he said.

As for the present case, Rohback predicts “that the Ninth Circuit will find standing and concreteness—and the court may even quote Justice Ginsburg's dissent which effortlessly shows the materiality of the credit reporting errors.”

Data Breach Litigation

Spokeo may also have an indirect effect on data breach class actions.

There will be “a lot more reliance on the proposition that it's not enough for plaintiffs, like Robins, to ‘allege a bare procedural violation' without proof of ‘concrete harm,'” Karanjia said.

Spokeo also could have had a more far reaching impact on data breach class actions. Rohback said that Spokeo“had the potential of establishing a statutory violation as a basis for standing based solely on the violation of the statute,” however, the court's decision was much more nuanced.

The case is “unlikely to resolve splits concerning standing for individuals whose data has been accessed, but not yet misused in data breach cases,” he said.

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Jimmy H. Koo at jkoo@bna.com

For More Information