One year ago, data broker Spokeo, Inc. asked the Supreme Court to reconsider the Ninth Circuit’s revival of a putative class action against it for willfully violating the Fair Credit Reporting Act (“FCRA”) by publishing personal information without notice.  This week, the Court heeded that request, granting certiorari.  In doing so, it has paved the way for yet another decision by the highest court on how the issue of standing plays out in the context of privacy violations.

Plaintiff Thomas Robins sued Spokeo under the FCRA after the data broker allegedly published false information about him without his knowledge.  Interestingly, Robins claims that the information falsely stated that he had more education than he actually did and that he was in a better financial position than he actually was.  But according to Robins’s complaint, these false facts made it more difficult for him to find employment, credit, or insurance and thus caused actual harm.  He seeks to represent a class of individuals whose personal information has been similarly misstated. 

In 2011, the district court dismissed Robins’ complaint, holding that the alleged harm to his employment prospects was insufficient to confer Article III standing, which requires that a plaintiff suffer an “injury-in-fact.”  The Ninth Circuit reversed in 2014, finding that, in enacting FCRA, Congress created a statutory right and that the violation of that right in and of itself is sufficient to confer standing.

In his cert petition, Spokeo argues that Robins does not have standing to sue because he cannot show that he actually suffered any injury from the allegedly false publication.  Its petition pointed out that the Second and Fourth Circuits disagree with the Ninth Circuit’s position – having reached precisely the opposite conclusion on statutory standing – and that the Court should resolve the split.  Hinting at the broader implications of the Ninth Circuit’s reversal, the petition also noted that the FCRA is not the only federal statute in which Congressionally-conferred standing is at issue.   The Truth in Lending Act, the Fair Debt Collection Practices Act, the Video Privacy Protection Act, and the Telephone Consumer Protection Act all have similar provisions.

At this early stage, three issues are worth noting:

  • First, the Court previously considered but ultimately dismissed the same issue in the 2012 case First American Financial Corp. v. Edwards.
  • Second, the Court specifically requested the Solicitor General to weigh in on the briefing but then ignored the government’s recommendation that the Ninth Circuit decision stand unreviewed.  Notably, the Solicitor General reasoned that the publication of inaccurate personal information amounted to a “concrete harm.”
  • And third, the Court will consider the case against the backdrop of its highly-publicized and oft-cited 2013 decision in Clapper v. Amnesty International, in which the Court held that a plaintiff must show a “certainly impending” injury before he can establish Article III standing.

How the Justices ultimately lean will be determined in the next Term, when the Court will decide the case.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey L. Poston Jeffrey L. Poston

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years…

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years of experience leading investigations and litigation for corporate clients, Jeff counsels and defends clients in complex data protection matters involving class-actions and regulatory enforcement actions, as well as commercial disputes. Jeff also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Photo of Kate M. Growley, CIPP/G, CIPP/US Kate M. Growley, CIPP/G, CIPP/US

Kate M. Growley (CIPP/US, CIPP/G) is a director in Crowell & Moring International’s Southeast Asia regional office. Drawing from over a decade of experience as a practicing attorney in the United States, Kate helps her clients navigate and shape the policy and regulatory…

Kate M. Growley (CIPP/US, CIPP/G) is a director in Crowell & Moring International’s Southeast Asia regional office. Drawing from over a decade of experience as a practicing attorney in the United States, Kate helps her clients navigate and shape the policy and regulatory environment for some of the most complex data issues facing multinational companies, including cybersecurity, privacy, and digital transformation. Kate has worked with clients across every major sector, with particular experience in technology, health care, manufacturing, and aerospace and defense. Kate is a Certified Information Privacy Professional (CIPP) in both the U.S. private and government sectors by the International Association of Privacy Professionals (IAPP). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).