One year ago, data broker Spokeo, Inc. asked the Supreme Court to reconsider the Ninth Circuit’s revival of a putative class action against it for willfully violating the Fair Credit Reporting Act (“FCRA”) by publishing personal information without notice.  This week, the Court heeded that request, granting certiorari.  In doing so, it has paved the way for yet another decision by the highest court on how the issue of standing plays out in the context of privacy violations.

Plaintiff Thomas Robins sued Spokeo under the FCRA after the data broker allegedly published false information about him without his knowledge.  Interestingly, Robins claims that the information falsely stated that he had more education than he actually did and that he was in a better financial position than he actually was.  But according to Robins’s complaint, these false facts made it more difficult for him to find employment, credit, or insurance and thus caused actual harm.  He seeks to represent a class of individuals whose personal information has been similarly misstated. 

In 2011, the district court dismissed Robins’ complaint, holding that the alleged harm to his employment prospects was insufficient to confer Article III standing, which requires that a plaintiff suffer an “injury-in-fact.”  The Ninth Circuit reversed in 2014, finding that, in enacting FCRA, Congress created a statutory right and that the violation of that right in and of itself is sufficient to confer standing.

In his cert petition, Spokeo argues that Robins does not have standing to sue because he cannot show that he actually suffered any injury from the allegedly false publication.  Its petition pointed out that the Second and Fourth Circuits disagree with the Ninth Circuit’s position – having reached precisely the opposite conclusion on statutory standing – and that the Court should resolve the split.  Hinting at the broader implications of the Ninth Circuit’s reversal, the petition also noted that the FCRA is not the only federal statute in which Congressionally-conferred standing is at issue.   The Truth in Lending Act, the Fair Debt Collection Practices Act, the Video Privacy Protection Act, and the Telephone Consumer Protection Act all have similar provisions.

At this early stage, three issues are worth noting:

  • First, the Court previously considered but ultimately dismissed the same issue in the 2012 case First American Financial Corp. v. Edwards.
  • Second, the Court specifically requested the Solicitor General to weigh in on the briefing but then ignored the government’s recommendation that the Ninth Circuit decision stand unreviewed.  Notably, the Solicitor General reasoned that the publication of inaccurate personal information amounted to a “concrete harm.”
  • And third, the Court will consider the case against the backdrop of its highly-publicized and oft-cited 2013 decision in Clapper v. Amnesty International, in which the Court held that a plaintiff must show a “certainly impending” injury before he can establish Article III standing.

How the Justices ultimately lean will be determined in the next Term, when the Court will decide the case.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey L. Poston Jeffrey L. Poston

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years…

Jeff Poston is a partner in Crowell & Moring’s Washington, D.C. office, where he serves as co-chair of the firm’s Chambers USA-ranked Privacy & Cybersecurity Group and is a member of the Litigation Group. A seasoned trial lawyer with more than 25 years of experience leading investigations and litigation for corporate clients, Jeff counsels and defends clients in complex data protection matters involving class-actions and regulatory enforcement actions, as well as commercial disputes. Jeff also counsels businesses on both domestic and international privacy compliance matters, including the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

Read more about Jeffrey L. Poston
Show more Show less
Photo of Kate Growley Kate Growley

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations…

Businesses around the globe rely on Kate M. Growley to navigate their most challenging digital issues, particularly those involving cybersecurity, artificial intelligence, digital infrastructure, and their intersection with national security. Clients seek her guidance on proactive compliance, incident response, internal and government-facing investigations, and policy engagement. With a unique combination of legal, policy, and consulting experience, Kate excels in translating complex technical topics into advice that is practical and informed by risk and business needs.

Kate has extensive experience working with members of the U.S. government contracting community, especially those within the Defense Industrial Base. She has partnered with contractors from every major sector, including technology, manufacturing, health care, and professional services. Kate is an IAPP AI Governance Professional (AIGP) and a Certified Information Privacy Professional for both the U.S. private and government sectors (CIPP/G and CIPP/US). She is also a Registered Practitioner with the U.S. Cybersecurity Maturity Model Certification (CMMC) Cyber Accreditation Body (AB).

Having lived in Greater China for several years, Kate also brings an uncommon understanding of digital and national security requirements from across the Asia Pacific region. She has notable experience with the regulatory environments of Australia, Singapore, Japan, and Greater China—including the growing regulation of data flows between the latter and the United States.

Kate is a partner in the firm’s Washington, D.C., office, as well as a senior director in the firm’s consultancy Crowell Global Advisors, to which she was seconded for several years. She is a founding member of the firm’s Privacy & Cybersecurity Group and part of the firm’s AI Steering Committee. She has been internationally recognized by Chambers and named a “Rising Star” by both Law360 and the American Bar Association (ABA). She has held numerous leadership positions in the ABA’s Public Contract Law and Science & Technology Sections and has been inducted as a lifetime fellow in the American Bar Foundation.

Read more about Kate Growley
Show more Show less
Related Posts
Impacts of the National Cybersecurity Strategy on Government and Private Sector Collaboration
June 15, 2023
Iowa to Introduce the Sixth Comprehensive State Privacy Law in United States
March 24, 2023
China’s New Standard Contractual Clauses and Impact on Data Intensive Businesses
March 20, 2023