A Tale of Two Spokeos

A Tale of Two Spokeos

Screen Shot 2016-05-19 at 9.13.39 AMThe Supreme Court provided important guidance about Article III standing, especially what constitutes an injury sufficient to satisfy Article III, in the Spokeo v. Robins ruling from May 2016. At the time, it was unclear whether the ruling was more helpful to plaintiffs or defendants. Both sides expressed triumph. Reflecting that murky assessment, post-Spokeo standing rulings appear to be somewhat mixed. I have not surveyed the cases, but I would venture to guess that on balance they probably lean slightly towards plaintiffs. Two recent cases highlight the split:

Hancock v. Urban Outfitters: This case alleges a retailer wrongfully collected personal information in conjunction with a credit card transaction (Washington DC’s version of the Song-Beverly credit card act). The question is whether merely asking for (and collecting) such information created an sufficient injury to confer standing. The lower court dismissed on the merits, saying that a zip code is not an “address” and thus not covered by the statute. (Compare with Pineda v. Williams Sonoma, a case from the California Supreme Court coming to a different conclusion under the California statute.) Second, the court held that plaintiffs did not allege that the transactions would not have been completed absent the requested information.

On appeal, the D.C. Circuit remanded the case for dismissal, saying that plaintiffs failed to satisfy article III standing in the first instance. The court focused on the “bare procedural language” from Spokeo and said that the Court mentioned some examples of disclosure that would not support standing. Here, the plaintiffs’ complaints were one step removed—they were complaining about collection, and not even disclosure or misuse:

If, as the Supreme Court advised, disclosure of an incorrect zip code is not a concrete Article III injury, then even less so is Hancock and White’s naked assertion that a zip code was requested and recorded without any concrete consequence. Hancock and White do not allege, for example, any invasion of privacy, increased risk of fraud or identity theft, or pecuniary or emotional injury. Cf. Spokeo, 136 S. Ct. at 1549 (A “risk of real harm” or an “intangible” harm may satisfy Article III’s requirement of concrete injury.). And without any plausible allegation of Article III injury, the complaint fails to state a basis for federal court jurisdiction.

[For more on the potential social and legal differences between collecting, sorting and using data, see Eric’s article, Data Mining and Attention Consumption.]

Mey v. Got Warranty: This is a TCPA case where the plaintiff alleged that the defendant placed calls using auto-dialing equipment. Defendant moved to dismiss for lack of subject matter jurisdiction. The court stayed the case pending resolution of Spokeo. The court says Spokeo did not change the law and break new ground. The key question is whether unwanted calls cause “concrete harm” and the court emphatically (and in an 18 page order!) says yes. Such calls could cause monetary injury by depleting minutes or expend battery power. It constitutes an invasion privacy, which is a tort that has common law roots. It also could constitute a trespass. Interestingly, the court even goes as far to say that unwanted calls can constitute future harm:

Unwanted calls . . . cause a risk of injury due to interruption and distraction.

[Sidenote: if distraction is injury, sign me up for disability asap!]

__

Given the split rulings, it’s tough to draw definitive conclusions about the effects of Spokeo on future cases. Spokeo will likely be a useful tool for defendants in information security and privacy cases. We’ve seen a slew of these types of cases (Song-Beverly Credit Card Act; Shine the Light statutes; data breach cases) grapple with standing because the plaintiffs object to the defendants’ technical statutory violation but cannot show any consequence of that breach to them. Given the absence of any meaningful harm to consumers from those technical breaches, some judges will use Spokeo to clear their dockets. Plus, the D.C. Circuit is an influential court, so the Hancock ruling should get some mileage. On the other hand, for a TCPA case, Spokeo is unlikely to help.

Mey v. Got Warranty, Inc., 2016 WL 3645195 (N.D.W.V. June 30, 2016)

Hancock v. Urban Outfitters, 14-7047 (D.C. Cir. July 26, 2016)

Related posts:

Will the Spokeo v. Robins Supreme Court Ruling Favor Plaintiffs Or Defendants? Uh…

9th Circuit Says Plaintiff Had Standing to Sue Spokeo for Fair Credit Reporting Violations

Court Revisits and Dismisses Fair Credit Reporting Act Lawsuit Against Spokeo — Robins v. Spokeo, Inc.

Court Allows Fair Credit Reporting Act Claims Against Spokeo to Move Forward — Robins v. Spokeo

Court Dismisses Class Action Against Spokeo for Lack of Standing — Robins v. Spokeo

“Manufactured” TCPA Suit Fails For Lack of Standing

Seventh Circuit: Data Breach Victims Have Standing Based on Future Harm

California Supreme Court Rules That a ZIP Code is Personal Identification Information — Pineda v. Williams-Sonoma

Ninth Circuit Turns Out The Lights on California ‘Shine the Light’ Case