By Douglas F. Brent, CIPP/US and Adam H. Wetherington, Summer Associate
We recently discussed the Supreme Court’s May 2016 decision in Spokeo v. Robins, and the Court’s reiteration and application of established “standing” requirements relating to “injury.” Spokeo tells us some “bare” statutory claims don’t cause injury sufficient to support a lawsuit.
Though the claims in Spokeo were brought under the Fair Credit Reporting Act (FCRA) of 1970, the Court’s decision will overshadow cases brought under other federal statutes, including the Communications Act, where Congress has created tantalizing statutory penalties irresistible to creative plaintiffs.
What implications, if any, could Spokeo have for privacy-based statutory claims brought under federal telecommunications law? Could Spokeo curb the enthusiasm of class action lawyers who allege “bare procedural” violations?
Landline-Era Law is Today’s “WML”
One well-known, controversial and frequently litigated federal telecommunications privacy statute is the Telephone Consumer Protection Act (TCPA). Designed as a protective measure against telemarketing calls at dinnertime, this 25 year old law has devolved into a WML – a Weapon of Mass Litigation.
Even officials involved in TCPA enforcement have become weary of its misuse. In his dissenting statement to an (immediately appealed) 2015 TCPA rulemaking order, FCC Commissioner Ajit Pai raised concerns about plaintiffs and their attorneys who seek to profit from purported “violations” of the TCPA by mainly respected corporate actors (as opposed to fly-by-night artists).
Many of these claims arise from wayward text messages sent to mobile phone numbers that have been reassigned from previous subscribers who consented to receipt of these messages. Commissioner Pai decried misuse of the TCPA to target deep pockets instead of wrongdoers:
“[t]he TCPA’s private right of action and $500 statutory penalty could incentivize plaintiffs to go after the illegal telemarketers, the over-the-phone scam artists, and the foreign fraudsters. But trial lawyers have found legitimate, domestic businesses a much more profitable target.”
His criticism of these “vexatious litigant[s]” is directed at opportunistic, aggressive claims that, even if grounded in statutory text, seem to be missing any “concrete” invasion of privacy.
This is not to say that all TCPA claims are weak or assertions of statutory or procedural violations under federal telecommunications statutes necessarily fail. Junk faxes are a continuing affront, particularly for medical practices, and wasted paper and ink/toner and professional time consumed by unsolicited faxes seem to be a concrete harm. (Whether a single unwanted fax is worth $500 is another debate.)
Privacy Notice Claims Against Cable Industry Questionable
Hyper technical TCPA claims are not the only telecommunications lawsuits that could be affected by the Spokeo decision. Another favorite of the class action plaintiffs’ bar are claims against cable and satellite television providers, alleging failures to follow procedures related to written subscriber privacy notices.
The Cable Communications Policy Act (“CCPA”) governs the “protection of subscriber privacy” by “cable operators” and allows a court to award liquidated damages starting at $1,000 per violation to any “aggrieved” person. The most common grievances? Retaining personal information after a subscriber ends service and failure to send annual privacy notices prescribed by law.
Even before Spokeo, some of these claims failed on standing grounds. For example, in a 2013 California decision involving Time Warner Cable, the complaint was dismissed because the alleged injury was found not to be “particularized or imminent.” That’s the counterpart to the “concrete” injury factor analyzed in Spokeo. But lawsuits are still being filed elsewhere.
Where’s the Harm?
Most recently, a national cable provider is facing a putative class action in a St. Louis federal court, and technical violations of the CCPA are at the heart of the complaint. The violation? Failing to send a written privacy notice. Notably, the three named plaintiffs concede in their complaint that the provider has posted what they call a “rogue” privacy policy online, an admission that would appear to reduce their beef to the type of “bare procedural violation, divorced from any concrete harm” the Supreme Court said would be insufficient to confer standing. In this case, Spokeo would appear to cast a shadow as long as the Gateway Arch.
Meanwhile, Spokeo could make it even tougher for plaintiffs to press “no harm” privacy claims in data breach cases. We’ve written before about whether mere interception of a credit card number is sufficient to provide standing to sue a negligent retailer. As for other types of breaches, at least one federal district court has dismissed claims on standing grounds, citing Spokeo.
Perhaps the best result may be (paraphrasing Commissioner Pai) to restore the TCPA, CCPA and other federal privacy statutes to their roles as consumer protection statutes, not trial-lawyer protection statutes.