Governance & Risk Management , Privacy , Standards, Regulations & Compliance

Supreme Court Rejects Online Privacy Case

Case Against Spokeo Sent to Appellate Court for Consideration of 'Harm' Issue
Supreme Court Rejects Online Privacy Case

The U.S. Supreme Court this week sided with data aggregator Spokeo in a case dealing with when consumers can sue for privacy violations.

See Also: The Ultimate PIA and DPIA Handbook for Privacy Professionals

The high court, in a 6 to 2 decision, remanded the case to the Ninth Circuit Court of Appeals to examine the issue of whether the plaintiff had been harmed when Spokeo published incorrect information about him online.

Spokeo promotes itself as a "people search engine" that organizes white pages listings, public records and social network information to help individuals safely find and learn about people. Thomas Robins filed suit after he read his online profile on the Spokeo website that contained numerous mistakes, including incorrectly listing his age and inaccurately stating that he holds a graduate degree, is wealthy and is married with children. When he filed the suit, Robins was unemployed and seeking work, and claimed the incorrect information harmed his job prospects (see Holding Websites Liable for False Data).

Robins sued Spokeo under the federal Fair Credit Reporting Act. That law requires consumer-reporting agencies to take reasonable steps to assure the accuracy of information they publish. Companies found to willfully violate the act face actual damages of $1,000 for each violation. Consumers also can seek punitive damages.

Proving Harm

The Supreme Court has asked the appellate court to take a closer look at whether the harm suffered by Robins was significant enough to warrant a judgment of liability against Spokeo. In his majority opinion, Justice Samuel Alito wrote that for the case to move forward, Robins must show he suffered "concrete" damage that was "actual or imminent, not conjectural or hypothetical."

When the Supreme Court decided to take the case, cybersecurity lawyer Françoise Gilbert of the law firm Greenberg Traurig observed that Robins must prove that he was injured by the actions of the defendant, that he suffered specific damages. "In this particular case, the plaintiff could not point to a particular injury," Gilbert said. "Instead, the plaintiff argued that the fact that the defendant violated the plaintiff's rights under the Fair Credit Reporting Act was sufficient harm for the lawsuit to proceed."

Class Action

Because Robin's suit is a class action case that could include thousands of other plaintiffs similarly affected, a decision in favor of Robins could potentially lead to Spokeo paying substantial damages.

Internet firms such as eBay, Facebook, Google and Yahoo side with Spokeo, contending that if the court rules in favor of Robins "floodgates will open for class action litigation for no injury violations," said Linn Foster Freedman, a lawyer with Robinson and Cole.


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.