Skip to Content

Privacy & Data

CDT Brief in Spokeo v. Robins Supports Individual Claims for Privacy Violations

2015-09-09-spokeo_FB

If Congress grants you legal protections and a remedy when they are violated, can the courts step in and remove those rights if they don’t believe there’s an actual harm? Today, CDT filed an amicus brief in the Supreme Court case Spokeo v. Robins, alongside the Electronic Frontier Foundation, New America’s Open Technology Institute, and the World Privacy Forum, to answer that very question and support the ability of private individuals to file claims for violations of the Fair Credit Reporting Act (FCRA). In the brief, we argue that the private right of action is a vital part of FCRA now more than ever, and that limiting private claims could lead to an increase in inaccurate data — a serious policy issue in an era when data proliferates online at a rapid pace.

The question in front of the Court in Spokeo is seemingly simple — can Congress confirm standing on a plaintiff who suffers no “concrete” harm by authorizing a private right of action for a violation of a federal statute. Yet what makes a harm “concrete” is a vexing question. The issue of privacy harms has been debated for years with little consensus.

What is clear is that Congress has acted repeatedly, in a variety of statutes, to create causes of action for private citizens to file claims for privacy violations.

What is clear is that Congress has acted repeatedly, in a variety of statutes, to create causes of action for private citizens to file claims for privacy violations. FCRA was enacted nearly fifty years ago to protect against the growing credit reporting industry and the prevalence of inaccurate data in credit reports. Credit reports were used then, as they are today, to make highly consequential determinations in lending, housing, and employment.

Multiple legislative hearings during the drafting and enactment of FCRA demonstrated the need for the law. One woman testified that she had lost much of her credit and in-surance because she was deemed to have “bad morals”; a college student lost his car insurance due to secret testimony from a neighbor; another woman was denied medical insurance because a credit report erroneously characterized her as an alcoholic; and a man who had been erroneously convicted of a felony was never able to obtain credit after his exoneration.

Today, the massive proliferation of data online means that FCRA is more important than ever to protect individuals from inaccurate data being used to make critical decisions in their lives.

Today, the massive proliferation of data online means that FCRA is more important than ever to protect individuals from inaccurate data being used to make critical decisions in their lives. Data brokers like Spokeo have a vast reach, often invisible to the individual, and inaccurate profiles can have repercussions throughout an individual’s digital and real-world life. The pervasiveness of data collection and the inability to know when and how reports are used prove that we still need FCRA to protect citizens from the kinds of errors described during the original legislative debates. In the digital age, where technology touches many parts of our daily life, inaccurate data can lead to catastrophic results in a person’s life.

The contemporary need for FCRA is clear, but, some might argue, why do we need private citizens to enforce it? For many federal laws, the federal government is tasked with enforcement. Yet in case of FCRA, relying upon the government to be the sole enforcer of individual rights would be insufficient. The massive scale of data collection and transmission facilitated by the Internet means that the Federal Trade Commission, by virtue of its size and limited resources, can’t take on the task on its own. It’s for these reasons that the private right of action in FCRA is vital.

The question that Spokeo raises could also affect a broad range of other federal laws. In the brief, we highlight the other federal statutes that protect privacy rights, including the Cable Communications Policy Act, the Video Privacy Protection Act, and the Electronic Communications Privacy Act, among others. The sectors that those laws regulate have become even more central and pervasive in American life since they were enacted. Preserving the ability for individuals to enforce their rights under these laws is an important legal and policy goal, as it is for FCRA.

CDT received the invaluable pro bono support of Marcia Hofmann in the research, writing, and filing of this amicus brief, which we are extremely grateful for. We also wish to thank CDT legal intern Olga Musayev, and Kendra Albert, legal intern at the Law Offices of Marcia Hofmann, for their help in legal research, cite checking, and proofreading. We expect the oral argument to take place in Fall 2015, with a decision by next June.