SCOTUS to Consider Whether FCRA Violation Confers Article III Standing on Individual

On April 27, 2015 the Supreme Court of the United States granted certiorari on a petition filed by Spokeo, Inc., asking the court to review the Ninth Circuit opinion in Robins v. Spokeo, Inc., 742 F.3d 409 (9th Cir. 2014). On February 4, 2014, the circuit court ruled that an allegation of a violation of the Fair Credit Reporting Act (FCRA) ipso facto satisfied the injury-in-fact requirement of Article III of the Constitution. Whether violation of the FCRA does confer standing upon a plaintiff is an issue that will greatly affect the landscape of privacy and cyber litigation by either opening or closing a key theory of liability.

The California district court had held that Robins had failed to allege an injury-in-fact, when he alleged that Spokeo operated a website that provided users with the contact data, marital status, age, occupation, economic health, and wealth level of individuals and reported false information about him, causing actual harm to his employment prospects in addition to stress and worry.  After the district court dismissed Robins’s complaint for lack of standing, he appealed.

As an initial matter, the Ninth Circuit explained, the statutory cause of action did not require a showing of actual harm when a plaintiff sues for willful violations and identified the issue before it as whether violations of statutory rights created by the FCRA are “concrete, de facto injuries” that Congress can elevate to legally cognizable injuries.

The Ninth Circuit held that Spokeo’s violations of the FCRA satisfied the injury-in-fact requirement of Article III because Robins satisfied two constitutional limitations on Congress’s ability to confer standing: (1) a plaintiff must allege the defendants violated his statutory rights, and (2) the statutory right at issue must protect against “individual, rather than collective, harm.”  The Ninth Circuit reasoned that Robins alleged that Spokeo violated his statutory rights and that his “personal interests in the handling of his credit information are individualized rather than collective.” Because it ruled that violation of the FCRA was sufficient, the Ninth Circuit did not address whether harm to Robins’s employment prospects or related anxiety were sufficient injuries-in-fact.

We will provide further updates as the matter progresses in front of SCOTUS.

About The Author

Daniel R. Johnson joined Cozen O'Connor in 2004 and is a member in the Global Insurance Department in the firm's Chicago office. Dan has represented insurers and reinsurers in complex commercial property, general liability and professional liability coverage litigation. Recently, he successfully obtained a defense verdict for an insurer in a federal jury trial involving a coverage dispute regarding the partial collapse of a three-story warehouse.

Posted in Data Breach, Litigation, Privacy

Leave a Reply

Your email address will not be published. Required fields are marked *


About Cyber Law Monitor
In the new digital world, individuals and businesses are almost entirely dependent on computer technology and electronic communications to function on a daily basis. Although the power of modern technology is a source of opportunity and inspiration—it also poses huge challenges, from protecting privacy and securing proprietary data to adhering to fast-changing statutory and regulatory requirements. The Cyber Law Monitor blog covers privacy, data security, technology, and cyber space. It tracks major legal and policy developments and provides analysis of current events.
Subscribe For Updates


Cozen O’Connor Blogs