Subscribe
Modern field guide to security and privacy

Opinion: Why the Supreme Court should side with data brokers

The Supreme Court hears arguments Monday in Spokeo v. Robins, a case in which a Virginia man claims he was wronged because an Internet data broker portrayed him incorrectly. If the court sides with the alleged victim, any tech company that collects and aggregates personal data could be subjected to devastating lawsuits.

  • close
    A view of the US Supreme Court building in Washington.
    Reuters
    View Caption
  • About video ads
    View Caption
of

The Supreme Court will consider on Monday a case that may determine whether "privacy" becomes the next goldmine for the plaintiffs’ bar, which would threaten to cripple the modern digital economy. 

Depending on how the court rules, Spokeo Inc. v. Robins could unleash a torrent of litigation against Internet companies over how those firms collect and use data even when consumers suffer no actual harm. 

It's a class action case that centers on allegations by Thomas Robins, a Virginia man, against Spokeo, a California aggregator of publicly available personal data. Mr. Robins claims that Spokeo violated provisions of the Fair Credit Reporting Act (FCRA) because its records were inaccurate – they showed Robins was richer and more educated than he was. 

Robins alleged that Spokeo’s inaccurate information was hurting his employment prospects, costing him money and causing him "worry about his diminished employment prospects." The district court dismissed the class action for lack of standing. The Constitution allows federal courts to hear only "cases or controversies" – that is, disputes that involve some sort of injury that courts can fix. The link between Robin's situation and Spokeo's inaccuracies were just too speculative.

The Ninth Circuit, however, reversed that decision. In its view, whether Spokeo actually caused Robins' harm was irrelevant; as long as FCRA allowed individuals to sue, "a plaintiff can suffer a violation of the statutory right without suffering actual damages."

Spokeo raises weighty separation of powers issues – does Congress or the judiciary control access to the federal courts? But beyond this vital Constitutional question, the outcome could have sweeping implications for the digital economy.

In recent years, enterprising plaintiffs' attorneys have made a cottage industry of recasting the data flows that are the lifeblood of the modern information economy as violations of Cold War-era statutory schemes, such as the Video Privacy Protection Act (VPPA) or the Electronic Communications Privacy Act (ECPA).

What do these statutes have in common? Like FCRA, they allow consumers to bring their own suits and provide statutory damages. A $10,000 penalty for violating ECPA may not seem like much, but when multiplied by a proposed class such as "all US resident non-Gmail users who have used their non-Gmail accounts to receive and e-mail from an '@gmail.com' address or to send an e-mail message to an '@gmail.com' e-mail address," which was proposed in privacy class action against Google, it's easy to see why these statutes are the perfect vehicles to extort multimillion dollar settlements.

It's also easy to see why avoiding having to have suffered an actual injury is so important to plaintiffs' lawyers who bring these privacy lawsuits. Consider the 2013 privacy litigation against Netflix from the Ninth Circuit. Netflix had the temerity to store its customers' viewing habits, and share them with third-party analytics firms to – wait for it – improve its selection algorithm. This action would be thrown out of court for lack of standing if brought as a tort for the simple reason that there isn't any harm to be redressed. 

Indeed, none was pled in the complaint. Not to be deterred, plaintiffs' lawyers dusted off the VPPA and voila, a multimillion-dollar suit appears. Netflix’s attempt to improve its product was rewarded with a $9 million settlement, of which $2.25 million went to attorneys, and nearly $6 million went to privacy advocates to "educate" consumers about privacy (translation: scare consumers about the horrors of targeted advertising).  

The Netflix case is representative of this new shakedown scheme that benefits both the trial bar and privacy activists, who have always been uncomfortable with the ad-supported online ecosystem. Plaintiffs' lawyers similarly have conjured up cases from thin air by relabeling algorithmic review of e-mails or tweets, or the transmission of "referral headers" from one server to another into the more ominous sounding "interception of electronic communications," which not coincidentally tracks the language of ECPA.

If the Supreme Court upholds the Spokeo decision, it would cement plaintiffs' ability to magically transform innocuous conduct into a lucrative class action by recasting it as a violation of ECPA or VPPA.  

As usual, consumers will pay the price. The threat of these suits will make companies think twice before they use consumer data in beneficial ways, like increasing customization or matching consumers with more relevant ads. What’s more, these companies will be reluctant to share data with academic researchers, which will deprive society of beneficial insights that can be gleaned from big data. 

These suits could serve a purpose if they were addressing privacy concerns that were otherwise being ignored, but that just isn’t the case. There’s simply nothing to suggest that the millions of consumers who engage in the digital economy on a daily basis are silently suffering.

To the contrary, the data reveal that consumers seem largely comfortable with the current state of affair: Adult use of social media has risen nearly 10-fold in the past decade; barely 10 percent of consumers engage antitracking technologies on their browsers; and empirical work by academics consistently finds that consumers not willing to pay very much to prevent tracking of their behavior.

As some leading economists in the field find, "the adoption of privacy-enhancing technologies lags vastly behind the adoption of sharing technologies." What’s more, recent research from the Brookings Institution suggests that consumers have far fewer privacy concerns when computers rather than people are viewing their data – highly relevant, as most of these cases are built on the notion that servers, rather than people, are doing the "intercepting" and "reading." There just isn’t any support for the notion that the rash of ECPA and VPPA class actions serve any purpose other than to enrich the plaintiffs' bar. 

We’ve seen what trial lawyers have done to other industries. The Supreme Court can stop the same thing from happening to the digital economy by reversing the Ninth Circuit's Spokeo decision.

James C. Cooper is the Director of the Program on Economics & Privacy and a lecturer in law at George Mason University School of Law.

About these ads
Sponsored Content by LockerDome
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK