Can people sue companies that violate privacy & lie?

The Supreme Court will decide if 8,185 people—who were all falsely labeled terrorists—have a right to sue the company that violated their privacy, mishandled personal information and repeatedly violated applicable law.

Plaintiffs proved that TransUnion was a repeat violator of the Fair Credit Reporting Act of 1970—a company that, in the ten-year period in which it rushed to sell data about terrorists, could not identify a single time when its application of such a damning label to an individual was accurate.

Attorneys representing the 8,185-member class sought the damages remedy that Congress created specifically for victims of inaccurate credit reporting practices.

In the case, TransUnion misidentified plaintiff Sergio Ramirez and over 8,000 other people as included on the U.S. terrorist list. As a result, Ramirez was flagged as a terrorist when he tried to purchase a car.

Ramirez won a $40 million judgment against the credit reporting agency for falsely flagging him as a terrorist but TransUnion is fighting to keep the other innocent consumers it tagged as terrorists from suing it as a group with the successful lead plaintiff.

The Electronic Frontier Foundation (EFF) urged the Supreme Court to rule that consumers can take big tech companies like TransUnion, or even Facebook and Google to court, including in class action lawsuits, to hold them accountable for privacy and other user data-related violations, regardless of whether they can show they suffered identical harms.

Standing up to defend the ability of consumers to hold powerful tech companies responsible for protecting the massive amounts of personal data they capture and store every day, EFF told the high court that—contrary to the companies’ claims—Congress rightfully ensured that users could sue when those companies mishandle sensitive, private information about them.

EFF filed a brief with the Supreme Court in a case called TransUnion v. Ramirez.

The company argues that they don’t have standing to sue under the law and shouldn’t be part of the “class” of plaintiffs in the lawsuit because they weren’t harmed in the same way as Ramirez.

Facebook, Google, and tech industry trade groups are siding with TransUnion.

The big tech companies filed a legal brief pushing for even more limitations on users and others impacted by a wide range of privacy and data integrity violations.

The companies argue that users whose biometric information is misused or are improperly tracked or wiretapped should also be denied the opportunity to sue if they did not lose money or property.

Even those who can sue must all have been harmed in the exact same way to file a class action case, the companies argue.

“Facebook and the other tech giants gather and use immense quantities of our personal data each day, but don’t want to be held accountable by their users in court when they go back on their privacy promises, or unlawfully mishandle user data,” said EFF Executive Director Cindy Cohn.

“This logic—that the courthouse door should remain closed unless their users suffer financial or personal injuries even when the companies flagrantly violate the law—is cynical and wrong,” said Cohn. “Intangible harms have long been recognized as harms under the law, and Congress and the states must be allowed to pass laws that protect us.”

“In today’s digital economy, all of us depend on these companies to ensure that the data they have about us is accurate and safeguarded,” said Cohn. “When it’s mishandled, we should be able to take those companies to court.”

Class action rules require people suing as a group to have the same claims based upon the same basic facts, not the exact same injuries, EFF told the Supreme Court.

Facebook and other tech companies are asking the court to change that, which will make it harder for users to hold them accountable and utilize class action lawsuits to do so.

“When users lose control of their data, or the correctness of their data is compromised, those are serious harms in and of themselves, and they put users at tremendous risk,” said EFF Senior Staff Attorney Adam Schwartz. “Companies that gather and use vast amounts of users’ personal, private information are trying to raise the bar on their own accountability when they fail to protect people’s data. We are telling the Supreme Court: don’t let them.”

Electronic Privacy Information Center (EPIC) also filed an amicus brief in TransUnion LLC v. Ramirez, urging the U.S. Supreme Court to allow people to sue when their privacy rights are violated, regardless of whether they allege that the violation led to other harms.

The case concerns a suit brought under the Fair Credit Reporting Act (FCRA), one of many laws that create privacy rights for individuals to help them maintain control over their personal information. Ramirez and many others sued after TransUnion violated the FCRA, but the company argued that they don’t have “standing” to sue.

Other tech companies also filed a brief arguing that the Supreme Court should limit standing in privacy lawsuits.

Standing is a constitutional doctrine that dictates when federal courts have authority to resolve cases. EPIC argued that privacy plaintiffs have standing to sue and that “standing was never meant to be a complicated inquiry or a substantial barrier to the vindication of legal rights.”

EPIC warned that “[c]ourts that require proof of consequential harm are usurping the legislative role and rewriting these privacy laws” because “it is not the business of courts to tell Congress which rights are enforceable, and which are not.”

Facebook, Google and eBay have urged the Supreme Court to significantly scale back the types of privacy class actions that can move forward in federal courts, claiming that the Ninth Circuit has wrongly set a standard that such cases can proceed based on breaches of privacy alone, rather than ‘separate’ harms.

The Transunion case is viewed as one with the potential to settle some unresolved issues from Spokeo, Inc. v. Robins, a 2016 case.

Thomas Robins sued Spokeo—which provided information about people to online users—and claimed that the company willfully violated the Fair Credit Reporting Act by publishing false information about him on its website. 

The Ninth Circuit Court of Appeals ultimately held that an alleged violation of a statutory right is sufficient injury to qualify for standing.

EPIC previously filed an amicus brief in Spokeo and frequently files amicus briefs in cases interpreting standing under a variety of privacy laws.

Congress prescribed a cause of action with a consumer-specific remedy for violations of what is, in effect, the modern incarnation of traditional reputational harms that constituted defamation per se at common law.

On March 30, the Supreme Court of the United States will hear oral arguments in TransUnion LLC v. Ramirez.

Connect with NJTODAY.NET

Join NJTODAY.NET's free Email List to receive occasional updates delivered right to your email address!
Email for advertising information Send stuff to NJTODAY.NET Like Us On Facebook Follow Us On Twitter Download this week's issue of NJTODAY.NET
Print Friendly, PDF & Email