Privacy & Information Security Law Blog

As we previously reported, the Supreme Court’s decision in Spokeo v. Robins has been nearly universally lauded by defense counsel as a new bulwark against class actions alleging technical violations of federal statutes. It may be that. But Spokeo also poses a significant threat to defendants by defeating their ability to remove exactly the types of cases that defendants most want in federal court. The decision circumscribes the federal jurisdiction, with all its advantages, that defendants have enjoyed under Class Action Fairness Act (“CAFA”) for the past decade.

Under Spokeo, a plaintiff needs more than a statutory right of action in order to sue; he or she also needs a concrete, particularized injury traditionally required by Article III. The plaintiff, Robins, accused Spokeo of violating the Fair Credit Reporting Act (“FCRA”) by reporting information about him that was not true: specifically, that he is married, has children, has a job, is relatively affluent and holds a graduate degree. All false, according to Robins.

The Supreme Court found that while Robins had sufficiently alleged a statutory violation, he had not alleged a concrete injury sufficient to create Article III standing. The Court held that not every violation of a statute gives rise to federal standing, even where Congress has created a right of action for statutory violations. For instance, while reporting an incorrect zip code might technically violate the FCRA, “[i]t is difficult to imagine how the dissemination of an incorrect zip code, without more, could work any concrete harm.”

Defendants can now move to dismiss cases alleging technical statutory violations but no actual injury. But already, courts applying Spokeo have revealed that the decision is anything but an unalloyed boon to defendants. In Khan v. Children’s National Health System, Case No. 8:15-cv-02125, Judge Chuang considered a motion to dismiss a putative class action seeking recovery under a variety of consumer protection statutes for a data breach of a health care provider. The defendant had removed the case under CAFA. Relying on Spokeo, the court agreed that the plaintiff had not suffered a concrete injury and lacked standing — but instead of dismissing the case, Judge Chuang remanded it to state court. There lies the hidden danger of Spokeo.

Read the full client alert.