Major information technology providers opposed to the broadening of class action litigation related to consumer protections have taken their case to the U.S. Supreme Court.
The companies are hoping the court will strike down a lower court ruling which makes it easier for consumers to file class action suits. The tech companies may not have to wait too long for a decision. The Supreme Court conducted oral arguments in TransUnion LLC v. Ramirez Tuesday and is expected to issue a decision by the end of June.
At issue is the legal standard governing how members of a consumer class can demonstrate to a court that they have experienced “harm” in the management of their personal data.
The IT companies essentially argue that a ruling by the Ninth Circuit U.S. Court of Appeals wrongly allows members of a class to claim harm that goes well beyond current standards for defining injury. The companies contend that the Ninth Circuit ruling would expose businesses to unjustified class action suits.
According to an amicus brief jointly submitted to the Supreme Court by eBay, Facebook, Google, and several tech industry associations, there was no legal reason for the assertion of any actual or tangible injury for the class of consumers cited in the case.
The companies contend that the Ninth Circuit’s ruling will have an impact well beyond the statutes involved in that case.
If left intact, the court’s opinion would “degrade” legal standards and would “open the floodgates for abusive litigation that redresses no injury and benefits no consumer,” the companies said. The Ninth Circuit ruling could affect such e-commerce laws as the Stored Communications Act, the Video Privacy Protection Act, Telephone Consumer Protection Act, and the Wiretap Act, as amended by the Electronic Communications Privacy Act, according to the brief.
The case before the Supreme Court was initiated by major credit reporting agency TransUnion which is seeking to overturn the Ninth Circuit’s decision in Ramirez v. TransUnion LLC. The company asked the court to rule on whether the U.S. Constitution and related procedures “permit a damages class action where the vast majority of the class suffered no actual injury, let alone an injury anything like what the class representative suffered.”
Personal Data Alerts Triggered Litigation
The case evolved from allegations that data references used by TransUnion included inaccurate and potentially damaging “matches” of names on consumer credit alerts.
According to the U.S. Department of Justice, during the time frame of the case, TransUnion’s matching process “consisted solely of a ‘name-only’ comparison of consumers’ first and last names” and the names on the U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) list of terrorists, drug traffickers, and other individuals prohibited from doing business in the United States for national security reasons.
In February 2011, while attempting to purchase a car, Sergio L. Ramirez learned that TransUnion had added an inaccurate OFAC alert to his consumer report. After receiving the alert, the dealership refused to sell the car to Ramirez, who later contended that he was “embarrassed, shocked, and scared” to learn that his name was associated with the OFAC list, according to DOJ’s summary of the case.
Disturbed by his experience, including inquiries to TransUnion, which he claimed resulted in further confusion about the alert, Ramirez filed a suit alleging that TransUnion’s practices violated various protections of the Fair Credit Reporting Act (FCRA).
At the U.S. District Court level, the jury found in favor of Ramirez and faulted TransUnion for failing to comply with the requirements of the FCRA. The District Court also granted class-action status to the 8,000 persons allegedly affected by the erroneous information. Damages were set at $60 million, later reduced to $40 million by the Ninth Circuit.
Court proceedings revealed that TransUnion’s reliance on the OPAC data system resulted in a “matching” process that did not definitively screen matches to specific individuals but only to similar names, resulting in the potential for misleading identifications.
In the case of Ramirez, date of birth information showed he was improperly classified. Ramirez’s distress resulted from the distribution of the inaccurate report to a third party — the car dealer — according to the Ninth Circuit decision. A key element in the case hinges on the third-party disclosure issue.
According to an analysis from the law firm Akin Gump, “despite the fact that the majority of class members did not have their credit reports disseminated to third parties, the Ninth Circuit found that the mere fact that the credit reports were available to potential creditors and employers upon request sufficed to show a ‘material risk of harm’ to the concrete interests of all class members.”
Thus, class actions could proceed, according to the ruling. The Justice Department’s analysis noted that the Ninth Circuit characterized the nature of such inaccurate alerts as “severe,” with reports available to third parties “at a moment’s notice.” The Department filed an amicus brief only for the purpose of supporting the need for clarification of applicable law and rulings.
TransUnion Claims Decision ‘Eviscerates’ Standards
TransUnion, in its petition to the Supreme Court, challenged the notion that the mere existence of the database references resulted in harm. The company noted that the U.S. Court of Appeals for the District of Columbia “has squarely held that plaintiffs lack standing to seek damages under FCRA based on the bare existence in their credit files of information never disseminated to any third party.” The Ninth Circuit ruling “eviscerates” both Constitutional and procedural standards, TransUnion said.
The company emphasized that the name references in the database were not individually definitive and simply presented “potential” matches. TransUnion said that it “made it crystal clear” that the appearance of a name in its alert system “should be the beginning and not the end” of any OFAC inquiry.
In a 2018 financial report referencing the jury decision, TransUnion said, “we continue to believe that we have not willfully violated any law.” In a statement provided to the E-Commerce Times through spokesperson David Blumberg, TransUnion said, “We do not comment on pending litigation.”
The U.S. Chamber of Commerce, in a brief supporting TransUnion, noted that for an overwhelmingly large component of the class, no reports ever reached a third party. The Ninth Circuit’s decision was “flimsy” and based on assertions that were too speculative and abstract for legal purposes, the Chamber said.
Database Risk Meets Test of Injury
In asserting that the Ninth Circuit ruling was correct, attorneys representing Ramirez said the relevant harm for allowing class-action status “is not the sale or publication of a credit report containing a terrorist record, it is the risk of significant injury of that inaccurate information being reported.”
The risk of real harm that TransUnion imposed on all class members “arose from both the gravity and the likelihood of dissemination of its false OFAC alerts,” according to a brief filed by law firm Francis Mailman Soumilas.
“The U.S. Constitution allows people to sue in federal court when they are at substantial risk of harm, even if they have not yet suffered harm,” Adam Schwartz, senior staff attorney at the Electronic Frontier Foundation, told the E-Commerce Times. EFF filed an amicus brief supporting Ramirez.
“This principle is especially important during the ongoing technological revolution when private corporations are collecting, storing, sharing, and using massive quantities of our highly sensitive personal information. This data processing creates extraordinary risks of harm,” he said.
Consumers should not be prevented from going to federal court until after a breach of personal data occurs, such as identity theft or denial of credit, he added. “Rather, we should be able to go to federal court when corporations process our data in a manner that creates a substantial risk of these and other harms. Especially where, as here, Congress has required credit reporting agencies to ensure that their credit data are accurate and has empowered people subject to erroneous credit data to sue such agencies,” Schwartz noted.
According to the Akin Gump and the Department of Justice analyses, the Supreme Court’s ruling may be limited in its application to different stages of court proceedings. But for the tech companies and businesses in general, the Supreme Court’s treatment of the “harm” issue will be a significant legal development affecting class action litigation.