Unwanted Texts Alone Can Justify Standing, 2d Circuit Decides

A plethora of federal laws address the proliferation of technology-enabled automated communications in a variety of areas, including finance, commerce, credit, and health. Although the general objective is to address individual privacy and data security concerns, each law contains distinct goals, technical requirements, and remedies if violated. One issue that continues to evolve is whether an individual has standing to pursue private recovery under the distinct provisions of each law.

As I explained in my April column, “Supreme Court’s Google Ruling Has Big Implications for Suits Against Tech Companies,” NYLJ, April 15, 2019, in late March, in Frank v. Gaos, 139 S. Ct. 1041, 203 L. Ed. 2d 404 (2019), the U.S. Supreme Court ruled that plaintiffs suing for alleged violations of the federal Stored Communications Act (SCA) had to demonstrate “actual and concrete harm” that was not, in that case, established by a mere violation of that statute. The court in Gaos relied in large measure on its earlier decision in Spokeo v. Robins, 578 U. S. ___, 136 S. Ct. 1540, 194 L. Ed. 2d 635 (2016), which involved a claim brought under the federal Fair Credit Reporting Act of 1970 in which the court concluded, “Article III standing requires a concrete injury even in the context of a statutory violation.” Thus, Spokeo and Gaos seem likely to limit the ability of consumers to sue Internet companies and other technology businesses for solely technical violations of the statutes at issue, because individual plaintiffs might be unable to demonstrate actual and quantifiable harm as a result of only these alleged violations for purposes of standing

But, what if the alleged statutory violation is not merely “technical” and resulted in a “concrete harm” to the individual? At the end of April—after Gaos was decided—the U.S. Court of Appeals for the Second Circuit, in Melito v. Experian Marketing Solutions, Nos. 17-3277-cv (L), 17-3279-cv (Con) (2d Cir. April 30, 2019), addressed that issue when it found standing for plaintiffs who alleged that they had received unsolicited spam text messages sent from or on behalf of a retailer in violation of the federal Telephone Consumer Protection Act (TCPA). The plaintiffs alleged no injury other than the receipt of the unwanted texts.

The Second Circuit in Melito referenced Spokeo more than a dozen times—and it referenced Gaos only once, in a footnote near the end of its opinion. As of today, Melito is the law in this circuit on standing in TCPA cases. Whether it will have longstanding significance, however, may depend on the Supreme Court’s interest in providing further clarification sometime in the future.

Background

The Melito case arose when Christina Melito, Christopher Legg, Alison Pierce, and Walter Wood brought a putative class action lawsuit against American Eagle Outfitters, AEO Management Co. (together, AEO), and Experian Marketing Solutions, alleging that Experian, acting on behalf of AEO, sent spam text messages to their phones using an automatic telephone dialing system (ATDS). The plaintiffs alleged that they received the unconsented-to messages in violation of the TCPA.

The plaintiffs and AEO reached a settlement, which the U.S. District Court for the Southern District of New York approved.

Among other things, the district court found that the plaintiffs did not lack standing. It reasoned that, under Spokeo, alleging only a statutory violation, without alleging any additional harm beyond the one Congress identified, could be sufficient to establish a concrete injury depending on the impact of that violation. It likewise found that unwanted and unauthorized telephone contact by an automated system was precisely the harm that Congress was trying to avoid when it enacted the TCPA.

The dispute reached the Second Circuit.

The Second Circuit’s Decision

The circuit court affirmed, finding that the plaintiffs’ receipt of unsolicited text messages, without any other injury, was sufficient to demonstrate injury-in-fact.

In its decision, the circuit court explained that a plaintiff, to demonstrate standing, must have suffered an injury-in-fact. Quoting from Spokeo, the Second Circuit added that a plaintiff established injury-in-fact if the plaintiff suffered “an invasion of a legally protected interest” that was “concrete and particularized” and “actual or imminent, not conjectural or hypothetical.”

The Second Circuit then rejected Experian’s contention that the plaintiffs lacked standing because they failed to allege a “concrete” injury-in-fact.

The circuit court reasoned that, in determining whether an “intangible harm,” as alleged by the plaintiffs in this case, constituted injury-in-fact, “both history and the judgment of Congress” played important roles. The Second Circuit said that this did not mean that a plaintiff automatically satisfied the injury-in-fact requirement whenever a statute granted a person a statutory right and purported to authorize that person to sue to vindicate that right. The circuit court found, however, that the Melito plaintiffs did not allege a “bare procedural violation, divorced from any concrete harm.”

First, the circuit court pointed out, the plaintiffs alleged the “very injury” that the TCPA was intended to prevent. The circuit court noted that although text messages were different in some respects from the receipt of calls or faxes specifically mentioned in the TCPA, they presented the same “nuisance and privacy invasion” problems envisioned by Congress when it enacted the TCPA.

Second, the Second Circuit continued, the harms Congress sought to alleviate through passage of the TCPA were closely related to traditional claims, including claims for “invasions of privacy, intrusion upon seclusion, and nuisance.”

The Second Circuit noted that the Third and Ninth Circuits had reached a similar conclusion on standing in two recent cases concerning the private right to assert claims under the TCPA.

In Susinno v. Work Out World, 862 F.3d 346 (3d Cir. 2017), the Third Circuit held that the plaintiff had “alleged a concrete, albeit intangible, harm under the Supreme Court’s decision in Spokeo” as a result of an unsolicited promotional offer left as a message on her cell phone. The Third Circuit added that because of its ruling on that issue, it did not have to address the plaintiff’s additional arguments that her various tangible injuries provided alternative grounds for standing.

Similarly, in Van Patten v. Vertical Fitness Group, 847 F.3d 1037 (9th Cir. 2017), the Ninth Circuit declared that, “Unsolicited telemarketing phone calls or text messages, by their nature, invade the privacy and disturb the solitude of their recipients.” Accordingly, the Ninth Circuit ruled, a plaintiff alleging a violation under the TCPA “need not allege any additional harm beyond the one Congress has identified.”

The circuit court in Melito was not persuaded by Experian’s attempt to rely on two earlier Second Circuit decisions—Katz v. Donna Karan Co., 872 F.3d 114 (2d Cir. 2017), and Strubel v. Comenity Bank, 842 F.3d 181 (2d Cir. 2016)—to show that the Melito plaintiffs did not have standing to assert their TCPA claims.

In Katz, the plaintiff alleged that he had twice purchased items at the defendants’ stores and that on both occasions he had received a printed receipt that identified not only the last four digits of his credit card number but also the first six digits. He alleged that this violated the federal Fair and Accurate Credit Transactions Act of 2003 (FACTA), that it raised a material risk of harm of identity theft, and that as a result he had suffered a concrete injury sufficient to establish standing to sue the defendants for the violation.

At the motion-to-dismiss stage, the defendants introduced evidence that the first six digits of a credit card number simply identified the card issuer and provided no personally identifying information about the plaintiff. In part on this basis, the U.S. District Court for the Southern District concluded that this alleged FACTA violation, without some further harm, did not raise a material risk of identity theft sufficient to satisfy the concrete injury requirement as articulated in Spokeo, and it dismissed with prejudice the plaintiff’s complaint for lack of subject matter jurisdiction.

The Second Circuit in Katz agreed with the district court on this issue, deciding that the plaintiff did not have standing to pursue a claim under FACTA because the defendants’ stores’ provision of receipts containing the digits of the credit card numbers, while in violation of FACTA’s technical requirement, did not necessarily entail “any consequence that stemmed from the display” of those numbers.

In Strubel, the plaintiff asserted that four billing-rights disclosures made to her by Comenity Bank in connection with her opening of a credit card account violated the federal Truth in Lending Act (TILA). The Southern District granted judgment in favor of Comenity on the merits but, on appeal, the bank challenged the plaintiff’s standing to maintain her action. On standing, the Second Circuit distinguished between notice deficiencies that created a concrete and personal risk of harm, which it said could properly serve as the basis for standing, and a “bare procedural violation” that created only a general risk of harm, which could not.

In other words, the Second Circuit said in Melito, its decisions in Katz and Strubel were based on the plaintiffs’ inability to demonstrate “the risk of harms attendant [to] a statutory violation” while the receipt of unwanted advertisements in the form of text messages was itself the harm under the TCPA about which the Melito plaintiffs complained.

Finally, in a footnote, the Second Circuit addressed the Supreme Court’s decision in Gaos. In two sentences, it said that the Supreme Court’s decision “merely reaffirms the holding of Spokeo and remands for the district court to reconsider the standing of the plaintiffs there.” In the Second Circuit’s opinion, “[n]othing” in Gaos “alters or elaborates on the Spokeo doctrine or casts any doubt on our analysis of the standing issue.”

Conclusion

It should be anticipated that in the future standing issues will be litigated based on arguments as to whether the purported statutory violation resulted exclusively in its failure to strictly comply with the statute’s technical dictates or whether the violation at issue resulted in an actual injury to the plaintiff’s interests. The analysis may be required on a case-by-case basis and even may vary as concerns about privacy and data security rise and fall. One thing, however, is clear: The issue of standing in cases involving new technologies and a wide range of federal privacy laws remains in flux.

Reprinted with permission from the June 17, 2019 issue of the New York Law Journal. © ALM Media Properties, LLC.  Further duplication without permission is prohibited.  All rights reserved.