U.S. Supreme Court Clarifies Spokeo with TransUnion Decision

On June 25, 2021, the U.S. Supreme Court (the “Court”) issued a decision in TransUnion v. Ramirez (“TransUnion”), providing much-needed clarity on the types of injuries required to assert statutory privacy claims in federal court. The TransUnion decision expanded on the Court’s 2016 decision, Spokeo v. Robbins (“Spokeo”), in which the Court held plaintiffs must demonstrate a “concrete harm” in order to move forward with claims under the Fair Credit Reporting Act and other similar privacy statutes. However, the standard for what is or is not “concrete” was left unclear after Spokeo, leading appellate courts to reach differing conclusions on what must be alleged to prop up claims under various privacy-related statutes.

The only guidance given in the Spokeo opinion was that judges must determine whether there is a sufficiently “close relationship” between the plaintiff’s asserted injuries and a historical analogue for the alleged harm, such as defamation or invasion of privacy. TransUnion has expanded on this standard, with Justice Kavanaugh writing that an injury should only be viewed as concrete when plaintiffs can say that they were “personally harmed” by the conduct. To emphasize this point, Justice Kavanaugh stated that the full court had “no trouble” concluding that the 1,853 class members whose flawed credit reports had been shared with third parties met the standard for a concrete reputational harm. Those individuals whose credit reports had not been provided to third-party businesses were held as not having met the standard for proving concrete injury.

The TransUnion decision has reignited conversations regarding our nation’s privacy regime and standards. On one hand, the TransUnion decision places a more stringent standard on plaintiffs to prove harm at the outset in order to gain class certification, making it harder for plaintiffs to bring cases against big companies for statutory violations. On the other hand, enforcement of statutes like the Fair Credit Reporting Act gives individuals comfort that businesses are respecting their privacy rights. If companies believe that enforcement through class actions is unlikely to occur due to a lack of “injury” to consumers by violations, they may not be incentivized to comply with the underlying law.

There is a delicate balance between protecting businesses from frivolous lawsuits and protecting the rights of consumers. As the effects of the TransUnion decision trickle down to appellate courts, Congress may also be prompted to reassess the ability of consumers to sue for statutory privacy violations. The Corporate and Litigation Groups at Levenfeld Pearlstein will continue to monitor any developments related to privacy legislation and case law. If you have any specific questions, please do not hesitate to reach out.