Legal Experts Expect Data Security Litigation to Face Challenges of Standing
Current precedent is unclear in data security litigation, say experts.
Teralyn Whipple
WASHINGTON, February 9, 2023 – Data security litigation, such as in robocall cases, is facing an increasingly steep burden to establish standing, the capacity to bring a lawsuit to court, said a panel of law experts on Wednesday.
Article III, which grants power to the judiciary branch, states that federal courts can only hear “cases or controversies,” which requires the plaintiff to have a legal right to sue. Standing requires that the plaintiff have a “concrete and particularized” injury.
For those lawsuits that represent the interests of a large number of people, standing becomes more complicated and data security is right at the forefront, said Aaron Weiss of Carlton Fields law firm at the Federal Communications Bar Association event.
Recent court decisions have relied heavily on an appeal to historical antecedent, said Heather Elliott, professor at the University of Alabama School of Law.
A 2016 Supreme Court decision – in which the plaintiff, Thomas Robins, accused “people search engine,” Spokeo, of sharing incorrect information about him – overruled the Ninth Circuit decision on the basis that the plaintiff could not prove that the injury was concrete.
Telephone Consumer Protection Act
The Federal Communications Commission has regulatory authority under the Telephone Consumer Protection Act to prohibit using automatic telephone dialing systems to call residential or cellular telephone lines without consent.
In 2018, John Salcedo brought a class action lawsuit against Alex Hanna, alleging that Hanna had violated TCPA by sending an unconsented automized text. The Eleventh Circuit determined that there was no concrete injury. Its verdict stated that “on text messaging generally… the judgement of Congress is ambivalent at best.”
On a similar case in 2021, however, the Fifth Circuit held that a single text message was the invasion of privacy that Congress intended to ban under the TCPA and delegated authority to the FCC to implement the law.
To further complicate the matter, state courts are under different jurisdiction and may rule separately from its circuit, said Weiss.
“It is very clear that the lower courts are super confused,” added Elliott.
The FCC is currently taking steps to combat telephone scammers. It ruled in November that straight-to-voicemail robocalls are calls under the TCPA and will be subject to the law’s consumer protections. According to the TCPA, read the commission’s ruling, the recipient of an automatic dialing system, artificial voice, or prerecorded message must provide affirmative consent prior to receiving it.
Major questions doctrine
The FCC, however, is itself facing uncertain regulatory authority. In June, the Supreme Court held that in “extraordinary cases” a federal agency, such as the FCC, must point to “clear congressional authorization” for the authority it claims.
Under the major questions doctrine, the Supreme Court can reject federal agency claims of regulatory authority when the issue is of “vast economic and political significance” and when Congress has not clearly endowed the agency with authority over the issue.
Representative Cathy McMorris Rodgers, R-Wash., is concerned with the legislative power that federal agencies have. “Our founders provided Congress with legislative authority to ensure lawmaking is done by elected officials, not unaccountable bureaucrats,” she wrote in a letter to FCC Chairwoman Jessica Rosenworcel in October.