In Clapper v. Amnesty International, Supreme Court Dismisses Privacy Suit for Lack of Article III Standing: Poses a Clear and Present Danger to Data Breach Class Actions


In 2008, the Foreign Intelligence Surveillance Act (FISA) was amended, broadening the surveillance powers of the federal government with respect to communications outside of the United States. In Clapper v. Amnesty International, a group including journalists, human rights activists, and labor leaders challenged those amendments. Plaintiffs claimed that their work required open communication with persons around the globe, and that the prospect of government surveillance chilled that communication. Plaintiffs also claimed that they had incurred costs to prevent this surveillance, such as the cost to travel abroad to communicate in person with potential surveillance targets.

The Supreme Court issued a 5-4 decision, in which the majority (Alito, J.) found that the plaintiffs had no Article III standing to sue.

The majority’s decision provides substantial guidance on fundamental issues of Article III standing where informational/privacy interests are concerned.

The majority reaffirmed the importance of Article III standing, emphatically, noting its prior statement that “no principle is more fundamental to the judiciary’s proper role.”

The majority noted that for any of the plaintiffs to suffer actual informational harm (interception of their communications), a number of events would have to take place, from the government choosing to exercise its power under the amendment, to the FISA court granting the application to do so, to the government’s chosen target being a person with whom the plaintiff communicates at the moment of interception.

The majority reiterated that future harms are not justiciable unless “injury is certainly impending….allegations of possible future injury are not sufficient.” (Quotations and citation marks omitted.) Moreover, the Court found itself “reluctant to endorse standing theories that require guesswork as to how independent decision makers will exercise their judgment.” While Clapper was not a data breach or theft case, the majority’s standing analysis is in line with courts across the country that have dismissed breach suits attempting to rely on the possibility of future injury -- such claims usually being premised on the hypothetical future actions of would-be identity thieves not before the court.

The majority also ruled that the plaintiffs could not establish standing by pointing to costs voluntarily incurred. “The Second Circuit’s analysis improperly allowed respondents to establish standing by asserting that they suffer present costs and burdens that are based on a fear of surveillance, so long as that fear is not ‘fanciful, paranoid, or otherwise unreasonable’.… This improperly waters down the fundamental requirements of Article III.” Per the majority, plaintiffs simply “cannot manufacture standing by incurring costs in anticipation of non-imminent harm.” That holding will figure prominently in defense efforts opposing data breach class actions that seek to recover the cost of credit monitoring or other identity protection tools.

The dissent, written by Justice Breyer, contains much that will sound familiar to anyone who has read a plaintiffs’ brief in a data breach case. The dissent notes that the government has the opportunity, motive, capacity, and track record to indicate that it will someday, somehow, harm the plaintiffs. Data security-breach plaintiffs argue the same points about the persons who acquire personal information unlawfully. At one point, the dissent argues that the “certainly impending” standard does not really require certainty. “Taken together the case law uses the word ‘certainly’ as if it emphasizes, rather than literally defines, the immediately following term ‘impending’.” The dissent notes, as the plaintiffs’ privacy bar frequently argues, that all requests for injunctive relief are by nature somewhat probabilistic. However, this lax standard, urged by the dissent is now definitively a minority position, not the law of the land. Reed Smith’s data privacy, security, and management team will continue to review and advise on the ripple effects of this Supreme Court decision on privacy breach cases pending around the country.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Reed Smith | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.