Seventh Circuit Upholds Privacy Class Action under Federal Law

In a notable decision that may lead to an increase in privacy class actions under federal law, the Seventh Circuit in Harris v. comScore, Inc. upheld the certification of a class action for alleged privacy violations under the Stored Communications Act (SCA), the Electronic Communications Privacy Act (ECPA), and the Computer Fraud and Abuse Act (CFAA). In certifying the class, the district court found that statutorily defined damage amounts eliminated the need for plaintiffs to prove their injuries individually.

Plaintiff representatives alleged that comScore unjustly enriched itself under state common law, and that it violated the SCA, ECPA, and CFAA by operating outside of the terms of its User License Agreement (ULA) for its data collection software. In analyzing plaintiffs' motion to certify a class consisting of users who downloaded the software since 2005, the district court denied certification on the unjust enrichment claim but certified the class under the federal statutes. The court found that plaintiffs had alleged various common questions capable of resolution on a classwide basis under these statutes—which define statutory penalties per violation—and that the issues common to the class predominated over individual ones.

Notably, the court rejected comScore's argument that the class was unmanageable because each plaintiff had to prove actual damages. The court instead held that the damages claimed were statutory in nature and thus determinable, absent individual showings of injury. The SCA, for example, provides a minimum statutory fine of $1,000 for a violation, while the ECPA provides a statutory penalty range of $50 to $10,000.

For the CFAA claim, which requires a threshold showing of at least $5,000 in loss and does not specify a minimum fine amount for a violation, the court declined to address whether plaintiffs could aggregate their damages to reach the threshold loss amount. Nonetheless, the district court found, and the Seventh Circuit agreed, that resolving all of the common liability and damages issues under all three statutory claims in a single proceeding, with separate individual damages hearings as necessary, would efficiently resolve the issues in the case.

The holding in Harris v. comScore may contribute to an already increasing number of class action privacy suits under federal law. Historically, other circuits (including the Fourth Circuit) have found that putative class members lack standing to pursue class actions where there is no evidence of actual harm. Following similar holdings in recent Ninth Circuit cases, however, the Seventh Circuit's comScore opinion continues a trend in finding that statutory damages under federal privacy laws are sufficient to satisfy the commonality and predominance requirements of a Rule 23(b)(3) class. Whether other circuits will join the Seventh and Ninth Circuits remains an open, and important, question.

Topics:  CFAA, Class Action, Class Certification, ECPA, Harris v comScore, Privacy Laws, Right to Privacy, Stored Communications Act

Published In: Civil Procedure Updates, Civil Remedies Updates, Communications & Media Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »