Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 27, the U.S. District Court for the District of New Jersey granted a defendant’s motion to dismiss a class action case brought under the FDCPA. The court agreed with the defendant that the plaintiffs did not suffer “concrete injury” and therefore did not have standing to sue.
The plaintiffs received debt collection letters from the defendant stating that the defendant might “take additional collection efforts” including sending “a negative credit report” if there was no response within seven days. The plaintiffs alleged the letters were “deceptive” because they violated the defendant’s own policy of credit reporting at 60 days and not seven days. The defendant moved to dismiss, arguing the plaintiffs suffered no “concrete injury” and therefore did not have standing to bring this case.
Because the plaintiffs did not incur any concrete harm—they did not allege any out-of-pocket expenses or public embarrassment as a result of the collection letters—the plaintiffs instead advanced a “novel” standing argument. Turning to the Supreme Court’s decision, the plaintiffs argued that violation of a traditional tort that Congress had elevated by statute can provide sufficient “concrete harm.” Under this theory, the plaintiffs argued that the collection letter violated the “anchor tort” of unreasonable debt collection when Congress had elevated to a statutory basis when enacting the FDCPA.
The court disagreed. In its opinion, the court noted that the plaintiffs had only provided two relevant cases indicating the existence of the unreasonable debt collection tort, both of which were from Texas, the oldest of which was nearly 70 years old. The court held that “a tort that exists in only one jurisdiction is not prevalent enough to be traditional,” and there was no precedent to determine whether a 70-year-old tort was old enough to be “traditional.” Accordingly, the court ruled in favor of the defendant and granted a motion to dismiss.
On November 2, two healthcare providers settled with plaintiffs after eight years of litigation between the district court and the U.S. Court of Appeals for the 6th Circuit, stemming from alleged violations of the FDCPA, breach of contract, and violations of the Ohio Consumer Sales Practices Act, among other things. According to the order, the defendants allegedly contacted plaintiffs and their legal counsel, requesting that their legal counsel sign a letter to forego any legal settlement or judgment against the defendants to prevent plaintiffs’ accounts from being sent to collections, despite having plaintiffs’ health insurance information. While the defendants deny any fault, wrongdoing, or liability in connection with the claims, the parties agreed to a settlement amount of $3.5 million, with each claimant receiving a cash payment of $25. The class is comprised of 12,000 individuals with health insurance plans accepted by the healthcare provider who were patients at an Ohio facility from 2009 to 2023, and subsequently made payments or were asked to make payments for their treatment, excluding co-pays or deductibles. Additionally, certain class members will also receive a cash payment equal to fifty percent of the amount paid to the healthcare provider.
On October 23, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of a consumer’s putative class action lawsuit alleging that a collection agency violated the FDCPA by sharing the consumer’s debt information with a third-party vendor. The court ruled that the consumer lacked standing because she did not sustain an injury from the sharing of her information.
To collect a defaulted credit-card debt, the defendant collection agency used a third-party vendor to print and mail a collection letter to the consumer. The consumer alleged that the collection agency violated the FDCPA by disclosing to the vendor the consumer’s personal information, and the disclosure was analogous to the tort of invasion of privacy. The appeals court disagreed, reasoning that the sharing of a debtor’s data with a third-party mail vendor to populate and send a form collection letter that caused no cognizable harm, legally speaking. The court also noted that the U.S. Courts of Appeal for the Tenth and Eleventh Circuits have reached similar conclusions. “The transmission of information to a single ministerial intermediary does not remotely resemble the publicity element of the only possibly relevant variant of the privacy tort.”
On September 7, the U.S. District Court for the Northern District of New York issued a Final Order approving a more than $2.2 million settlement deal to end a class action over a credit union’s overdraft and insufficient funds fee practices.
The deal includes a $2.1 million settlement fund. After payment of attorneys’ fees to customers’ counsel, 80% of the settlement fund will go to customers who were allegedly charged overdraft fees on debit card transactions that did not overdraw their accounts when the transactions were authorized, and 20% will go to customers who were allegedly hit with multiple insufficient funds fees on a single transaction. In addition, the credit union will forgive, waive and not collect nearly $165,000 in uncollected fees.
On December 7, 2022, plaintiffs filed a putative class action complaint in the United States District Court for the Northern District of New York that consolidated two putative class action cases in which the plaintiffs alleged the credit union’s assessment of more than one insufficient funds fee on a single transaction and assessment of overdraft fees on debit card transactions that did not overdraw the customers’ accounts was a breach of contract, breach of the covenant of good faith and fair dealing, and violative of New York General Business § 349, et seq. Shortly after the actions were consolidated, the parties notified the court that they were working towards a settlement.
On August 30, a California Appeals Court (Appeals Court) reversed a lower court’s ruling that a mere alleged debt, whether or not actually due or owing – as opposed to a debt that is, in fact, actually due or owing – is insufficient to state a claim under the Rosenthal Fair Debt Collection Practices Act (Rosenthal Act). Enacted in 1977, the Rosenthal Act aims “to prohibit debt collectors from engaging in unfair or deceptive acts or practices in the collection of consumer debts.” Plaintiff purchased a home with a previously-installed solar energy system. The previous homeowner and plaintiff reached an agreement whereby the prior homeowner would purchase the energy produced through the system through monthly payments. However, the defendant, the provider of the solar energy system, sent late payment notices to plaintiff demanding that he make monthly payments. Although plaintiff did not engage in a “consumer credit transaction” with the defendant, the Appeals Court found that the plaintiff’s receipt of statements and notices from the defendant constituted money “alleged to be due or owing,” as required to state a claim under the Rosenthal Act. In holding that the plaintiff’s claim “has merit,” the Appeals Court emphasized that the Rosenthal Act was specifically designed to “eliminate the recurring problem of debt collectors dunning the wrong person or attempting to collect debts which the consumer has already paid,” and “[i]t is difficult to conceive of a more unfair debt collection practice than dunning the wrong person”.
On August 22, the U.S. Court of Appeals for the Seventh Circuit affirmed the dismissal of a proposed class action alleging that defendant insurance companies leaked the plaintiffs’ drivers license numbers, holding that the plaintiffs lacked standing to sue the insurance companies. In a split decision, the majority opinion held that plaintiffs failed to establish standing to bring a lawsuit under the Driver’s Privacy Protection Act (DPPA) based on the unauthorized disclosure of their driver’s license numbers through a form on defendant’s website. The majority held that plaintiffs failed to allege a concrete injury, writing that allegations that plaintiffs are worried about future identity theft stemming from the disclosure are insufficient for standing, focusing on legitimate reasons why driver’s license numbers are commonly exposed to third-parties. The majority further held that plaintiffs failed to allege that false unemployment benefit applications submitted in their name were traceable to the disclosure of their driver’s license number, dooming their standing claim. In a dissent, Judge Kenneth Ripple disagreed with the majority’s conclusion that plaintiffs failed to make sufficient allegations to justify standing, reasoning that the DPPA contemplates a private right of action for the types of harms suffered by the plaintiffs and that plaintiffs adequately alleged that they suffered harm from false unemployment benefit applications submitted as a result of the driver’s license number leak.
On July 28, the U.S. District Court for the Southern District of Alabama granted summary judgment in favor of a defendant third-party debt collector in an FCRA and FDCPA putative class action, holding that the defendant carried out a reasonable investigation following plaintiff’s dispute of the debt it had reported to credit reporting agencies (CRAs) and that the plaintiff failed to establish that the defendant knew or should have known that the debt was inaccurate or invalid. Defendant entered into an asset purchase agreement with another third-party debt collector and reported debts to credit reporting agencies under the name of the non-defendant third-party debt collector, including an account erroneously associated with plaintiff. When defendant received notice that plaintiff disputed the erroneous account information, defendant verified the account information in its system and provided by the CRA, asked the creditor to provide account documentation, and then requested that the CRAs delete their reporting of the account once the creditor failed to provide account documentation within the requested thirty-day period.
In relation to the FCRA claim, the court found that the defendant “did everything required by the FCRA in response to Plaintiff’s dispute” such that the plaintiff “failed to establish how this investigation was not reasonable” or in violation of the FCRA. The court also found that plaintiff “failed to show that any different result would have occurred had [defendant] conducted any part of its investigation differently.” Finally, plaintiff’s claim failed as a matter of law concerning defendant’s initial report of the debt to the CRAs because the defendant was not required under the FCRA to “investigate the validity of a debt before commencing to report on that account to the CRAs.” While the defendant was prohibited from reporting inaccurate consumer information, no private cause of action exists for violations of this initial reporting provision of the FCRA.
For the FDCPA claim, the court held that the plaintiff failed to establish that the defendant had knowledge that the debt it reported was not accurate or was otherwise disputed or invalid. Because the CFPB passed Regulation F in November 2021, after the events at question in this litigation, furnishing information regarding a debt to a CRA before communication with plaintiff was not unlawful at that time. Finally, the court found that plaintiff failed to timely assert that defendant violated the FDCPA provision prohibiting false, deceptive, or misleading representation by using the non-defendant third-party debt collector’s name when reporting the account to the CRAs because this allegation was not present in plaintiff’s complaint.
On July 24, the full U.S. Court of Appeals for the Eleventh Circuit unanimously held that a plaintiff who receives a single, unwanted text message has standing to sue the sender of the message under the TCPA. The decision departs from precedent set by the same court in 2019, in which it determined in a different case that receiving one unsolicited text message is not enough of a concrete injury to establish standing under the statute. (Covered by InfoBytes here.) Plaintiff filed a putative class action against a web-hosting company alleging the defendant violated the TCPA by using a prohibited autodialer to send promotional calls and text messages selling services and products. The settlement agreement reached between the parties also resolved claims brought against the defendant by parties in two other actions.
During settlement discussions, the district court cited the aforementioned 2019 11th Circuit decision and asked the parties to brief how their case, which includes individuals who received only one text message, was distinguishable from the 2019 action. The district court ultimately ruled that class members who only received one text message “lacked a viable claim” in the 11th Circuit under the 2019 precedent, but noted that because the case involves a nationwide settlement, “those class members ‘do have a viable claim in their respective Circuit.’” An objector to the settlement appealed the ruling on various grounds to the 11th Circuit, which dismissed the appeal for lack of jurisdiction and held that the class definition did not meet Article III standing requirements, as it included individuals who received a single text message. Plaintiff moved for rehearing en banc, asking the 11th Circuit to reevaluate the 2019 precedent and to clarify the elements necessary to pursue a TCPA claim.
Reviewing de novo the threshold jurisdiction question of whether plaintiffs have standing to sue, the 11th Circuit said that “the harm that underlies a lawsuit for the common-law claim of intrusion upon seclusion” shares a “close relationship” with a “traditional harm.” The appellate court explained that because “[b]oth harms reflect an intrusion into the peace and quiet in a realm that is private and personal[,] [a] plaintiff who receives an unwanted, illegal text message suffers a concrete injury. Because [plaintiff] has endured a concrete injury, we remand this matter to the panel to consider the rest of the appeal.” Recognizing that a single unsolicited text message may not be considered “highly offensive to the ordinary reasonable man” it “is nonetheless offensive to some degree to a reasonable person.” The 11th Circuit also referred to seven other circuit courts that “have declined to consider the degree of offensiveness required to state a claim for intrusion upon seclusion at common law,” and have instead chosen to conclude that “receiving either one or two unwanted texts or phone calls resembles the kind of harm associated with intrusion upon seclusion.” Moreover, the 11th Circuit noted that Congress is given authority under the Constitution “to decide what degree of harm is enough so long as that harm is similar in kind to a traditional harm,” which is “exactly what Congress did in the TCPA when it provided a cause of action to redress the harm that unwanted telemarketing texts and phone calls cause.”
On July 18, the Illinois Supreme Court declined to reconsider its February ruling, which held that under the state’s Biometric Information Privacy Act (BIPA or the Act), claims accrue “with every scan or transmission of biometric identifiers or biometric information without prior informed consent.” Three justices, however, dissented from the denial of rehearing, writing that the ruling leaves “a staggering degree of uncertainty” by offering courts and defendants little guidance on how to determine damages. The putative class action stemmed from allegations that the defendant fast food chain violated BIPA sections 15(b) and (d) by unlawfully collecting plaintiff’s biometric data and disclosing the data to a third-party vendor without first obtaining her consent. While the defendant challenged the timeliness of the action, the plaintiff asserted that “a new claim accrued each time she scanned her fingerprints” and her data was sent to a third-party authenticator, thus “rendering her action timely with respect to the unlawful scans and transmissions that occurred within the applicable limitations period.”
In February, a split Illinois Supreme Court held that claims accrue under BIPA each time biometric identifiers or biometric information (such as fingerprints) are scanned or transmitted, rather than simply the first time. (Covered by InfoBytes here.) The dissenting judges wrote that they would have granted rehearing because the majority’s determination that BIPA claims accrue with every transmission “subvert[s] the intent of the Illinois General Assembly, threatens the survival of businesses in Illinois, and consequently raises significant constitutional due process concerns.” The dissenting judges further maintained that the majority’s February decision is confusing and lacks guidance for courts when determining damages awards. While the majority emphasized that BIPA does not contain language “suggesting legislative intent to authorize a damages award that would result in the financial destruction of a business,” it also said that it continues “to believe that policy-based concerns about potentially excessive damage awards under [BIPA] are best addressed by the legislature,” and that it “respectfully suggest[s] that the legislature review these policy concerns and make clear its intent regarding the assessment of damages under [BIPA].”
On July 13, a panel of the U.S. Court of Appeals for the Ninth Circuit entered an order amending an opinion filed on December 28, 2022 and denied a petition for rehearing en banc in a putative class action accusing a multinational technology company and search engine and its affiliated video-sharing platform of collecting children’s data and tracking their online behavior surreptitiously without parental consent in violation of state law and the Children’s Online Privacy Protection Act (COPPA). The panel unanimously voted against defendant’s en banc rehearing request, commenting that no other 9th Circuit judge has requested a vote on whether to consider the matter en banc.
Claiming the defendant used “persistent identifiers” — which the FTC’s regulations define as information “that can be used to recognize a user over time and across different Web sites or online services” — class members alleged state law claims arising under the constitutional, statutory, and common laws of California, Colorado, Indiana, Massachusetts, New Jersey, and Tennessee. Last December, the three-judge panel reversed and remanded the district court’s dismissal of the suit, disagreeing that the allegations were squarely covered, and preempted, by COPPA (covered by InfoBytes here.) On appeal, the 9th Circuit considered whether COPPA preempts state law claims based on underlying conduct that also violates COPPA’s regulations. The panel determined that “COPPA’s preemption clause does not bar state-law causes of action that are parallel to, or proscribe the same conduct forbidden by, COPPA. Express preemption therefore does not apply to the children’s claims.” The panel further noted that the U.S. Supreme Court and others have long held “that a state law damages remedy for conduct already proscribed by federal regulations is not preempted.”
The panel, however, amended its prior opinion to note that the FTC supports its conclusion that COPPA does not preempt the asserted state law privacy claims on the basis of either express preemption or conflict preemption. At the end of May, at the 9th Circuit’s request, the FTC filed an amicus brief (covered by InfoBytes here) arguing that COPPA does not preempt state laws that are consistent with the federal statute’s treatment of regulated activities. The panel concluded that neither express preemption nor conflict preemption bar the plaintiffs’ claims.