So I buy an app for $1.77…. Can I bring a class action for billions if my name and credit card information is given to the app seller even if no harm is done? Is this the best way to protect our privacy? Or is this just “gotcha litigation?”
A recent decision by Judge Beth Freeman of the Northern District of California highlights these troubling standing issues.
Standing has long been a bedrock of constitutional law. Simply put, it requires you to have a cognizable injury traceable to the bad conduct of a defendant to resort to our court system. It’s why you can’t sue the guy who cuts you off in traffic: it may make you mad but you haven’t been injured—at least in a way our court system recognizes. As the Supreme Court put it: “to establish Article III standing, an injury must be ‘concrete, particularized, and actual or imminent; fairly traceable to the challenged action; and redressable by a favorite ruling.”
A decision by Judge Freeman in Svenson v. Google Inc. may stand these principals on their head. In Svenson, the plaintiff used Google Wallet to purchase an app for $1.77. Google Wallet is a well-known electronic payment mechanism and, according to the curt, is the only way one can purchase apps from the Google app store.
Svenson claimed that Google violated its own internal privacy policies by sharing information with the app developer she and other members of the class had provided to Google Wallet to enable the Wallet to be used to purchase apps over the Internet. This information included such things as her name, credit card information, purchase authorization, address, zip code, phone number, email address etc. In short, the essential information that an electronic payment processor would need to facilitate a transaction with others. Svenson claimed however that Google shared some of this information with the vendor from whom she purchased the app via Google Wallet.
Svenson brought claims for breach of contract based on Google’s alleged breach of its privacy policies, breach of the implied covenant of good faith, violations of the federal Stored Communications Act (SCA) and violations of California’s Unfair Competition law. Google moved to dismiss arguing that Svenson had no standing having not suffered a cognizable injury traceable to Google’s alleged breach.
The Court made short work of the Google SCA argument. The SCA contains statutory penalties and in the 9th Circuit at least, such penalties create standing even if the plaintiff otherwise has no injury. As previously discussed in this blog on two occasions, the validity of this issue if up for grabs in the Robins v. Spokeo Inc. litigation pending before the US Supreme Court.
That part of Judge Freeman’s ruling, while troubling, is hardly surprising.
Not so fast said Judge Freeman. Svenson had standing because she did not get the benefit of her bargain. According to the Court, Svenson paid for the app believing that Google’s privacy policies would be followed and was therefore injured in some undefined amount when they weren’t. Put another way, the value of the transaction was somehow less due to the policy violation than what Svenson paid. Svenson lost the expectation interest that full performance would have brought. Since Google kept a small portion of the $1.77, it benefitted from the transaction more than it should have.
Svenson also advanced –and the Court accepted—the theory that she was to have received from Google a service that was to have kept certain personal and valuable information private. Because Google did not keep this information private under its policies, Svenson claimed her information was no longer worth what it once was if sold on the open market. Not surprisingly, Svenson claimed she would not have used Google wallet and made the $1.77 purchase had she known his information would not be safeguarded from revelation.
This theory is similar to the claim accepted in the Target breach consumer class action case pending in federal court in Minnesota. There Judge Magnusson accepted the theory that a claim that class members would not have shopped at Target had they known sooner of the breach supplied requisite standing. Both decisions represent a disturbing trend.
The immediate question is of course, what is the value of the injury; is it truly “cognizable” in standing law parlance? How much of the small percentage Google kept of the $1.77 represents Svenson’s privacy interest? What is the value of Svenson’s information on the open market and how much was it diminished by Google providing that information to the seller of the app? Are those amounts ascertainable? How? As a policy matter, are such small and basically incalculable values sufficient to justify the judicial resources required of a nationwide class action plus the costs and disruption to the defendants?
And make no mistake: even though some of the putative class members might place no value on the information that was revealed or widely varying values, and although damages to Svenson and the class members may not be easily ascertainable on an individual basis, there remains a substantial risk that the class could be certified. In fact there are 4 cases pending now before the US. Supreme Court raising very similar issues regarding certification. These cases and the issues are discussed in a companion post. As we there discuss, the Supreme Court addressed these very issues in Comcast Corporation v. Behrend, where it clearly ruled that any damage model offered by plaintiff must attribute the wrongful conduct to the damage suffered and must demonstrate that the damages are ascertainable. Since that ruling, several lower courts have ignored this requirement, setting the stage for an important potential determination by the Supreme Court.
And allowing this diminimus and likely incalculable injury to serve as Article III Constitutional standing will inevitably lead to more lawsuits and more class certifications. Whenever monies change hands no matter how small the amount and a claim for breach of privacy can be made, there is opportunity for a suit –and a class action. Given the potential financial reward for bringing such claims to both litigants and lawyers, the net effect is to encourage both to sue no matter what the damage whenever they can.
Of course, the ability to prosecute these kinds of cases may arguably be necessary to keep the system honest, force companies to comply with their policies and allow plaintiffs to pursue claims for privacy violations where the costs of pursuit would otherwise be prohibitive. And sometimes that may be true. But one wonders about the long term effect of “gotcha litigation” where violations and breaches pose little real damage but cause disruptions and litigation costs so disproportionate to the harm.
So what do you think? Is the benefit of the bargain a valid theory? Should we welcome these kinds of cases? Is it a good thing or bad?