In a notable decision that may lead to an increase in privacy class actions under federal law, the Seventh Circuit in Harris v. comScore, Inc. upheld the certification of a class action for alleged privacy violations under the Stored Communications Act (SCA), the Electronic Communications Privacy Act (ECPA), and the Computer Fraud and Abuse Act (CFAA). In certifying the class, the district court found that statutorily defined damage amounts eliminated the need for plaintiffs to prove their injuries individually.

Plaintiff representatives alleged that comScore unjustly enriched itself under state common law, and that it violated the SCA, ECPA, and CFAA by operating outside of the terms of its User License Agreement (ULA) for its data collection software. In analyzing plaintiffs' motion to certify a class consisting of users who downloaded the software since 2005, the district court denied certification on the unjust enrichment claim but certified the class under the federal statutes. The court found that plaintiffs had alleged various common questions capable of resolution on a classwide basis under these statutes—which define statutory penalties per violation—and that the issues common to the class predominated over individual ones.

Notably, the court rejected comScore's argument that the class was unmanageable because each plaintiff had to prove actual damages. The court instead held that the damages claimed were statutory in nature and thus determinable, absent individual showings of injury. The SCA, for example, provides a minimum statutory fine of $1,000 for a violation, while the ECPA provides a statutory penalty range of $50 to $10,000.

For the CFAA claim, which requires a threshold showing of at least $5,000 in loss and does not specify a minimum fine amount for a violation, the court declined to address whether plaintiffs could aggregate their damages to reach the threshold loss amount. Nonetheless, the district court found, and the Seventh Circuit agreed, that resolving all of the common liability and damages issues under all three statutory claims in a single proceeding, with separate individual damages hearings as necessary, would efficiently resolve the issues in the case.

The holding in Harris v. comScore may contribute to an already increasing number of class action privacy suits under federal law. Historically, other circuits (including the Fourth Circuit) have found that putative class members lack standing to pursue class actions where there is no evidence of actual harm. Following similar holdings in recent Ninth Circuit cases, however, the Seventh Circuit's comScore opinion continues a trend in finding that statutory damages under federal privacy laws are sufficient to satisfy the commonality and predominance requirements of a Rule 23(b)(3) class. Whether other circuits will join the Seventh and Ninth Circuits remains an open, and important, question.

Ballard Spahr's Privacy and Data Security Group helps clients navigate the many laws designed to safeguard health, financial, and other private information. Our attorneys counsel on compliance, data mining, online marketing, and mobile privacy, and they help clients respond to security breaches.

For more information about the Seventh Circuit ruling, please contact Philip N. Yannella at 215.864.8180 or yannellap@ballardspahr.com, or Daniel A. Nadel at 215.864.8844 or nadeld@ballardspahr.com.


Copyright © 2013 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.

Related Practices

Appellate
Consumer Class Action Litigation
E-Discovery and Data Management
Litigation  
Privacy and Data Security