The Illinois Supreme Court ruled on January 25 in Rosenbach v. Six Flags Entertainment Corp. that a plaintiff can allege a violation of rights under the state’s Biometric Information Protection Act (BIPA) even without alleging “injury or damage beyond infringement of the rights afforded them under the law.” The court decided the issue solely as a matter of statutory construction under Illinois law. This decision will have a major impact on a number of pending BIPA lawsuits and is likely to result in increased BIPA litigation given the availability of statutory damages and attorneys’ fees under the law.
The six-year fight over the type of harm a plaintiff must allege to satisfy the “injury in fact” requirement for lawsuits alleging false reporting of credit information took its latest turn this week. On Tuesday, August 15, 2017, the U.S. Court of Appeals for the Ninth Circuit, on remand from the United States Supreme Court, issued its opinion- hyperlink to the opinion] in Spokeo, Inc. v. Robins, a highly-watched case challenging whether a plaintiff can satisfy Article III standing based solely on a technical violation of the Fair Credit Reporting Act. Plaintiff Thomas Robins brought a putative class action for willful violations of the FCRA against Spokeo, Inc., a company that generates profiles about people based on publicly available data. Among other things, Robins averred that Spokeo published an allegedly inaccurate profile about him on its website and therefore harmed his employment prospects at a time when he was out of work. The Ninth Circuit’s three-judge panel held that the publication of materially inaccurate information about Robins sufficed as concrete injury for purposes of Article III standing, even without specific allegations of tangible harm from that publication.
In May, a Florida state court dismissed a plaintiff’s claim that the terms of service for popular mobile game Pokémon GO violated Florida’s Deceptive and Unfair Trade Practices Act. The case illustrates how establishing injury continues to be a key hurdle for plaintiffs in litigation involving online services, and shows that a well-framed choice of law provision can help protect providers of online services.
On Monday, a federal district court dismissed two related putative class action suits filed against Nationwide Mutual Insurance Company following a data breach at Nationwide in October 2012 that affected over 1 million individuals. The opinion shows that courts remain skeptical of plaintiffs’ ability to show any real injury from the fact that their personally identifiable information was compromised without some additional evidence of concrete harm such as identity fraud. The opinion also sheds important light on the ability of plaintiffs to overcome this standing barrier by alleging that their injury derives from the violation of a federal statute.