SlideShare a Scribd company logo

Spokeo v Robins

T
Tumi Atolagbe, CIPP/E, MBCS
1 of 2
Download to read offline
Spokeo v Robins – No harm? No foul !In the age of readily accessible data and free flows of information, it is not an understatement when privacy professionals describe data as the new oil. It’s the currency that fuels innovation and technology. But what happens when inaccurate data is exchanged and used by companies? How are the effects of such transactions quantified and what are the redress measures awarded by the courts when deciding the degree of ‘injury-in- fact’? !This is an issue which has been under scrutiny on both sides of the Atlantic. In the UK, the landmark case of Vidal Hall et al v Google removed the need for financial loss in claims for damages. The intricate facts of Vidal v Google differ slightly to those presented in Spokeo v Robins, however, the fundamental question of material loss in tortious claims for damages with misuse of personal information is considered in both. !Vidal v Google upheld the arguments of the claimants that distress and anxiety were sufficient in terms of harm suffered in cases of the misuse of personal information. This was quite a remarkable outcome as it widened the baseline for bringing claims against technology companies engaging in questionable practices with our personal information. It could be argued that section 13 of the Data Protection Act 1998 was blown wide open and a floodgate of liability was introduced thanks to the claimants in this case. However, let’s take the less dramatic approach and simply say that privacy rights were strengthened by the ruling. !Nevertheless, the strengthening on one side of the Atlantic has not been reflected in the muddier waters of the U.S. When enforcing such a right before U.S. courts, one must establish Article III standing. The case of Spokeo v Robins called into question the components of an Article III right, focusing mainly on the ‘injury-in- fact’ requirement. This is the requirement to have suffered actual harm in order to bring such a claim. But before we can decipher whether such standing exists, a look into the intricacies of the case can provide clarity. !Spokeo inc., an internet data broker company, sold inaccurate information about the claimant (Robins). In turn, the inaccurate information published made Robins appear more financially well-off than he actually was, apparently harming his employment prospects. Robins argued the fact that his employment prospects were harmed from the disclosure of inaccurate information was not contrary to the typical standards of harm, but was sufficient enough to warrant Article III standing. !Whilst there has been no finalised decision from the Supreme Court, the returning of the case to the Ninth circuit district court for further consideration as to ‘injury-in-fact’ can suggest a constitutional awakening of privacy rights in the U.S. In the age of data breaches and increased threats to the security of information, it would not be far-fetched to assert that adequate safeguards against the use of inaccurate data should be common place in policy making. !Security of information and rights of redress !Returning the case to the Ninth circuit can only be deemed as a narrow victory for Spokeo, Inc. In a data driven world where data brokers are making increasing amounts of profit on pooling massive amounts of information about individuals together and allowing companies to access and use this data, one would suggest that a high duty of care should be imposed to ensure accuracy. However, although this is a highly regarded right under the fourth data protection principle in the UK, the U.S is still establishing such a right. The world operates on data and its easily transferrable nature, and therefore the rights of redress must be intertwined with the security of such information. Countries all over the world are now recognising modern day reliance on the use of data and as such, a harmonised approach to the rights of redress in terms of inaccurate data should be implemented. !The battle between data brokers v consumers !There’s a tug of war on accuracy and privacy rights between data brokers and consumers and whilst data brokers are pulling in the direction of the amalgamation of easily accessible information for use and profit, consumers are also pulling in the direction of stronger privacy rights. The obligations placed on companies that provide information about consumers needs to be of a high standard. This stretches further than just data brokers and credit reference agencies. Any automated decision making needs to be based on information about a data subject that is accurate. Whilst the accuracy of information used in automated decision making is important, when considering the amicus curae briefs submitted by various parties, there were valid points raised by both sides of the argument. A variety of organisations put forward their opinions as to why the case should be thrown out. Most of the recurring opinions stipulated the floodgate of liability in terms of class action litigation which would in turn see a massive rise in defence costs and settlement pay outs. Nevertheless, the rights of redress and protections of freedoms were common place arguments, with the American Civil Liberties Union focusing mainly on these. !Global obligations on companies !The obligations placed on organisations to process accurate information must be equal across the globe. In an increasingly data connected world, legal systems in each country must place equal emphasis on the need to
operate fairly, protecting the individual’s right to privacy. in doing so, it could be argued that the need to show material harm should be widened to reflect potential damage rather than just particularised financial loss. It is noteworthy to mention countries across the emerging markets that are also recognising this constitutional right. India has no constitutional right to privacy and yet the Supreme court is now considering such a right as it recognises the overwhelming reliance on data to fuel growth. In the same stance, the U.S. would do well to not only recognise modern day reliance on data, but the need to place adequate safeguards on the use of this data. Spokeo v Robins presents the perfect opportunity to do so. A verdict from the Ninth circuit would steer the Supreme Court in the right direction to send a clear message to companies of the need to ensure the accuracy of data when they operate. An even clearer direct message would be sent to data broker companies. !Automated processing !A lot of current data protection legislation has done well to address the increasing use of automated decision making and place obligations on organisations to protect the individual’s right to have all automated decisions explained. The European General Data Protection Regulation has specific clauses that require human intervention in such decisions and the scope of the legislation covers all organisations that not only operate in the EU, but also provide services to EU citizens. In harmonising the legislation covering organisations that operate in the EU, a common approach to the protection of the individual’s right to privacy will be successfully implemented. U.S. companies will have to adhere to the provisions within the GDPR and it may be worthwhile for them to adopt similar protections in their processing of U.S. citizens’ data. Again, Spokeo v Robins would be a good chance to implement case law precedent that places such an obligation on organisations, not in the direct provisions for human intervention when carrying out automated decision making, but in the assurance of accurate, fair and lawful processing of each individual’s data. We can only hope that the constitutional make up of the Supreme court bench can look to the future and the immediate need for adequate protections against processing of inaccurate data. However, with strict constructionists such as Clarence Thomas on the bench, alongside moderates who would not want to open a floodgate of liability, it wouldn’t be far fetched to say that material and particularised damage is still a key component for Article III standing. Only time will tell.

Recommended

CCPA: What You Need to Know
CCPA: What You Need to KnowCCPA: What You Need to Know
CCPA: What You Need to KnowIronCore Labs
 
ILC Cyber Report - June 2018
ILC Cyber Report - June 2018ILC Cyber Report - June 2018
ILC Cyber Report - June 2018Internet Law Center
 
Silicon Valley companies will receive more freedom to disclose data requests ...
Silicon Valley companies will receive more freedom to disclose data requests ...Silicon Valley companies will receive more freedom to disclose data requests ...
Silicon Valley companies will receive more freedom to disclose data requests ...illustriousacne45
 
Wikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarWikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarThomas Jones
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
The CFAA and Aarons Law
The CFAA and Aarons LawThe CFAA and Aarons Law
The CFAA and Aarons LawThomas Jones
 
Privacy_Issues_Overview
Privacy_Issues_OverviewPrivacy_Issues_Overview
Privacy_Issues_OverviewBrian Berger
 
Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1James Williams
 

Recommended

CCPA: What You Need to Know
CCPA: What You Need to KnowCCPA: What You Need to Know
CCPA: What You Need to KnowIronCore Labs
 
ILC Cyber Report - June 2018
ILC Cyber Report - June 2018ILC Cyber Report - June 2018
ILC Cyber Report - June 2018Internet Law Center
 
Silicon Valley companies will receive more freedom to disclose data requests ...
Silicon Valley companies will receive more freedom to disclose data requests ...Silicon Valley companies will receive more freedom to disclose data requests ...
Silicon Valley companies will receive more freedom to disclose data requests ...illustriousacne45
 
Wikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarWikileaks, Hactivism, and Government: An Information War
Wikileaks, Hactivism, and Government: An Information WarThomas Jones
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
The CFAA and Aarons Law
The CFAA and Aarons LawThe CFAA and Aarons Law
The CFAA and Aarons LawThomas Jones
 
Privacy_Issues_Overview
Privacy_Issues_OverviewPrivacy_Issues_Overview
Privacy_Issues_OverviewBrian Berger
 
Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1Privacy and Access to Information Law - Lecture 1
Privacy and Access to Information Law - Lecture 1James Williams
 
Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the governmentguest70f067f
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawBennet Kelley
 
Internet Law Primer
Internet Law PrimerInternet Law Primer
Internet Law PrimerCubReporters.org
 
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...Patton Boggs LLP
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerceE-commerce Course of Boğaziçi University
 
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings Christina Gagnier
 
Trademarks, Incorporation, FTC Regs and More
Trademarks, Incorporation, FTC Regs and MoreTrademarks, Incorporation, FTC Regs and More
Trademarks, Incorporation, FTC Regs and MoreInternet Law Center
 
Internet Jurisdiction Primer
Internet Jurisdiction PrimerInternet Jurisdiction Primer
Internet Jurisdiction PrimerGraham Smith
 
Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Internet Law Center
 
ethical,social and poltical issues in E-commerce
ethical,social and poltical issues in E-commerceethical,social and poltical issues in E-commerce
ethical,social and poltical issues in E-commerceraviteja reddy
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...Identive
 
2010 US Congress on pirate states
2010 US Congress on pirate states2010 US Congress on pirate states
2010 US Congress on pirate statesIlya Ponomarev
 
The regulatory environment of electronic commerce
The regulatory environment of electronic commerceThe regulatory environment of electronic commerce
The regulatory environment of electronic commerceWisnu Dewobroto
 
Gibson final
Gibson finalGibson final
Gibson finalJennaHajhassan
 
Public policy legal issues to privacy
Public policy legal issues to privacyPublic policy legal issues to privacy
Public policy legal issues to privacyMuneeb Ahmed
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims InsightGraeme Cross
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Anthony Rapa
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
Sovereignty: the state of data
Sovereignty: the state of dataSovereignty: the state of data
Sovereignty: the state of datadan hyde
 

More Related Content

What's hot

Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the governmentguest70f067f
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawBennet Kelley
 
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...Patton Boggs LLP
 
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings Christina Gagnier
 
Trademarks, Incorporation, FTC Regs and More
Trademarks, Incorporation, FTC Regs and MoreTrademarks, Incorporation, FTC Regs and More
Trademarks, Incorporation, FTC Regs and MoreInternet Law Center
 
Internet Jurisdiction Primer
Internet Jurisdiction PrimerInternet Jurisdiction Primer
Internet Jurisdiction PrimerGraham Smith
 
Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Internet Law Center
 
ethical,social and poltical issues in E-commerce
ethical,social and poltical issues in E-commerceethical,social and poltical issues in E-commerce
ethical,social and poltical issues in E-commerceraviteja reddy
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...Identive
 
2010 US Congress on pirate states
2010 US Congress on pirate states2010 US Congress on pirate states
2010 US Congress on pirate statesIlya Ponomarev
 
The regulatory environment of electronic commerce
The regulatory environment of electronic commerceThe regulatory environment of electronic commerce
The regulatory environment of electronic commerceWisnu Dewobroto
 
Public policy legal issues to privacy
Public policy legal issues to privacyPublic policy legal issues to privacy
Public policy legal issues to privacyMuneeb Ahmed
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims InsightGraeme Cross
 

What's hot (17)

Saying no to the government
Saying no to the governmentSaying no to the government
Saying no to the government
 
IP Institute Presentation on Internet Law
IP Institute Presentation on Internet LawIP Institute Presentation on Internet Law
IP Institute Presentation on Internet Law
 
Internet Law Primer
Internet Law PrimerInternet Law Primer
Internet Law Primer
 
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...The Transatlantic Trade and Investment Partnership: The Intersection of the I...
The Transatlantic Trade and Investment Partnership: The Intersection of the I...
 
Legal Matters in E-commerce
Legal Matters in E-commerceLegal Matters in E-commerce
Legal Matters in E-commerce
 
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings
Data Privacy: A Snapshot of Recent Federal Trade Commission Rulings
 
Trademarks, Incorporation, FTC Regs and More
Trademarks, Incorporation, FTC Regs and MoreTrademarks, Incorporation, FTC Regs and More
Trademarks, Incorporation, FTC Regs and More
 
Internet Jurisdiction Primer
Internet Jurisdiction PrimerInternet Jurisdiction Primer
Internet Jurisdiction Primer
 
Online Advertising Legal Update 2014
Online Advertising Legal Update 2014Online Advertising Legal Update 2014
Online Advertising Legal Update 2014
 
ethical,social and poltical issues in E-commerce
ethical,social and poltical issues in E-commerceethical,social and poltical issues in E-commerce
ethical,social and poltical issues in E-commerce
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
White Paper | Consumer Data Privacy in a Networked World: A Framework for Pro...
 
2010 US Congress on pirate states
2010 US Congress on pirate states2010 US Congress on pirate states
2010 US Congress on pirate states
 
The regulatory environment of electronic commerce
The regulatory environment of electronic commerceThe regulatory environment of electronic commerce
The regulatory environment of electronic commerce
 
Gibson final
Gibson finalGibson final
Gibson final
 
Public policy legal issues to privacy
Public policy legal issues to privacyPublic policy legal issues to privacy
Public policy legal issues to privacy
 
Cyber Claims Insight
Cyber Claims InsightCyber Claims Insight
Cyber Claims Insight
 

Similar to Spokeo v Robins

Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Anthony Rapa
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
Sovereignty: the state of data
Sovereignty: the state of dataSovereignty: the state of data
Sovereignty: the state of datadan hyde
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agendanationalconsumersleague
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?- Mark - Fullbright
 
Xiaowan blog post
Xiaowan blog postXiaowan blog post
Xiaowan blog postXiaowan Mao
 
Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...anthonywong
 
2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast- Mark - Fullbright
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009canadianlawyer
 

Similar to Spokeo v Robins (17)

Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Sovereignty: the state of data
Sovereignty: the state of dataSovereignty: the state of data
Sovereignty: the state of data
 
National Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy AgendaNational Consumers League's 2015 Cybersecurity Policy Agenda
National Consumers League's 2015 Cybersecurity Policy Agenda
 
Data Breaches
Data BreachesData Breaches
Data Breaches
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?Protecting Consumer Information: Can a Breach be Prevented?
Protecting Consumer Information: Can a Breach be Prevented?
 
Xiaowan blog post
Xiaowan blog postXiaowan blog post
Xiaowan blog post
 
Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...
 
databreach whitepaper
databreach whitepaperdatabreach whitepaper
databreach whitepaper
 
Side Bar Sprin 2012
Side Bar Sprin 2012Side Bar Sprin 2012
Side Bar Sprin 2012
 
2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach Litigation
 

Spokeo v Robins

  • 1. Spokeo v Robins – No harm? No foul !In the age of readily accessible data and free flows of information, it is not an understatement when privacy professionals describe data as the new oil. It’s the currency that fuels innovation and technology. But what happens when inaccurate data is exchanged and used by companies? How are the effects of such transactions quantified and what are the redress measures awarded by the courts when deciding the degree of ‘injury-in- fact’? !This is an issue which has been under scrutiny on both sides of the Atlantic. In the UK, the landmark case of Vidal Hall et al v Google removed the need for financial loss in claims for damages. The intricate facts of Vidal v Google differ slightly to those presented in Spokeo v Robins, however, the fundamental question of material loss in tortious claims for damages with misuse of personal information is considered in both. !Vidal v Google upheld the arguments of the claimants that distress and anxiety were sufficient in terms of harm suffered in cases of the misuse of personal information. This was quite a remarkable outcome as it widened the baseline for bringing claims against technology companies engaging in questionable practices with our personal information. It could be argued that section 13 of the Data Protection Act 1998 was blown wide open and a floodgate of liability was introduced thanks to the claimants in this case. However, let’s take the less dramatic approach and simply say that privacy rights were strengthened by the ruling. !Nevertheless, the strengthening on one side of the Atlantic has not been reflected in the muddier waters of the U.S. When enforcing such a right before U.S. courts, one must establish Article III standing. The case of Spokeo v Robins called into question the components of an Article III right, focusing mainly on the ‘injury-in- fact’ requirement. This is the requirement to have suffered actual harm in order to bring such a claim. But before we can decipher whether such standing exists, a look into the intricacies of the case can provide clarity. !Spokeo inc., an internet data broker company, sold inaccurate information about the claimant (Robins). In turn, the inaccurate information published made Robins appear more financially well-off than he actually was, apparently harming his employment prospects. Robins argued the fact that his employment prospects were harmed from the disclosure of inaccurate information was not contrary to the typical standards of harm, but was sufficient enough to warrant Article III standing. !Whilst there has been no finalised decision from the Supreme Court, the returning of the case to the Ninth circuit district court for further consideration as to ‘injury-in-fact’ can suggest a constitutional awakening of privacy rights in the U.S. In the age of data breaches and increased threats to the security of information, it would not be far-fetched to assert that adequate safeguards against the use of inaccurate data should be common place in policy making. !Security of information and rights of redress !Returning the case to the Ninth circuit can only be deemed as a narrow victory for Spokeo, Inc. In a data driven world where data brokers are making increasing amounts of profit on pooling massive amounts of information about individuals together and allowing companies to access and use this data, one would suggest that a high duty of care should be imposed to ensure accuracy. However, although this is a highly regarded right under the fourth data protection principle in the UK, the U.S is still establishing such a right. The world operates on data and its easily transferrable nature, and therefore the rights of redress must be intertwined with the security of such information. Countries all over the world are now recognising modern day reliance on the use of data and as such, a harmonised approach to the rights of redress in terms of inaccurate data should be implemented. !The battle between data brokers v consumers !There’s a tug of war on accuracy and privacy rights between data brokers and consumers and whilst data brokers are pulling in the direction of the amalgamation of easily accessible information for use and profit, consumers are also pulling in the direction of stronger privacy rights. The obligations placed on companies that provide information about consumers needs to be of a high standard. This stretches further than just data brokers and credit reference agencies. Any automated decision making needs to be based on information about a data subject that is accurate. Whilst the accuracy of information used in automated decision making is important, when considering the amicus curae briefs submitted by various parties, there were valid points raised by both sides of the argument. A variety of organisations put forward their opinions as to why the case should be thrown out. Most of the recurring opinions stipulated the floodgate of liability in terms of class action litigation which would in turn see a massive rise in defence costs and settlement pay outs. Nevertheless, the rights of redress and protections of freedoms were common place arguments, with the American Civil Liberties Union focusing mainly on these. !Global obligations on companies !The obligations placed on organisations to process accurate information must be equal across the globe. In an increasingly data connected world, legal systems in each country must place equal emphasis on the need to
  • 2. operate fairly, protecting the individual’s right to privacy. in doing so, it could be argued that the need to show material harm should be widened to reflect potential damage rather than just particularised financial loss. It is noteworthy to mention countries across the emerging markets that are also recognising this constitutional right. India has no constitutional right to privacy and yet the Supreme court is now considering such a right as it recognises the overwhelming reliance on data to fuel growth. In the same stance, the U.S. would do well to not only recognise modern day reliance on data, but the need to place adequate safeguards on the use of this data. Spokeo v Robins presents the perfect opportunity to do so. A verdict from the Ninth circuit would steer the Supreme Court in the right direction to send a clear message to companies of the need to ensure the accuracy of data when they operate. An even clearer direct message would be sent to data broker companies. !Automated processing !A lot of current data protection legislation has done well to address the increasing use of automated decision making and place obligations on organisations to protect the individual’s right to have all automated decisions explained. The European General Data Protection Regulation has specific clauses that require human intervention in such decisions and the scope of the legislation covers all organisations that not only operate in the EU, but also provide services to EU citizens. In harmonising the legislation covering organisations that operate in the EU, a common approach to the protection of the individual’s right to privacy will be successfully implemented. U.S. companies will have to adhere to the provisions within the GDPR and it may be worthwhile for them to adopt similar protections in their processing of U.S. citizens’ data. Again, Spokeo v Robins would be a good chance to implement case law precedent that places such an obligation on organisations, not in the direct provisions for human intervention when carrying out automated decision making, but in the assurance of accurate, fair and lawful processing of each individual’s data. We can only hope that the constitutional make up of the Supreme court bench can look to the future and the immediate need for adequate protections against processing of inaccurate data. However, with strict constructionists such as Clarence Thomas on the bench, alongside moderates who would not want to open a floodgate of liability, it wouldn’t be far fetched to say that material and particularised damage is still a key component for Article III standing. Only time will tell.