ST. LOUIS (Legal Newsline) -- The recent decision by the U.S. Court of Appeals for the Eighth Circuit to apply Spokeo to reject the standing of a privacy case isn’t surprising, a Phoenix lawyer says.
“The bigger question is what happens in other cases where there is an allegation that a company violated a statute, but where there isn’t any additional allegation that there was some kind of harm that a consumer suffered,” Patrick Fowler, co-chair of cybersecurity, data protection and privacy practice at Snell & Wilmer told Legal Newsline.
The U.S. Supreme Court decided Spokeo, Inc. v. Robins earlier this year, finding that a plaintiff must allege an injury that is both concrete and particularized.
The Eighth Circuit’s used Spokeo to reject privacy claims in a case filed by plaintiff Alex Braitberg. Braitberg alleged his cable company, Charter Communications Inc., violated the Cable Communications Policy Act (CCPA) by keeping his personal information nearly three years after ending his contract with it.
Another similar case from this summer is expected to apply Spokeo to a class action lawsuit against Microsoft, which, according to the plaintiffs, displayed too many credit card digits on store receipts.
In the data driven world of business, there are few companies today that don’t collect at least some kind of information from clients and customers, experts note. Most service agreements contain statutes that set guidelines for data protection, and according to security experts, that’s a trend that will continue.
“The last several years, there’s been a big movement towards trying to put some principles in place about how companies should collect, store, use and share customer data. One of those concepts is data minimization,” Fowler said.
Data minimization is when a company collects only enough customer data to provide their service or product to a consumer.
“When you collect that information, you only use the information for the purpose that you told the consumer would collect it for. You don’t use it for other things,and once you’re done with it, you don’t need to keep it any longer,” Fowler said. “That’s not a statute, it’s a privacy best practice.”
Other businesses are opting for a “big data” approach, he said. With this collection method, companies obtain as much information about their clients as possible in hopes of using it in the future.
Law experts say this practice is more risky, even if it gives businesses access to valuable customer information.
“Why do you want to keep something if you aren’t going to use it? As long as you keep it, you have to pay to safeguard it, you’ve got to make sure it’s secure and there’s always a risk, even with your best effort,” Fowler said.
With no allegations of data being misused or lost in the case presented before the Eighth Circuit court, the ruling was expected.
“Under the facts of this case, I’m not surprised the Eighth Circuit ruled like it did,” Fowler said.
As more and more data become available, experts foresee a change in data collecting and protection practices.
“The idea is you can’t lose what you don’t have, or nobody can steal from you what you don’t possess,” Fowler said.