In Spokeo, the Supreme Court declined to answer the certified question of whether a plaintiff suing for violation of a federal statute satisfied Article III’s standing requirement by alleging no concrete injury as a result of that violation. Instead, the Court vacated and remanded the case to the Ninth Circuit to address whether the plaintiff satisfied the “concreteness” requirement for Article III standing.

On January 20, the Seventh and Third Circuits weighed in with conflicting answers to the standing question in the context of different federal statutes. In Gubala, a panel of Seventh Circuit judges Posner, Easterbrook, and Sykes held that even if the defendant cable provider violated the Cable Communications Policy Act (47 U.S.C. § 551(e)) by failing to destroy plaintiff’s personally identifying subscriber information more than eight years after plaintiff cancelled his cable subscription, he failed to allege any plausible risk of substantial harm as a result of the violation. The panel specifically rejected plaintiff’s argument that defendant’s alleged retention of subscriber information deprived plaintiff of the full benefit of his cable subscription or diminished the value of his personally identifying information – characterizing these arguments as “strange[]” and “gibberish.” And although plaintiff did not allege that any of his personal information had been improperly disclosed, the panel noted that the federal statute at issue expressly authorized such disclosure under certain circumstances. The panel thus affirmed the lower court’s dismissal of the case for lack of standing.

By contrast, in Horizon Healthcare, filed in the wake of the alleged theft of two unencrypted laptops containing plaintiffs’ personally identifying information, a Third Circuit panel of judges Jordan and Vanaske found that the violation of a federal statute alone gave rise to standing: “the congressional decision to create a remedy for the unauthorized transfer of personal information” under the “F[air]C[redit]R[eporting]A[ct] gives rise to an injury sufficient for Article III standing.” The panel majority thus held that,“[e]ven without evidence that the [p]laintiffs’ information was in fact used improperly, the alleged disclosure of their personal information created a de facto injury.” In so holding, the panel distinguished prior circuit precedent in Reilly v. Ceridian that plaintiffs lacked standing to pursue claims for fear of identity theft following a data breach, noting that plaintiffs’ claims in that case were based “solely on the common law,” not a federal statute. Circuit Judge Schwartz concurred in the judgment, finding that plaintiffs alleged a loss of privacy as a result of the theft.

One week earlier, on January 13, a Ninth Circuit panel of circuit judges Fallman and Friedland, and District Judge Faber (by designation), permitted plaintiff to invoke Spokeo to dismiss her claims for violation of California’s Song Beverly Credit Card Act without prejudice and return to state court after the federal district court denied her motion for class certification. The one-page, unpublished opinion raises many interesting questions, including:

• whether plaintiffs can invoke this strategy to defeat CAFA removals;
• whether plaintiffs can gain a second bite at the class certification apple in states that confer broader standing than that provided under Article III of the Constitution; and
• whether the admission that plaintiff suffered no compensable injury whatsoever as a result of the alleged statutory violation renders plaintiff and her counsel inadequate to represent the interests of a putative class in state court.

In the wake of these three decisions, we predict more forum shopping by the plaintiffs’ bar  because it is becoming apparent that a lawsuit may stand or fail based on the specific claims alleged and the standing precedent regarding those claims in the jurisdiction in which the case is filed. Thus, defendants will want to carefully consider MDL motions to consolidate copycat class actions in forums with more favorable standing law.

Gubala v. Time Warner Cable, Inc., No. 16-2613 (7^th Cir. Jan. 20, 2017)
In re Horizon Healthcare Servs., Inc. Data Breach Litig., No. 15-2309 (3^rd Cir. Jan. 20, 2017)
Medellin v. Ikea U.S.A. West, Inc., No. 15-55174 (9^th Cir. Jan. 13, 2017)