While the E.U. and U.K. have taken active steps to protect personal data with the EU General Data Protection Regulation, in the U.S., Congress seems content with public hearings that are cathartic but don’t change the status quo. The lack of action is frustrating given that a majority of Americans feel the government should do more. In fact, a survey by the Cato Institute done BEFORE the Equifax breach found 55% of Americans believe the government is not doing enough for consumer financial protection.
At least we have the Fair Credit Reporting Act (FCRA), which we can use to sue and collect damages, right? Well… it depends. To sue over false data, you have to show “concrete harm.” For example, a credit report that falsely shows considerable unpaid debts that results in being denied a mortgage or turned down for a job would constitute concrete harm.
Now consider a scenario in which you discover that false information about you is being disseminated to third parties. In the absence of a rejected loan or job application, can you claim that you have suffered “concrete harm?” There is a case working its way through the courts now that could clarify this issue – Spokeo, Inc. v. Robins
Who is Spokeo?
It’s a “people search engine,” that scrapes the web for any information it can find about you and combines it with other offline sources. The company also operates Spokeo Enterprise (for business) and Family.me (a family tree network). Interestingly, it was the first company ever to be fined ($800k) by the Federal Trade Commission for the sale of data collected online. Spokeo can afford it though – as of 2014 it was pulling in $57m in yearly revenues for selling your personal information without your consent.
Who is Robins?
Thomas Robins is a very upset individual from Virginia, who discovered that Spokeo compiled a profile of him that was completely different from reality. Spokeo falsely reported that:
- He had a graduate degree (he does not)
- Is employed in a professional or technical field (nope)
- His “economic health” was “very strong,” and his wealth level was in the “Top 10%” (he was out of work and seeking employment at the time)
- Was in his 50s, married, and had children (all not true)
- The report also included a photograph (you guessed it, not of Robins)
Robins alleges that the false data could have hindered his ability to get a job, but doesn’t offer specific evidence that this occurred. The case before the courts pivots on whether the justices believe the above inaccuracies alone constitute “concrete harm” under FCRA. The specifics are a bit more complex and this Harvard Law Review article goes over the details better than I ever could.
Where are we now?
The case was first filed in 2011 and has bounced all the way up to the Supreme Court and is now back to the original district court to be reheard again. The issue is far from settled and it will be a long while before the Supreme Court has another chance to review. In the most recent ruling, the U.S. Court of Appeals found that Robins did suffer harm and has standing to bring a case, and that’s a positive development for individual data protection.
What can you do?
Since Congress won’t act and because the court system moves at a glacial pace, you need to take action into you own hands. Most brokers have a way you can opt-out from their data collection. We have shown you how to opt-out from Acxiom. You can go here to opt-out of Spokeo.
You can also sign up for Delete All My Data. We help you delete all your personal data from data brokers such as Acxiom and Spokeo and follow up to make sure your data stays deleted. Become a member today, and we’ll help you begin to reclaim your privacy online.Join!
Why did we start Delete All My Data? Learn why here.