New Case Law: Privacy Wins, Losses
The first case is the litigation over the do-not-call registry decided in February by the 10th Circuit. Everybody knows that the court rejected the telemarketing industry's arguments that the registry is unconstitutional. It was a sweeping victory for the registry, as the court dismissed every argument put forward in opposition.
I found three elements of particular interest. First, the court relied in part on the 1970 Supreme Court opinion upholding the statute that lets individuals block any snail mailing that they don't want. The key holding by the Supreme Court, quoted by the 10th Circuit, is: "We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another." I believe this reasoning will grow in importance for all methods of conveying commercial advertising, including electronic mail.
Second, industry brought the challenge to the registry in the 10th Circuit because that court had overturned a Federal Communications Commission ruling about the privacy of telephone information. In the 1999 U.S. West decision, the 10th Circuit found insufficient justification for an opt-in rule governing the use of information about telephone company customers. The court didn't expressly say that an opt-in rule violates the First Amendment, but its opinion induced the FCC to change the rule to opt out. It was a victory for information users.
The strategy of filing the registry case in the 10th Circuit was reasonable, but it failed. The panel that decided the registry case didn't even cite the U.S. West opinion, undermining its value. It may turn out that the U.S. West case will be the high-water mark of commercial speech in a privacy context.
Third, some of the strongest arguments supporting the registry came from industry actions. In other words, things that industry said and did came back to haunt it in the litigation. This is not exactly a surprise, because the marketing industry's strategic outlook has never extended past next Tuesday. Maybe when the Direct Marketing Association gets new leadership, it will dump its old advisers and try a new tack in place of its traditional panicked response to external events.
Industry argued that the registry failed the constitutional test because it restricted speech more than necessary. The argument lost because the Federal Trade Commission documented to a fare-thee-well the inadequacies of the company-specific rules that were in place for the past decade. The FTC had adopted the company-specific rules in part because industry screamed bloody murder about the possibility of a broader no-call registry.
Looking back, had the FTC started regulation with a broad no-call registry, there would have been no record of the shortcomings of narrower measures. Without the factual record, it would have been harder for the court to uphold the registry. The choices made by telemarketers in the 1990s sowed the seeds for their defeat this year. On the other hand, it is true that the industry had a longer period of registry-free operations.
The teleservices industry also shot itself in the foot with its scare tactics predicting massive layoffs once the registry started. The court used these statements to counter the industry's argument that the registry would be ineffective. Otherwise, the court reasoned, there wouldn't be so many layoffs. I was amused to see the court turn the industry's Chicken Little argument on its head.
February also brought a decision by the Supreme Court in a case arising under the Privacy Act of 1974, a law that applies only to federal agencies. The case, Doe v. Chao, involved the improper disclosure of a Social Security number by the Department of Labor. The issue was what a plaintiff had to prove to receive the $1,000 in minimum damages that the statute provides.
The sentence in the Privacy Act awarding minimum statutory damages was ambiguous, and the question depended on whether the plaintiff had to have out-of-pocket damages to get minimum statutory damages. The court said that actual damages were necessary, and the plaintiff lost.
The case is a setback for privacy. Privacy advocates hoped the court would have more sympathy for the consequences of privacy violations and for the difficulty of proving damages in privacy cases, but they did not prevail. Still, things could have been worse. The majority opinion said nothing about the potential fiscal consequences of minimum statutory damages. I suspect this affected the outcome because the dissenters argued that the fiscal consequences would be small. However, the majority relied on grammar and legislative history to reach its result, lessening the effect of the opinion on other laws.
Also, the court suggested in a footnote that actual damages might be nothing more than paying for a copy of a credit report. The lesson for plaintiffs is clear. Buy a credit report in order to be eligible for damages in a Privacy Act case. The barrier to statutory damages that the court sustained can be overcome easily.
If you didn't like the result in these cases, just wait. There will be more decisions in more privacy cases soon.