Two recent appellate decisions have continued the courts' exploration of how the Supreme Court's Spokeo standing decision affects cases under the Fair Debt Collection Practices Act (FDCPA). Both find that a debt collector's actions violated a right conferred on consumers by the statute and that the deprivation of the right was an injury sufficient to give the consumer standing to sue. The decisions also contain interesting holdings about how debt collectors' uses of electronic technologies may violate the FDCPA.
In Lavallee v. Med-1 Solutions, LLC, the U.S. Court of Appeals for the Seventh Circuit held that a consumer was injured when a debt collector failed to make the disclosures required by the FDCPA after an initial contact with a consumer. The consumer had discovered by coincidence that two medical debts had been referred to a collection agency, and she called the agency to discuss them. That call was her initial communication with the debt collector, and the debt collector failed to provide any of the required initial disclosures concerning the amount of the debt, the right to dispute it, and information about the creditor. The debt collector had previously sent the debtor two emails that contained links that, had she followed them, would eventually have led the debtor to the required disclosures. But she hadn't followed those links. and the court held that the emails themselves (which said nothing about any debt or about what the recipient would see if she foolishly clicked on a link in an unsolicited email) weren't initial communications, and the links that the debtor never saw were not disclosures. Thus, the court concluded, the debtor had received no initial disclosures at all, and the complete deprivation of the information the statute required the debt collector to provide her was a concrete injury.
The court's decision is important both on the subject of standing and also on the substantive issue of how a debt collector must comply with its disclosure obligations. Hiding disclosures behind a chain of links in an unsolicited email–the kind of links that savvy consumers are trained never to click on–won't qualify as disclosure, at least in the Seventh Circuit.
In DiNaples v. MRS BPO, LLC, the U.S. Court of Appeals for the Third Circuit confronted a different FDCPA issue posed by a debt collector's e-shenanigans. The debt collector sent the debtor a letter with a "QR" code on the outside of the envelope that, if scanned, revealed the debtor's account number with the collection agency. She brought suit, alleging violation of an FDCPA provision that prohibits debt collectors from placing language or symbols other than their own return addresses on envelopes containing communications with debtors. The purpose of the provision is to avoid infringing the debtor's privacy by revealing information that could be used to determine that she is the subject of debt-collection efforts.
The court held that the debtor had standing to sue because the disclosure of confidential information (in the form of a code revealing her account number) inflicted a harm that Congress had determined was an injury. The court reasoned that, through the QR code, "protected information has been made accessible to the public," and this disclosure "is itself the harm" Congress intended to protect against. Thus, the debtor suffered an injury through the public display of private information regardless of whether anyone actually scanned the barcode and read the account number.
For similar reasons, the court held that the QR code violated the statutory prohibition on the use of symbols. Although the debt collector argued that the QR code fell within an implicit exception to the statute for "benign language," the court held there was nothing "benign" about a code that would, if scanned, reveal the debtor's account number.
The decisions should serve as reminders to debt collectors that hiding behind technology may run afoul of the FDCPA.