Supreme Court Rules Mental or Emotional Distress Are Not “Actual Damages” Under the Privacy Act
Privacy, Data Security, & Information Law and Supreme Court Update
The Supreme Court ruled on March 28, 2012, in Federal Aviation Administration v. Cooper, that “mental and emotional distress” are not “actual damages” for purposes of the Privacy Act of 1974, 5 U.S.C. §552a. Writing for a 5-3 majority (Kagan, J. recused), Justice Alito interpreted the term “actual damages” in the Privacy Act to be analogous to the term “special damages,” or those which require that a plaintiff prove actual pecuniary loss, and to exclude “general damages” (which encompass non-pecuniary losses and may be recoverable for certain common-law privacy torts like defamation). The Court concluded that Congress did not “speak unequivocally” to indicate that actual damages could include “general” or non-pecuniary damages when waiving the Government’s sovereign immunity for suits against it under the Privacy Act. The Court applied a canon of statutory interpretation to the effect that waivers of sovereign immunity should be construed narrowly; thus, the Court declined to waive sovereign immunity for non-pecuniary damages in the privacy context, notwithstanding that Congress had established minimum statutory damages of $1,000 for violations of the Privacy Act.
Respondent Stanmore Cooper, a private pilot who was HIV-positive, had revealed his health status to the Social Security Administration (SSA) for the purposes of pursuing disability payments while otherwise keeping it private. The SSA then revealed Cooper’s status to the Department of Transportation (DOT) in connection with an investigation into medically-unfit pilots. Cooper filed suit against the SSA, the DOT, and the Federal Aviation Administration (FAA), alleging violations of the Privacy Act that caused Cooper “humiliation, embarrassment, mental anguish, fear of social ostracism, and other severe emotional distress.” Cooper did not allege any pecuniary or economic loss, however.
Under the Privacy Act, the United States is liable, in the event of any “intentional or willful” failure or refusal to comply with the provisions of the Act, for “actual damages sustained by the individual as a result of the refusal or failure.” 5 U.S.C. §552a(g)(4)(A). While noting that the validity of Cooper’s arguments (and those adopted by the Court of Appeals for the Ninth Circuit) were “not…inconceivable,” the Court drew from a variety of sources, including the Privacy Protection Study Commission created under the Privacy Act and common-law torts of slander and libel, to determine that Congress did not mean to waive sovereign immunity in instances where the violation of the Act did not lead to measurable economic loss to the plaintiff. By failing to allege any pecuniary or economic loss, Cooper thus would not be entitled to any recovery of damages under the Privacy Act.
In Cooper, the Court answered a question raised in Doe v. Chao, 540 U.S. 614 (2004). In that case, the Court held that “actual damages,” and not simply “general damages,” must be proven in fact before a plaintiff may receive the minimum statutory award of $1,000 under the Privacy Act of 1974, 5 U.S.C. § 552a(g)(4). Doe v. Chao, 540 U.S. at 627. In Doe v. Chao, however, the Court left open the definition of what qualified as “actual damages,” while noting that a circuit split existed at the time. Id. at 627 n.12.
In her dissent, Justice Sotomayor argued that the text of the Privacy Act does not specifically exclude non-pecuniary damages from recovery, and noted that this would render the Privacy Act’s remedial provisions “impotent” in instances where unlawful agency action leads only to non-pecuniary losses. She referred to this result as “patently at odds with Congress’ stated purpose” for the Privacy Act, and suggested that the majority “discounts the gravity” of emotional harms suffered in privacy violations by suggesting that “a $5 hit to the pocketbook [is] more worthy of remedy than debilitating mental distress.”
The Court’s ruling is broadly consistent with the majority of the federal courts grappling with privacy litigation, which have generally required some demonstration of tangible, provable harm before granting standing or damage awards to plaintiffs. Because Cooper is limited to the context of the Privacy Act, however, it is unclear what import the case will have on claims predicated on common law privacy torts or on statutes where the question of sovereign immunity is not implicated. Nonetheless, Cooper and Chao together demonstrate that the Supreme Court does not view the provision of minimum statutory damages – $1,000 per violation in the case of the Privacy Act – as sufficient in itself to obviate the need to allege concrete injury. Under the Privacy Act, the Court has now clearly held that such concrete injury must entail pecuniary or economic loss. What is not clear, however, is whether the Court’s perspective in Cooper will influence how lower courts address cognizable injury under other privacy statutes that provide for statutory damages. In any event, Cooper certainly does nothing to provide any jurisprudential or philosophical support to expand the range of what types of injury are actionable in privacy litigation.
If you have any questions regarding this update, please contact Alan Charles Raul (+1.202.736.8477, araul@sidley.com), Edward R. McNicholas (+1.202.736.8010, emcnicholas@sidley.com), Peter D. Keisler (+1.202.736.8027, pkeisler@sidley.com), Jonathan P. Adams (+1.202.736.8049, jpadams@sidley.com), or the Sidley lawyer with whom you usually work.
The Privacy, Data Security & Information Law Practice of Sidley Austin LLP
We offer clients an inter-disciplinary, international group of lawyers focusing on the complex national and international issues of data protection and cyber law. The group includes regulatory compliance lawyers, litigators, financial institution practitioners, healthcare lawyers, EU specialists, IT licensing and marketing counsel, intellectual property, and white collar lawyers. Sidley provides services in the following areas:
- Privacy and Internet Litigation and Regulatory Advice
- Data Breach, Incident Response, and Cybersecurity Advice
- Global Data Protection and Information Security
- Information Governance Assessments and Compliance Programs
- International Data Transfer Solutions, Outsourcing and Cross-Border Issues
- Cyberlaw, E-Commerce, Social Media, Cloud Computing and Internet Issues
- EU, China and Japan Compliance Counseling
- Gramm-Leach-Bliley and Financial Privacy
- HIPAA and Healthcare Privacy
- Communications Law and Data Protection
- Workplace Privacy and Employee Monitoring
- Unfair Competition, Advertising and Consumer Protection
- Website Policies Online Trademarks and Domain Name Protection
- Records Retention, Electronic Discovery, Government Access and National Security
One of the first law firms to have a dedicated national Appellate group, Sidley has one of the preeminent Supreme Court practices in the country and our lawyers represent clients on virtually every type of federal legal issue, including bankruptcy, criminal, constitutional, antitrust, transportation, IP, communications, employment, civil rights, tax, government contracts, arbitration and health law. Since the Appellate practice began in 1985, Sidley lawyers have briefed more than 190 cases on the merits and argued more than 105 cases before the Court.
To receive future copies of this and other Sidley updates via email, please sign up at www.sidley.com/subscribe.
This Sidley update has been prepared by Sidley Austin LLP for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers.
Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South Dearborn, Chicago, IL 60603, 312.853.7000. Prior results do not guarantee a similar outcome.