Washington Law Review


Businesses routinely lose or misuse individuals’ private information, with results that can be devastating. Federal courts often leave those individuals without legal recourse by dismissing their lawsuits for lack of standing, even though plaintiffs in these cases provide stronger showings of harm than courts usually require. Using an original data set, this Article shows how standing analysis in these cases has gone awry and argues that the standing inquiry in today’s data-protection cases harms both public policy and standing doctrine.

This Article makes three contributions to literatures in federal courts and privacy. First, it shows that current federal court practice too often allows data collectors to cause harm without penalty. Data collectors—from theme parks and grocery stores to Equifax and Google—routinely collect private information improperly and inadequately protect the data they collect. This Article unpacks the various ways federal courts get standing wrong in the lawsuits that follow, such as by focusing on the particular scraps of information collected or lost via data breach to find plaintiffs have not suffered an “injury in fact.” Second, this Article draws on an original data set of 217 federal data-protection decisions to demonstrate systemic pressures that lead federal courts to misapply standing doctrine in data-protection litigation. Existing scholarship focuses on analyzing a handful of leading appellate cases and therefore misses the full scope of federal courts’ seeming hostility toward data-protection lawsuits. Third, by bringing to light systemic issues that have not been considered in this context, this Article proposes changes to federal courts’ approach to standing in these cases that will help align the incentives and costs of data collection and help to develop a robust body of federal law on issues of data protection.

First Page


Included in

Privacy Law Commons