Just in time for Valentine's Day, the Massachusetts Court of Appeals rejected a divorcee's lawsuit for "false claims of love."
The plaintiff's eight claims were aptly characterized by the court as sounding in fraud, battery (i.e., contact upon improperly procured consent), infliction of emotional distress, and unjust enrichment. All of these claims turned on misleading inducement to marry as a common, operative allegation.
Massachusetts by statute "abolished the common law actions for alienation of affection," "reflect[ing] the Legislature's public policy decision to no longer consider judicial remedy appropriate for what is only 'an ordinary broken heart.'" Christopher Robinette wrote succinctly about the "heart balm
torts"—alienation of affections, criminal conversation, seduction, and
breach of promise to marry—in November at Tortsprof Blog. Reading between the lines of the law, the court explained that legislators meant to preclude any cause of action that would require "'explor[ing] the minds of' consenting partners" (quoting precedent).
This case was not about failure to marry, but about marriage under allegedly false pretenses. Same difference, the court held, with respect to claims of fraud or misrepresentation: plaintiff's "artful pleadings fail to hide the fact that these claims, based on events that occurred prior to the marriage, are precluded ...." The same result controlled battery, as the consent analysis plainly would defy the inferred legislative intent.
As to IIED, the plaintiff could not meet the threshold of "extreme and outrageous," neither through allegation of an adulterous affair, even if calculated to inflict emotional injury, nor through failure to disclose "concealment of past sexual or romantic history." Massachusetts courts at least in theory recognize a cause of action for negligent infliction of emotional distress (NIED)--the truly pure case of it is far rarer than recitation of the theory--but found the record "bereft of physical harm manifested by objective symptomatology." On both points, one must recall Jones v. Clinton, 990 F. Supp. 657 (E.D. Ark. 1998), per the Hon. Susan Weber Wright. This case also well exemplifies why NIED is not sound doctrine, a point the Supreme Judicial Court might ought revisit one day.
On unjust enrichment and related theories, the court concluded that any unjustness was predicated on the earlier rejected fraud, and otherwise, the plaintiff was in no way of feeble mind.
The court summed up: "[N]ot all human actions in the context of the dissolution of a marriage have an avenue for legal recourse, no matter how much anger, sorrow, or anxiety they cause." Broadened to all affairs of the heart, the conclusion well restates essential tort policy, lest we become the caricature of the litigious society.
The case is Shea v. Cameron, No. 16-P-1479 (Mass. Ct. App. Feb. 9, 2018), per Agnes, Sacks, and Lemire, JJ.
Showing posts with label public policy. Show all posts
Showing posts with label public policy. Show all posts
Sunday, February 11, 2018
'False claims of love': Mass. App. speaks from the heart for Valentine's Day
Monday, October 16, 2017
Decedent's reps fight Yahoo! for email access, beat federal preemption argument in state high court
The Massachusetts Supreme Judicial Court has rendered a thought-provoking judgment about postmortem access to a decedent's Yahoo! e-mail account. The case is Ajemian v. Yahoo!, Inc., No. SJC-12237, Oct. 16, 2017, per Justice Lenk. The SJC nabbed the case sua sponte from Mass. App. The case will be available soon from Mass.gov new slip opinions.
Yahoo! denied access to the personal representatives of the decedent's estate on two grounds: (1) that access was prohibited by the preemptive, federal Stored Communications Act (SCA) (1986), essentially a sectoral privacy statute, and (2) that the representatives' common law property interest in digital assets was superseded by Yahoo! terms of service (ToS).
The trial court ruled in favor of Yahoo! on the SCA grounds and opined only indeterminately on the ToS argument. The SJC reversed and remanded. The Court employed a presumption against implied preemption to find the representatives outside the "lawful consent" terms of statutory exemption in the SCA, which would require actual owner consent. The SCA therefore provided no barrier to access under state law on these facts. This is an important precedent in state construction of federal law to limit the reach of the SCA.
Tantalizingly on the ToS front, the trial court held that it could not opine definitively on Yahoo!'s position because of unresolved questions about the formation and enforceability of the ToS as contract. The SJC reiterated that the trial judge had not established whether a "meeting of the minds" had occurred as purported prerequisite to contract. That's a compelling observation in our world, awash as it is with click-wrap adhesion agreements being held enforceable by the courts without serious scrutiny. "Meeting of the minds," however much a staple of 1L Contracts, has been pretty much read out of the analysis in today's boilerplate world.
The case will be one to watch if it generates another appeal, but I'll be surprised if on these facts, Yahoo! goes to the mat if that means risking the ToS on the record.
Yahoo! denied access to the personal representatives of the decedent's estate on two grounds: (1) that access was prohibited by the preemptive, federal Stored Communications Act (SCA) (1986), essentially a sectoral privacy statute, and (2) that the representatives' common law property interest in digital assets was superseded by Yahoo! terms of service (ToS).
The trial court ruled in favor of Yahoo! on the SCA grounds and opined only indeterminately on the ToS argument. The SJC reversed and remanded. The Court employed a presumption against implied preemption to find the representatives outside the "lawful consent" terms of statutory exemption in the SCA, which would require actual owner consent. The SCA therefore provided no barrier to access under state law on these facts. This is an important precedent in state construction of federal law to limit the reach of the SCA.
Tantalizingly on the ToS front, the trial court held that it could not opine definitively on Yahoo!'s position because of unresolved questions about the formation and enforceability of the ToS as contract. The SJC reiterated that the trial judge had not established whether a "meeting of the minds" had occurred as purported prerequisite to contract. That's a compelling observation in our world, awash as it is with click-wrap adhesion agreements being held enforceable by the courts without serious scrutiny. "Meeting of the minds," however much a staple of 1L Contracts, has been pretty much read out of the analysis in today's boilerplate world.
The case will be one to watch if it generates another appeal, but I'll be surprised if on these facts, Yahoo! goes to the mat if that means risking the ToS on the record.
Tuesday, January 24, 2017
Intimate large parties and the duty to protect privacy
I had to take a blog break over the holidays in order to get a hefty book read and
to write a review of it. I’ll post on that when it
comes closer to publication. Meanwhile,
my, how the world has changed! Let me kick
off the new year with a look at some related developments in privacy law.
As Marion Oswald of the University of Winchester wrote recently
for the journal of Information Communication
& Technology Law (open source), to paraphrase, privacy ain’t what it used to be. Oswald opened with a quote from The Great Gatsby, so it goes without
saying that that needs to be reiterated here.
She wrote,
At one of the Great Gatsby’s spectacular parties, the golf champion Jordan Baker remarked to Nick Carraway that she likes large parties: “They’re so intimate. At small parties there isn’t any privacy.”
From that paradox, Oswald builds the case that privacy must
be redefined to protect individuals in the digital world. She observes the inadequacy of the “reasonable
expectation of privacy” (REP) test—the U.S. Fourth Amendment standard—given the
objective test’s tendency to drive itself to extinction in a world of
objectively diminishing privacy. Kade Crockford with the ACLU of Massachusetts articulates this point brilliantly in her lectures. Oswald is not the first to reach
her conclusion, but she does so compellingly.
Two recent cases, from Pennsylvania and Massachusetts,
reached different conclusions on the question of a corporate defendant’s duty to safeguard private data. The cases show the struggle under way in U.S.
courts to do just what Oswald proposed—to redefine privacy in the digital
age. The United States is increasingly
at odds with Europe, and for that matter the rest of the world, on this
question. Heralded as a modern human right in Europe, data protection is a burgeoning
global legal field—and corporate obligation.
Tort law in the United States usually provides for a “duty”
by “default” in negligence—that is, all persons owe to all other a persons
a duty to exercise reasonable care (or not to act negligently), to avert harm to
all others. But the default rule of duty
is subject to some important limitations.
One limitation is the economic loss rule, which circumscribes negligence
liability. The rule precludes a plaintiff’s action
for nonphysical, economic injury alone. There
are plenty of exceptions to the rule, and some scholars even think it’s not
really a rule at all. For example, negligent
misrepresentation, which is like fraud but without intent, can be supported by economic
loss within the context and expectations of a business relationship.
Defamation and privacy torts can generate what looks like economic injury, but really are animated by their own, sui generis classes of damages to reputation and personality. U.S. privacy torts push in the European direction, but generally do not protect data voluntarily disclosed to third parties, such as employers and banks—a relation of the REP problem. That means no protection in privacy torts for financial data, even though it’s the stuff of identity theft.
Defamation and privacy torts can generate what looks like economic injury, but really are animated by their own, sui generis classes of damages to reputation and personality. U.S. privacy torts push in the European direction, but generally do not protect data voluntarily disclosed to third parties, such as employers and banks—a relation of the REP problem. That means no protection in privacy torts for financial data, even though it’s the stuff of identity theft.
The other limitation on duty by default is that U.S. law
imposes no affirmative duty to protect, or to render aid. This rule, too, is subject to many
exceptions, such as a parent’s duty to protect a child, contractual and
statutory duties to protect, and a duty not to abandon a rescue undertaken.
Here like in privacy law, European legal codes diverge from U.S. common law with a greater willingness to impose affirmative duty. In the United States, the affirmative-duty limitation also can relieve a corporate entity of a duty to safeguard data when the injury to the plaintiff is caused much more immediately by an intervening bad actor, such as the hacker or identity thief. (The problem in proximate causation is integrally related.)
Here like in privacy law, European legal codes diverge from U.S. common law with a greater willingness to impose affirmative duty. In the United States, the affirmative-duty limitation also can relieve a corporate entity of a duty to safeguard data when the injury to the plaintiff is caused much more immediately by an intervening bad actor, such as the hacker or identity thief. (The problem in proximate causation is integrally related.)
So on to the cases. Remember, "[i]t takes two to make an accident."
Pennsylvania
A January 12 Pennsylvania court decision, Dittman v. UPMC (Leagle) held that an employer had no duty to safeguard employees’ private information on a workplace computer. (Hat tip to Richard Borden at Robinson + Cole.) University of Pittsburgh Medical Center (UPMC) employees numbering 62,000 alleged disclosure of personal information in a data breach, resulting in the theft of identities and of tax refunds.
A January 12 Pennsylvania court decision, Dittman v. UPMC (Leagle) held that an employer had no duty to safeguard employees’ private information on a workplace computer. (Hat tip to Richard Borden at Robinson + Cole.) University of Pittsburgh Medical Center (UPMC) employees numbering 62,000 alleged disclosure of personal information in a data breach, resulting in the theft of identities and of tax refunds.
The court applied a five-factor test for duty:
1. the relationship between the parties;2. the social utility of the actor's conduct;3. the nature of the risk imposed and foreseeability of the harm incurred;4. the consequences of imposing a duty upon the actor; and,5. the overall public interest in the proposed solution.
UPMC prevailed in common pleas and superior courts, the
latter 2-1, arguing that it owed no duty to protect the plaintiff’s interests. On the affirmative duty question, the court
pointed to attenuated causation and professed willingness to defer to the state
legislature. As summarized by Brian J.Willett for the Reed Smith Technology Law Dispatch:
The Superior Court observed that the social utility of electronic information storage is high, and while harm from data breaches is foreseeable, an intervening third party stealing data is a superseding cause.
Additionally, the Court explained that a judicially created duty of care would be unnecessary to motivate employers to protect employee information, as “there are still statutes and safeguards in place to prevent employers from disclosing confidential information” in addition to business considerations.
Finally, the Court agreed with the trial court’s conclusion that creating a duty in this context would not serve the public interest; rather, it would interrupt the deliberative legislative process and expend judicial resources needlessly.
The court then bolstered its conclusion by pointing to the
economic loss rule as well.
Massachusetts
Just before the holiday break in December, a Massachusetts Appeals Court also decided a case in which the plaintiff alleged an employer’s negligence in safeguarding private data—though the plaintiff was a client of the employer rather than an employee.
Just before the holiday break in December, a Massachusetts Appeals Court also decided a case in which the plaintiff alleged an employer’s negligence in safeguarding private data—though the plaintiff was a client of the employer rather than an employee.
The facts recited by the court in Adams v. Congress Auto Insurance Agency, Inc. (Justia), have the makings of
a docudrama. According to the court, Thomas
was fleeing police at high speed when he crashed his car into Adams's. Thomas was driving the car of his
girlfriend, Burgos, so Adams claimed against Burgos’s auto insurance. Meanwhile Burgos was both customer and customer
service manager of defendant insurance agency Congress. She reported her car stolen and filed her own
insurance claim.
Adams could identify Thomas. So Burgos used her computer access at work to identify Adams and passed his identity to Thomas. Thomas then phoned Adams, impersonated a state police officer, and threatened Adams: “‘Shut the F up and get your car fixed or you will have issues,’” the court purported to quote. Though I bet Thomas didn’t say just “F.”
Adams could identify Thomas. So Burgos used her computer access at work to identify Adams and passed his identity to Thomas. Thomas then phoned Adams, impersonated a state police officer, and threatened Adams: “‘Shut the F up and get your car fixed or you will have issues,’” the court purported to quote. Though I bet Thomas didn’t say just “F.”
Adams sued Congress on multiple theories, including
negligent failure to safeguard private data. At the trial level, according to the appeals court, “the motion
judge . . . rul[ed] that expert testimony was required to establish
whether the agency owed a duty to Adams to safeguard his personal information,
what that duty entailed, and whether the agency breached that duty.”
It’s odd that the motions judge sought expert
testimony, because, as the appeals court aptly observed, duty is unique among the
four elements of negligence—duty, breach, proximate cause, and injury—for being
purely a question of law, guided by public policy. Courts do not ordinarily hear expert
testimony on what the law is. The theory
goes that figuring that out is the judge’s main job. (Too bad, or being a law professor would be more
lucrative. I was gently tossed from the
witness stand once when a lawyer made a valiant but futile attempt to squeeze
me past the rule.)
Unlike the Pennsylvania Superior Court, the Massachusetts
Appellate Court found its way to a legal duty.
The court held “that the agency had a legal duty to Adams, a member of a
large but clearly defined class of third parties, to prevent its employee’s
foreseeable misuse of the information that Adams provided to process his
automobile insurance claim.” Where the
Pennsylvania court had pointed to statute to justify judicial restraint, the
Massachusetts court pointed to state data breach law to show that the legislature
had green-lighted legal duty (albeit "a single green light, minute and far away").
“Just as those with physical keys to the homes of others
have a duty of reasonable care to preserve their security,” the Massachusetts
court reasoned, “companies whose employees have access to the confidential data
of others have a duty to take reasonable measures to protect against the misuse
of that data.” Indeed, the court cited a
keys case as applicable precedent. The
court made no fuss over the rule of affirmative duty or the rule of economic
loss. In a discussion of causation, the
court seemed content to resort to foreseeability on the facts.
Summary judgment for defendant Congress was vacated, and the
case was remanded for trial.
Conclusion
Advocates who wish to block European-style data protection in the United States use the availability of state tort law remedies as one tool in the toolbox to argue that U.S. law already sufficiently safeguards personal data from both sides of the Atlantic. That’s not true. Not yet.
Advocates who wish to block European-style data protection in the United States use the availability of state tort law remedies as one tool in the toolbox to argue that U.S. law already sufficiently safeguards personal data from both sides of the Atlantic. That’s not true. Not yet.
Data protection in the United States is confounded by the
rules of affirmative duty and economic loss.
And that’s not bad; those rules exist for sound public policy reasons. They also are excepted for sound reasons.
I’ve written before (e.g., here and here) that popular thinking and expectations
with respect to individual privacy are converging in the United States and
Europe, even if a legal bridge lags behind.
Common law negligence can be a vital building block of that bridge. But it’s a work in progress.
“‘Don’t believe everything you hear, Nick.’”
Subscribe to:
Posts (Atom)