This week the U.S. Supreme Court held in Federal Aviation Administration v. Cooper that an individual harmed by a federal agency’s violation of the Privacy Act cannot recover damages unless he or she is able to prove an economic loss.  Under the Privacy Act, federal agencies are prohibited from disclosing “any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains,” unless one of twelve statutory exceptions applies.  An individual may sue an agency for “actual damages” if the agency intentionally or willfully violates the Act’s requirements. 

At issue in the case was whether mental and emotional distress could constitute “actual damages.”  The respondent, a pilot whose pilot certificate was revoked based on medical records that were wrongfully disclosed by the Social Security Administration (SSA) to another government agency, claimed that the SSA’s disclosure of his confidential medical information (including his HIV status) had caused him mental and emotional distress.  Acknowledging that the meaning of “actual damages” is ambiguous and varies depending on the context, Justice Alito, writing for a 5-3 majority (Justice Kagan did not participate in the case), interpreted the term narrowly in the government’s favor based on the concept of sovereign immunity, which limits a person’s ability to recover from sovereign governments.  Under this narrow interpretation, “actual damages” as used in the Privacy Act requires an economic loss and excludes recovery for mental and emotional distress.  Consequently, the respondent was left without recourse for the SSA’s unlawful disclosure of his medical information.     

Although the holding turned on the fact that the federal government — as opposed to, for example, a private entity — disclosed the information, the majority opinion drew parallels between the Privacy Act and common law defamation and privacy torts to differentiate between “general damages” and “special damages.”  Justice Alito equated “actual damages” with “special damages,” which he argued are limited to pecuniary losses.  In contrast, he argued that “general damages” cover nonpecuniary damages, including mental and emotional distress.   

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the…

Lindsey Tonsager helps national and multinational clients in a broad range of industries anticipate and effectively evaluate legal and reputational risks under federal and state data privacy and communications laws.

In addition to assisting clients engage strategically with the Federal Trade Commission, the U.S. Congress, and other federal and state regulators on a proactive basis, she has experience helping clients respond to informal investigations and enforcement actions, including by self-regulatory bodies such as the Digital Advertising Alliance and Children’s Advertising Review Unit.

Ms. Tonsager’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, behavioral advertising, e-mail marketing, artificial intelligence the processing of “big data” in the Internet of Things, spectrum policy, online accessibility, compulsory copyright licensing, telecommunications and new technologies.

Ms. Tonsager also conducts privacy and data security diligence in complex corporate transactions and negotiates agreements with third-party service providers to ensure that robust protections are in place to avoid unauthorized access, use, or disclosure of customer data and other types of confidential information. She regularly assists clients in developing clear privacy disclosures and policies―including website and mobile app disclosures, terms of use, and internal social media and privacy-by-design programs.