[UPDATED] Appeals Court Upholds Lower Court Ruling That QR Code on Envelope Violates FDCPA

[EDITOR’S NOTE: Updated below with comments from Jeff Freedman, the co-CEO of MRS]

Less than two months after hearing arguments on the case, a panel of judges from the Third Circuit Court of Appeals yesterday unanimously affirmed a summary judgment ruling in favor of a plaintiff who sued a collection agency for including a Quick Response, or QR, Code on the outside of an envelope containing a collection letter.

A copy of the ruling in the case of DiNaples v. MRS BPO can be accessed by clicking here.

The plaintiff received a collection letter that had a QR code printed on the envelope. When scanned, the QR code would have revealed the internal reference number used by the defendant that was associated with the plaintiff’s account. The plaintiff filed a class-action lawsuit and was subsequently awarded summary judgment after a District Court judge ruled that printing the QR code was no different than printing the account number on the envelope, which is a violation of the third-party disclosure provision of the Fair Debt Collection Practices Act.

In making its decision, the Appeals court first dealt with the issue of standing. Having previously ruled in St. Pierre v. Retrieval-Masters Creditors Bureau that printing an account number was “a legally cognizable injury,” the panel concluded that printing the QR code was no different than printing an account number on an envelope because it made protected information available to the public. The panel rejected the defendant’s argument that someone needed to intercept the mail and scan the barcode in order for the plaintiff to have standing under Spokeo.

Under Section 1692f(8) of the FDCPA, collectors are prohibited from “[u]sing any language or symbol, other than the debt collector’s address, on any envelope when communicating with a consumer by use of the mails or by telegram, except that a debt collector may use his business name if such name does not indicate that he is in the debt collection business.”

The defendant argued that the QR Code would have to be unlawfully scanned — similar to opening someone else’s mail — in order to obtain the account information, but the panel determined that there is a difference between the two acts, indicating that someone could “surreptitiously” scan the code without the recipient knowing it had been done, but could not open someone else’s mail without the recipient realizing it.

There is no material difference between disclosing an account number directly on the envelope and doing so via QR code –– the harm is the same, especially given the ubiquity of smartphones. Whether it is illegal to scan someone’s mail, as MRS argues, is beside the point. The debt collector has still exposed private information to the world in violation of the FDCPA.

Finally, the defendant argued it was covered under the FDCPA’s bona fide error defense, because it “erred by using industry standards for processing return mail and appreciating that no person has ever used a QR Code to determine a letter concerned debt collection.” But, again, the panel of judges was not persuaded.

While MRS tries to characterize its error as one of fact, MRS ultimately just misunderstood its obligations under the FDCPA. Indeed, MRS all but admits that point when it argues that it “mistakenly believed that its conduct could not conceivably violate the FDCPA.” That is not a mistake of fact; it is a mistake of law. Had MRS’s printing of the QR code been the result of a clerical mistake, accidentally included contrary to the agency’s normal procedures, then it could conceivably avail itself of the bona fide error defense.

“Needless to say, we are deeply disappointed by the court’s ruling,” said Jeff Freedman, Co-CEO of MRS. “While we never agreed with the rationale behind the Douglass decision, we attempted to comply in the 3rd circuit by shielding our internal account number, that was interspersed among a string of other numbers, behind a QR code. Plaintiff in this case was never harmed. Her information was never compromised and we completely disagree with the court’s assessment that an invasion of privacy occurred. Other courts around the country agree with our position and we believe the 3rd circuit is simply incorrect in its reasoning.”

Check Also


CFPB Announces Nov. 30 Effective Date For Regulation F

The Consumer Financial Protection Bureau announced today that Regulation F will go into effect on …

Leave a Reply

Your email address will not be published.