This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Home   |   Contact Us   |   Sign In   |   Register
Article Library
Blog Home All Blogs
Search all posts for:   


View all (853) posts »

Decoding DiNaples: The Third Circuit Court of Appeals Analyzes the Use of QR Codes on Envelopes

Posted By USFN, Tuesday, February 4, 2020
Updated: Monday, February 3, 2020

by Lisa A. Lee, Esq.

KML Law Group, P.C.

USFN Member (PA, NJ)


Ah, “A Christmas Story.” It’s a classic. No matter what holiday you celebrate near the end of each year, you’ve likely seen it. Who can forget Ralphie’s epic quest to drink enough Ovaltine to earn his Little Orphan Annie Secret Society decoder pin? His anticipation when it finally arrives? (“Honors and benefits, already at the age of nine!”) And the crushing letdown when he finally decodes the message? (“’Be sure to drink your Ovaltine?’ A crummy commercial?!?”)

Times have certainly changed since Ralphie was growing up in the 1940s. Now “decoding” the information contained in a symbol, such as a quick response (“QR”) code, is simple as long as you have a smartphone. Progress is a wonderful thing, and anyone involved in a business that deals with a high volume of returned mail knows that having an automated system for sorting and routing that mail is important to an efficient operation. However, progress can sometimes come with heightened compliance risk, as was illustrated by the recent opinion of the U.S. Court of Appeals for the Third Circuit in the case of DiNaples v. MRS BPO, LLC, 934 F.3d 275 (3d Cir. 2019).

Before we get into the facts of DiNaples, a little history is in order. 

Rewind to 2014, when the Third Circuit was faced with a case in which a debt collector sent a collection letter to a consumer using an envelope with a clear window. The window was large enough to reveal several pieces of information printed on the letter inside, including both the consumer’s internal account number with the debt collector, and a QR code that, when scanned, revealed both the account number and the monetary amount of the debt. The case was Douglass v. Convergent Outsourcing, 765 F.3d 299 (3d Cir. 2014), the holding of which seems axiomatic today. The Douglass Court found that revealing the personally identifiable information of the consumer in a way that was visible from the outside of the envelope violated the Fair Debt Collection Practices Act (“FDCPA”), specifically 15 U.S.C. §1692f, which prohibits a debt collector from using any “unfair or unconscionable” means to collect a debt, including:

[u]sing any language or symbol, other than the debt collector's address, on any envelope when communicating with a consumer by use of the mails or by telegram, except that a debt collector may use his business name if such name does not indicate that he is in the debt collection business. 15 U.S.C. §1692f(8).

Notably, the Douglass Court declined to affirm the District Court’s reasoning that the information revealed by the debt collector met a “benign language exception” to §1692f(8).  The benign language exception evolved, and was embraced by the court below, because the plain language of §1692f(8) allows only for the inclusion of the debt collector’s address, and possibly its business name (if that name does not signal that debt collection is the nature of the business), on an envelope. Because more information is obviously necessary in order to send the mail at all, an exception for other “benign” language and symbols developed to prevent an absurd result from a literal reading of the statute. Id. at 302-303. This exception was meant to capture the use of language and symbols that did not serve to either 1) reveal the purpose of the letter as debt collection, or to 2) “humiliate, threaten or manipulate” the recipient. Id. at 301. Other courts of appeals had found such an exception for innocuous language on the face of an envelope, such as the phrase “Priority Letter.” See, Goswami v. American Collections Enterprise, Inc., 377 F.3d 488 (5th Cir.2004). 

In Douglass, however, the Court found that because the consumer’s account number was not “benign” as a threshold matter, they would not entertain the larger question whether such an exception was warranted as a general rule. In the Court’s eyes, the account number was a piece of information that, when revealed to third parties, could expose the consumer’s financial difficulties. Therefore, its revelation violated a core concept of the FDCPA, the prohibition on “invasion of privacy.” Id. at 303. Interestingly, the plaintiff in Douglass had declined to pursue her argument that inclusion of the QR code on the envelope violated the FDCPA. Because this issue had been abandoned, the Douglass Court did not address it at all, paving the way for the DiNaples case, which was first filed in the U.S. District Court for the Western District of Pennsylvania the following year in 2015.

The facts of the DiNaples case are simple. The debt collector sent DiNaples a collection letter in an envelope that contained a QR code printed on the outside. When scanned, the QR code revealed a string of numbers that included DiNaples’ internal account number with the debt collector.  DiNaples, 934 F.3d at 277. DiNaples filed a class action lawsuit alleging that inclusion of the QR code on the envelope violated §1692f(8) of the FDCPA. The District Court granted summary judgment in favor of DiNaples on the issue of liability, and the debt collector appealed.

On appeal, the Third Circuit starts out by confirming that DiNaples had standing to sue because she had suffered a “concrete” injury when the QR code embedded with her internal account number was revealed on the outside of the envelope. The Court notes in its analysis that disclosure of private information embedded in a QR code that “anyone could easily scan and read,” raises core invasion of privacy concerns. Id. at 280. Therefore, it was not necessary for DiNaples to show anything other than the revelation of her private information in order for her to establish standing to sue. Id. at 280.

Moving on, the Court turns to a discussion of the particular conduct of the debt collector, likening it to the conduct of the debt collector in the Douglass case. Id. at 281. The debt collector in DiNaples attempted to argue that Douglass was distinguishable because the QR code, unlike the account number at issue in Douglass, was “facially neutral” and did not reveal any information unless it was scanned by a third party, in effect arguing that a benign language exception should apply. Id. at 282. The DiNaples Court was not persuaded, having previously noted that the District Court had found that a QR code could be scanned by “any teenager with a smartphone app,” and that use of the code was not materially different that simply printing the account number on the envelope. Id. at 282. 

The debt collector in DiNaples also argued that, even if its conduct violated the FDCPA, it should be able to avail itself of the bona fide error defense contained in 15 U.S.C. §1692k(c). That section provides that a debt collector cannot be held liable for a “violation that was not intentional and resulted from a bona fide error notwithstanding the maintenance of procedures reasonably adapted to avoid any such error.” Id. at §1692k(c). The Court looked to the Supreme Court’s holding in Jerman v. Carlisle, McNellie, Rini, Kramer & Ulrich L.P.A., 559 U.S. 573, 130 S.Ct. 1605, 176 L.Ed.2d 519 (2010), for the proposition that “the bona fide error defense in §1692k(c) does not apply to a violation of the FDCPA resulting from a debt collector’s incorrect interpretation of the requirements of that statute.” Id. at 604–05, 130 S.Ct. 1605, and went on to find that the conduct in DiNaples was not protected as a bona fide error because the debt collector intentionally printed the QR code on the envelope. The facts that the debt collector was well intentioned and did not believe that it was violating the FDCPA did not change the analysis that the conduct resulted from a mistake of law, rather than from a mistake of fact. Id. at 282.

The DiNaples opinion serves as a cautionary tale, and as a reminder for all who are compliance minded that what’s on the outside of an envelope is just as important as what’s on the inside.

Copyright © 2020 USFN. All rights reserved.


Winter USFN Report


Tags:  Douglass v. Convergent Outsourcing  quick response (“QR”) code  technology 

Share |
Permalink | Comments (0)
Membership Software Powered by YourMembership  ::  Legal