3rd Cir. Extends Douglass “Glassine Window” FDCPA Case to QR Codes on the Outside of Envelopes

In DiNaples v. MRS BPO, LLC, No. 18-2972, 2019 U.S. App. LEXIS 23937 (3d Cir. Aug. 12, 2019), the Court of Appeals extended its Douglass decision to QR codes.

There is no dispute that that provision plainly prohibits the QR code. Still, as other courts have observed, § 1692f(8) is rather expansive when read literally. It would seemingly prohibit including “a debtor’s address and an envelope’s pre-printed postage,” as well as “any innocuous mark related to the post, such as ‘overnight mail’ and ‘forwarding and address correction requested.'” Strand v. Diversified Collection Serv., Inc., 380 F.3d 316, 318 (8th Cir. 2004); see also Goswami v. Am. Collections Enter., Inc., 377 F.3d 488, 493 (5th Cir. 2004). To avoid these “bizarre results,” Strand, 380 F.3d at 318, many courts, as well as the Federal Trade Commission, have read a “benign language exception” into § 1692f(8), see Goswami, 377 F.3d at 493-94. Although we have never adopted such an exception, MRS asks us to do so here and conclude that the QR code falls within it. But once again, we return to our decision in Douglass. To repeat, Douglass involved an envelope displaying the debtor’s account number with the debt collector. 765 F.3d at 300-01. There, as here, the debt collector urged us to read a benign language exception into § 1692f(8), and like MRS, the debt collector in Douglass argued that the account number should fall within that exception. See id. at 301. We declined to decide whether § 1692f(8) contains such an exception because, regardless, the account number was not benign. Id. at 301, 303. That number, we explained, was “a core piece of information,” the disclosure of which “implicate[d] a core concern animating the FDCPA—the invasion of privacy.” Id. at 303. We thus rejected the debt collector’s contention that the “account number is a meaningless string of numbers and letters, and its disclosure has not harmed and could not possibly harm Douglass.” Id. at 305-06. As with standing, the question is whether the analysis changes when the account number is not on the face of the envelope but is embedded in a QR code. The panel in Douglass explicitly left that question open. See id. at 301 n.4. But, keeping in mind that “the FDCPA must be broadly construed in order to give full effect to [its remedial] purposes,” Caprio v. Healthcare Revenue Recovery Grp., LLC, 709 F.3d 142, 148 (3d Cir. 2013), we agree with the District Court that the reasoning of Douglass applies fully to an account number embedded in a QR code. As explained above with respect to standing, the harm here is still the same — the unauthorized disclosure of confidential information. And if such disclosure was not benign, disclosure via an easily readable QR code is not either. Protected information has still been compromised. MRS argues that Douglass is distinguishable. There, the account information was on the face of the envelope, capable of being seen by all. Here, by contrast, the envelope facially displayed no connection to debt collection. It just revealed a QR code, which is facially neutral and appears on many commercial mailings. Any account information, according to MRS, is hidden from public sight and could only be seen by “unlawfully scanning” the envelope. MRS Br. 24 n.3. MRS suggests that “scanning the QR Code on an envelope addressed to another is akin to opening a letter addressed to another.” MRS Br. 23. We are not persuaded. While we do not decide here whether a benign language exception to § 1692f(8) exists, it would apply only to language truly benign relative to the purposes of the FDCPA. See Douglass, 765 F.3d at 303 (“[W]e cannot find language exempt from § 1692f(8) if its disclosure on an envelope would run counter to the very reasons Congress enacted the FDCPA.”). If, as we held in Douglass, disclosure of a debtor’s account number is an invasion of privacy, it follows that disclosure of a QR code embedded with that number is not benign. A QR code is still “susceptible to privacy intrusions,” even if it does not facially display any “core information relating to the debt collection.”4 Id. at 305. There is no material difference between disclosing an account number directly on the envelope and doing so via QR code — the harm is the same, especially given the ubiquity of smartphones.5 Whether it is illegal to scan someone’s mail, as MRS argues, is beside the point. The debt collector has still exposed private information to the world in violation of the FDCPA. We therefore hold that HN6 a debt collector violates § 1692f(8) when it sends to a debtor an envelope displaying an unencrypted QR code that, when scanned, reveals the debtor’s account number. We thus agree with the District Court that MRS, in doing so here, violated the FDCPA.

The Court of Appeals also held that the Debt Collector’s error of law interpreting the Douglass decision did not qualify for a “bona fide” error.

In Jerman v. Carlisle, McNellie, Rini, Kramer & Ulrich L.P.A., 559 U.S. 573, 130 S. Ct. 1605, 176 L. Ed. 2d 519 (2010), the Supreme Court held “that HN7 the bona fide error defense in § 1692k(c) does not apply to a violation of the FDCPA resulting from a debt collector’s incorrect interpretation of the requirements of that statute.” Id. at 604-05. Put differently, “FDCPA violations forgivable under § 1692k(c) must result from ‘clerical or factual mistakes,’ not mistakes of law.” Daubert v. NRA Grp., LLC, 861 F.3d 382, 394 (3d Cir. 2017) (quoting Jerman, 559 U.S. at 587). MRS contends that it committed a mistake of fact. It argues that it “erred by using industry standards for processing return mail and appreciating that no person has ever used a QR Code to determine a letter concerned debt collection.” MRS Br. 26. MRS insists that it “did not mistakenly interpret the FDCPA.” MRS Br. 26. But that is precisely what it did. While MRS tries to characterize its error as one of fact, MRS ultimately just misunderstood its obligations under the FDCPA. Indeed, MRS [*14]  all but admits that point when it argues that it “mistakenly believed that its conduct could not conceivably violate the FDCPA.” MRS Br. 31. That is not a mistake of fact; it is a mistake of law. Had MRS’s printing of the QR code been the result of a clerical mistake, accidentally included contrary to the agency’s normal procedures, then it could conceivably avail itself of the bona fide error defense. See Jerman, 559 U.S. at 587. But that is not MRS’s argument; indeed, MRS explains that using QR codes is “the industry standard.” MRS Br. 34. MRS may not have intended “to disclose that the contents of the envelope pertain to debt collection,” MRS Br. 27, but HN8 the bona fide error defense does not protect every well-intentioned act, see Jerman, 559 U.S. at 584-85. It applies only to clerical or factual mistakes. See Daubert, 861 F.3d at 394. The bona fide error defense is therefore inapplicable here.

DiNaples v. MRS BPO, LLC, No. 18-2972, 2019 U.S. App. LEXIS 23937 (3d Cir. Aug. 12, 2019)