Certain quick response codes that are visible on an envelope’s face have been found to violate the FDCPA.
The United States District Court for the Middle District of Pennsylvania has ruled that QR codes that can be seen on the face of an envelope and that have an account number embedded within them are in violation of the Fair Debt Collection Practices Act (FDCPA).
When visible quick response codes are used in conjunction with account numbers they become a privacy concern.
According to the court, by using QR codes on envelopes in ways that they are visible to people other than the account holder, and when they are linked to an account number, it makes those individuals “susceptible to privacy intrusions.” This was determined in the court in Styer v Professional Medical Management, Inc. The court ruled in favor of the plaintiff, in a summary judgment that determined that if a QRcode was applied in a way that was visible on the outside of the envelope and someone who scanned it could obtain the name, account number, and address of the recipient, then it was in violation of the FDCPA.
The reason is that in that way, the QR codes would expose the intended recipient’s information.
More specifically, the court referred to Section 1692f(8) of the FDCPA, which said that a debt collector was not permitted to use “any language or symbol, other than the debt collector’s address,” as well as its business name, “if such name does not indicate that he is in the debt collection business.” Essentially, debt collectors are not supposed to expose the financial issues of debtors to the public.
While there are circumstances in which courts have determined that the addition of a symbol to an envelope does not necessarily indicate that a piece of mail is looking to collect on a debt or otherwise humiliate or threaten the recipient, in what is sometimes referred to as the “benign language exception”. However, in this case, the court decided that the QR code was not benign, as it was encoded not only with the name and address of the debtor, but also his or her account number.
The QR codes are easy enough to scan that it would mean that the information is broadly accessible and “susceptible to privacy intrusions.”