QR Code on Envelope Violates Privacy Afforded to Debtors

(August 15, 2019) Can a QR code be too revealing and invade a person’s privacy? If it contains the account number of a consumer and it appears on a debt collection envelope, then it may be an illegal invasion of privacy.

The Third Circuit affirmed a trial court’s finding that if a debt collector puts a QR code on the envelope of a collection letter that, when scanned, reveals the consumer’s account number, then the debt collector has violated the Fair Debt Collection Practices Act (“FDCPA”). The FDCPA prohibits a debt collector from putting anything other than its address on an envelope mailed to a consumer.

MRS BPO, LLC, a debt collector, sent a debt collection notice to Donna Dinaples. The envelope included a QR code generated by MRS BPO specific to her account. If the QR code were scanned by a smartphone app—which, the court said, could be easily done by anyone—the scan would reveal Ms. Dinaples’ account number with MRS BHO. The appellate court said, because displaying a consumer’s account number on an envelope “implicates a core concerning animating the FDCPA—the invasion of privacy,” it makes no difference that the information was revealed only after a scan of the QR code.

MRS BPO argued that the QR code did not violate the FDCPA because a third party scanning the QR code to reveal the number “is akin to opening a letter addressed to another,” which is illegal, and therefore MRS BPO should not be liable.

Not so, said the appellate court. It does not matter if the scanning would be illegal. “The debt collector has still exposed private information to the world in violation of the FDCPA.”

Donna Dinaples v. MRS BPO, LLC, Third Cir. No. 18-2972, issued August 12, 2019.

QR Code on Envelope Violates Privacy Afforded to Debtors