Despite some favorable rulings, lawsuits alleging California Invasion of Privacy Act (“CIPA”) claims against companies that use third-party tracking technology to collect consumer data on their websites show no signs of slowing down. This fact is illustrated by two recent California State court lawsuits which allege CIPA claims for Defendants’ alleged use of third-party tracking technology on their websites.
CIPA Claims Continue To Be Filed
In Tulin v. Spark Fun Electronic Inc., Plaintiff asserted CIPA claims against Defendant for its alleged use of third-party tracking software and code to “create a unique digital profile of each individual website visitor.” Specifically, Plaintiff alleges that Defendant secretly attaches a “tracking beacon” to the devices of those who visit Defendant’s website to collect, among other things, the user’s: (1) IP address; (2) operating system and browser information; (3) geolocation data; and (4) email address. Collection of this information allegedly allows Defendant to “digitally fingerprint” users who visit Defendant’s website. Use of these “tracking beacons,” according to the Complaint, violates CIPA because they constitute trap and trace devices or pen registers and are used without a visitor’s consent. The Complaint further alleges that Defendant illegally wiretaps website visitor communications by: (1) using session replay code to “intercept, record, save, and replay website visitors’ interactions”; and (2) sending this information to a third-party who stores and replays the collected data.
Similarly, in Garcia v. Everquote, Inc., Plaintiff asserted a CIPA claim on behalf of himself and a purported class of consumers. The Complaint alleges that Defendant utilizes third-party software that “gathers device and browser information, geographic information, referral tracking, and url tracking by running code or ‘scripts’ on the Website to send user details . . .” to the third-party software provider. Plaintiff further alleges that the third-party software violates CIPA because it is tantamount to a “trap and trace device,” a device which captures incoming dialing, routing, addressing, and signaling information. According to the Complaint, the third-party software begins collecting consumer information the moment a consumer visits the website and before Defendant obtains consumer consent to this data collection.
What Should You Do If You’re Facing CIPA Claims?
As our readers know, CIPA claims can be expensive. The statute allows for a private right of action and the recovery of: (1) $5,000 per violation; or (2) three times the amount of actual damages, if any; and (3) injunctive relief. As such, the plaintiffs’ bar will continue to file lawsuits alleging CIPA claims against businesses until California courts stop entertaining them.
If your company uses third-party tracking software on its consumer-facing website, determining whether you comply with CIPA, and other state privacy laws requires hiring experienced counsel. The attorneys at Klein Moynihan Turco (“KMT”) have years of experience assisting companies with federal and state marketing and consumer privacy regulations. Importantly, the KMT litigation team has successfully defended numerous businesses in CIPA lawsuits. If your company employs third-party tracking software or has been served with a CIPA lawsuit, please email us at info@kleinmoynihan.com or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice nor is it a substitute for seeking legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising
Photo by ThisisEngineering on Unsplash
Similar Blog Posts:
CIPA and Trap and Trace Devices
