Readers of this blog are well aware of the rise in consumer privacy litigation involving California Invasion of Privacy Act (“CIPA”) wiretap claims. Because CIPA is a broadly worded statute, California courts continue to confront CIPA wiretap claims. A California federal judge recently issued a decision in which she refused to interpret CIPA as expansively as some other California courts have done. Below, we discuss: (1) the claims asserted in the lawsuit; (2) the decision and the judge’s associated reasoning therefor; and (3) its implications for e-commerce companies.
CIPA Wiretap Decision Discussed
A consolidated set of putative class actions was brought against a large social media company arising out of Defendant’s advertising business and its attempt to compile detailed profiles of its users. In support of their CIPA wiretap claims, Plaintiffs asserted that Defendant developed a technique allowing it to circumvent the technical protections installed on the operating systems of users’ cell phones. By circumventing these protections, Plaintiffs asserted that Defendant was able to eavesdrop upon users’ communications without their consent. As a result, Plaintiffs asserted nine (9) privacy-related claims, including CIPA wiretap and pen register claims. To buttress their pen register claim, Plaintiffs asserted that Defendant tracked their communications and recorded their data, including, among other things: (1) the URLs of webpages visited; (2) information users searched for using search bars; (3) actions users took on webpages; (4) contents of commonly used form fields; and (5) IP addresses. In response, Defendant moved to dismiss.
Although the judge found that Plaintiffs plausibly alleged CIPA wiretapping claims against Defendant, the judge dismissed Plaintiffs’ CIPA pen register claim. In dismissing their pen register claim, the judge analogized the data that Defendant allegedly recorded to “envelope information, since with physical letters, they would include the mailing and return addresses, the stamp and postmark, and the size and the weight of the envelope when sealed.” Citing prior court precedent, the judge found that the allegedly recorded data was tantamount to browser identifiers that fall outside of the scope of CIPA’s pen register provision. To interpret otherwise, the judge concluded “would stretch CIPA’s already broad statutory language too far.” Although IP addresses may fall within the scope of what constitutes a pen register under CIPA, the judge ruled that Plaintiffs failed to allege how or when IP addresses are recorded. Given that Plaintiffs alleged the recording of IP addresses in conclusory fashion, the judge dismissed Plaintiffs’ CIPA pen register claim.
CIPA Wiretapping Lawsuits Are Certain to Continue
Because California is a dual-party consent state with robust consumer privacy protections, CIPA wiretapping lawsuits will continue to be filed on a regular basis. Further complicating the viability of CIPA wiretap claims is the fact that California courts have struggled to determine whether CIPA should apply to electronic communications. Although this decision is extremely well-reasoned, it is unclear whether other jurisdictions will follow suit given that California courts have been inconsistent in their interpretation of CIPA.
Until a bright-line rule is issued, e-commerce companies that utilize third-party tracking software on their consumer-facing websites will be vulnerable to CIPA claims. In light of the fact that CIPA allows for the recovery of: (1) $5,000 per violation; or (2) three times the amount of actual damages, if any; and (3) injunctive relief, these alleged violations (especially when they are brought on a class action basis) can be quite expensive. As such, companies should be extremely cautious when using third-party tracking technologies on their websites.
By hiring experienced counsel, companies can mitigate against CIPA and other consumer data privacy claims. The attorneys at Klein Moynihan Turco (“KMT”) have years of experience assisting companies with federal and state marketing and privacy law compliance. Importantly, the KMT litigation team has successfully defended numerous businesses in CIPA lawsuits and alternative dispute forums. If your company employs third-party tracking software or has been served with a CIPA wiretap demand, please email us at info@kleinmoynihan.com or call us at (212) 246-0900.
The material contained herein is provided for informational purposes only and is not legal advice nor is it a substitute for seeking legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Attorney Advertising
Photo by Giorgio Trovato on Unsplash
Similar Blog Posts:
Can’t Teach An Old Dog New CIPA Claim Tricks
