website recording

Papa John’s Sued for Alleged Unauthorized Website Recording

A hot button topic for any company conducting business in the digital marketing industry is the matter of consumer consent. Whether businesses successfully obtain the requisite consumer consent can mark the difference between a legal website experience and one that could violate various data privacy regulations. Recently, courts have confronted issues of user consent in the context of the utilization of website recording technology. One such technology is known as “session replay” spyware. It enables website owners to intercept and observe the way users interact with webpages, including observing and recording movements of a mouse, clicks, keystrokes, page and content views, as well as information inputted into websites by consumers. 

What is Acceptable Consent to Engage in Website Recording?

Several states, most notably California, are in the process of strengthening their data privacy laws and related user consent requirements. In addition, old consumer protection regulations are now being applied to the use of website recording technologies. In a recent blog, we covered the pivotal decision in Javier v. Assurance IQ, LLC, which held that prior express consent must be obtained in order to legally record a user’s website visit. Failure to do so poses the risk of violating Section 631(a) of the California Invasion of Privacy Act (commonly known as the State’s “wiretapping” law or “CIPA”). In Javier, the Ninth Circuit specifically held that retroactive consent does not satisfy the requirements of Section 631(a). Due to an increase in copycat lawsuits, website owners using session replay technology must adhere to the rapidly-evolving caselaw.

New Complaint Alleges that Use of Website Recording Technology Violates California Law

In a recent class action, Kauffman vs. Papa John’s International, Inc., Plaintiff and a proposed class of consumers are seeking damages and injunctive relief from the popular pizza chain for violations of the Federal Wiretap Act and the CIPA. Specifically, Plaintiffs argue that Defendant used, without authorization, and without Plaintiffs’ knowledge or prior consent, session replay spyware. In so doing, Defendant was able to “contemporaneously intercept, capture, read, observe, re-route, forward, redirect, and receive Plaintiff’s and Class Members’ electronic communications.” The allegations characterized use of this website recording technology as effectively being able to record and playback a user’s interaction with a website, “as if someone is looking over [one’s] shoulder when visiting Defendant’s website.” Additionally, Plaintiffs allege that this technology enables Papa John’s to create a detailed profile of visitors to its site. Plaintiffs are suing for damages that include the greater of $10,000 or $100 per day for each violation of the Wiretap Act and $2,500 to each class member for CIPA violations, as well as costs and reasonable attorneys’ fees. 

Companies using Website Recording Technology Must Take Heed

Internet marketing companies must be aware of the depth and breadth of evolving data privacy laws, or risk facing civil and, in some cases, criminal liability. Collecting consent and personal information through a website is almost universal. But the different types of consent that a business must obtain and in what order can be complicated, to say the least. Hiring experienced marketing and privacy attorneys can save your business the expense and headache of trying to resolve these issues on your own. The attorneys at Klein Moynihan Turco have years of experience in all marketing and privacy law matters. If you need assistance with updating your practices and procedures with respect to use of website recording technology, please email us at or call us at (212) 246-0900

The material contained herein is provided for informational purposes only and is not legal advice nor is it a substitute for seeking legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Photo by Hal Gatewood on Unsplash

Related Blog Posts:

9th Circuit Sets Trend On Valid Consent For Website Visit Recordings

Trusted Form Wiretap Case Sows TCPA Confusion

Was NFL Enterprises Sued For Alleged Automatic Renewal Law Violations?


David Klein

David Klein is one of the most recognized attorneys in the technology, Internet marketing, sweepstakes, and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.

Trending Topics

TCPA vicarious tcpa law woman holding cellphone telemarketing laws

TCPA Vicarious Liability

An Illinois federal district court judge recently held that State Farm Mutual Automobile Insurance Company (“State Farm”) may be vicariously liable for alleged Telephone Consumer

Read More »