The plaintiffs’ bar grounded these claims in the electronic interception provisions ofvarious state laws. Wiretap statutes like the California Invasion of Privacy Act, thePennsylvania Wiretapping and Electronic Surveillance Act, and the Florida Security ofCommunications Act generally prohibit the unauthorized interception or disclosure ofcommunications transmitted electronically.The plaintiffs’ bar targetedtechnologies that track auser’s interactions with thewebsite (e.g., clicking,scrolling, swiping, hoveringand typing) and create arecording of thoseinteractions and inputs –known as session replaysoftware.They also attacked coding tools that create and store transcripts of conversations withusers in a website’s chat feature. The plaintiffs in this new string of class actions allegethat recording users’ interactions with a website and sending that recording to a thirdparty for analysis without their consent is an illegal invasion of their privacy.Recent decisions from the Ninth and Third Circuits fueled the swell of lawsuits allegingviolations of these wiretap statutes.In May 2022, in Javier, et al. v. Assurance IQ, LLC, 2022 U.S. App. LEXIS 14951 (9thCir. May 31, 2022), the Ninth Circuit held that the California Invasion of Privacy Actrequires prior consent and explicitly rejected the argument that this wiretap statuteallows a business to obtain consent to the use of session replay software after therecording has already begun.The Ninth Circuit, however, did not comment on what would amount to effective consentto the use of session reply software under the wiretap statute.A few months later, the Third Circuit in Popa, et al. v. Harriet Carter Gifts, 45 F.4th 687(3d Cir. 2022) ruled that an electronic interception violating the PennsylvaniaWiretapping and Electronic Surveillance Act occurred when the plaintiff visited a websiteto purchase a product and her interactions on that site were recorded and transmitted toa third-party marketing firm. The Third Circuit concluded that the location of theinterception was plaintiff’s browser, and it rejected the defendants’ argument that thewiretap statute did not apply because the third-party marketing firm’s servers – wherethe information was sent – were located in Virginia.If other circuits follow the Third Circuit’s approach, it could subject companies to liabilityunder a state wiretap statute each time a user accesses its website from that state.In each of the three lawsuits brought thus far in Pennsylvania, the class consisted of12© Duane Morris LLP 2023Duane Morris Privacy Class Action Review – 2023
It seems that your browser's pop-up blocker has prevented us from opening a new window/tab. Please click the button below to open the link manually.
Table of contents
2
3
4
6
7
11
12
14
16
20
22
25
26
27
33
36
38
40
