Skip to main content
Procopio Logo

New Class Action Litigation Aimed at Website Chat Features

New Class Action Litigation Aimed at Website Chat Features

New Class Action Litigation Aimed at Website Chat Features

Imagine you’re the CEO of a Midwest-based company operating an e-commerce website. You just attended the monthly sales and marketing presentation, and are pleased with the customer satisfaction and sales revenue numbers since launching the company’s new website. Then you read a five-word email subject line: Class Action Lawsuit for Wiretapping. You are likely to be caught off guard, and perhaps now defending a class action in California.

Recently, a spate of class action lawsuits has been filed in California state and federal courts asserting violations of section 631(a) of the California Invasion of Privacy Act (CIPA), claiming that website operators are intentionally wiretapping or eavesdropping on users by recording and sharing information gathered during use of the site’s chat feature without user consent. The complaints seek significant statutory damages and other relief. Businesses operating websites accessible in California that use chat features or other marketing and analytics tools to collect user information should be aware of the allegations underpinning these new class actions.

At least 50 class action lawsuits have recently been filed based on allegations of wiretapping in violation of the CIPA, alleging the companies share chat data without first obtaining the user’s consent. These lawsuits follow the Ninth Circuit’s unpublished decision in Javier v. Assurance IQ, LLC, No. 21-16351, 2022 WL 1744107 (9th Cir. May 31, 2022), which held that user consent obtained after collecting their personal information did not defeat wiretapping claims. While Javier did not involve a website chat feature, nor a finding of liability for wiretapping, plaintiffs now argue the case requires that user consent be obtained before recording or sharing their chat content.

In many cases, the plaintiffs allege that the companies embed third-party code in their websites that allows those third-parties to intercept, eavesdrop upon, and store website users’ chat transcripts, all without obtaining prior express consent. They argue this conduct constitutes aiding and abetting wiretapping, and thus subjects the website operators to potential liability.

In addition to the chat feature allegations, some plaintiffs base their wiretapping claims on companies’ use of session replay software. Such software allegedly records the keystrokes, mouse clicks, and data entry of every visitor interaction with the companies’ websites, which the third-party software provider—claimed by the plaintiffs not to be a party to the communication—intercepts without consent.

While these claims are not novel—plaintiffs filed putative class action wiretapping cases involving session replay software even before Javier—the law over such software use is unsettled and so invites litigation. For example, some courts have dismissed claims that companies aided and abetted wiretapping when the third-party session replay providers did not use the collected information for their own benefit. Meanwhile, other courts have allowed such claims to survive regardless of whether the third-parties used the information for their own benefit.

Even absent a chat feature or use of session replay software on your website, other grounds may still support wiretapping claims based on the collection, recording, or storage of website visitors’ personal information. In Javier, the defendant’s website used an embedded tool for consent-based marketing. The tool required the user to input personal data, which it captured to generate health insurance quotes. After inputting the captured data but before the user could receive the free quote, the user had to click “View My Quote” and consent to the site’s Privacy Policy. Though the plaintiff clicked “View My Quote,” he still sued the site owner for allegedly wiretapping his interactions with the quote generator and allowing the third-party software provider to eavesdrop on the interaction. As noted, the Ninth Circuit rejected the notion that plaintiff’s subsequent consent barred his wiretapping claims, and so the case proceeded.

Privacy law is constantly changing and new types of class actions keep arising as web analytics and tracking tools become more commonplace and complex. Companies that use chat features or tracking technologies on their websites should review their notice disclosures and consent mechanisms to evaluate their risks. Consulting experienced counsel in such areas may help avoid expensive and protracted litigation.


Elaine F. Harwell

Partner and Privacy Officer

Elaine focuses on representing clients in privacy and data security matters, including litigating claims involving privacy issues, helping clients manage emerging risks and conduct privacy risk assessments, and advising on regulatory and compliance issues. She has been involved in numerous trials, as well as arbitration proceedings, related to contract and general business disputes, trade secret matters, complex unfair competition and business practice claims, and professional liability. Elaine has earned the ANSI-accredited Certified Information Privacy Professional/United States (CIPP/US) and the Certified Information Privacy Manager (CIPM) credentials through the International Association of Privacy Professionals (IAPP), and is the leader of Procopio’s Privacy and Cybersecurity practice and the firm’s Privacy Officer.

Elaine focuses on representing clients in privacy and data security matters, including litigating claims involving privacy issues, helping clients manage emerging risks and conduct privacy risk assessments, and advising on regulatory and compliance issues. She has been involved in numerous trials, as well as arbitration proceedings, related to contract and general business disputes, trade secret matters, complex unfair competition and business practice claims, and professional liability. Elaine has earned the ANSI-accredited Certified Information Privacy Professional/United States (CIPP/US) and the Certified Information Privacy Manager (CIPM) credentials through the International Association of Privacy Professionals (IAPP), and is the leader of Procopio’s Privacy and Cybersecurity practice and the firm’s Privacy Officer.

Sean M. Sullivan

Partner

Sean represents businesses and people in a variety of matters, including intellectual property rights (trademarks, copyrights, patents, and trade secrets), contracts, partnership and business management disputes, unfair competition, and class actions. He also has extensive experience in maritime matters, litigating cases involving injuries suffered aboard seagoing vessels, and in cases involving environmental issues. He is experienced in all phases of litigation, from pre-lawsuit investigations through trial and appeal. Sean’s clients span many industries, including aerospace, software and app development, social media, music, medical devices, aviation, architecture, craft breweries, manufacturing, visual and performing arts, banking and lending, apparel, and hi-tech and biotechnology. He previously worked for a San Diego biotech start-up that made products for use in immunology and molecular biology research.

Sean represents businesses and people in a variety of matters, including intellectual property rights (trademarks, copyrights, patents, and trade secrets), contracts, partnership and business management disputes, unfair competition, and class actions. He also has extensive experience in maritime matters, litigating cases involving injuries suffered aboard seagoing vessels, and in cases involving environmental issues. He is experienced in all phases of litigation, from pre-lawsuit investigations through trial and appeal. Sean’s clients span many industries, including aerospace, software and app development, social media, music, medical devices, aviation, architecture, craft breweries, manufacturing, visual and performing arts, banking and lending, apparel, and hi-tech and biotechnology. He previously worked for a San Diego biotech start-up that made products for use in immunology and molecular biology research.

Meg E. Dawson

Special Counsel
Meg focuses on civil litigation and appeals. She started her career in Silicon Valley helping public companies successfully defend securities class action lawsuits and government investigations. Since joining Procopio in San Diego, she has represented clients in wide range of industries, including real estate, health care, software, and consumer products. Meg is an experienced legal writer and devotes much of her practice to drafting discovery and pre-trial motions as well as appellate briefs and writs in California federal and state courts.
Meg focuses on civil litigation and appeals. She started her career in Silicon Valley helping public companies successfully defend securities class action lawsuits and government investigations. Since joining Procopio in San Diego, she has represented clients in wide range of industries, including real estate, health care, software, and consumer products. Meg is an experienced legal writer and devotes much of her practice to drafting discovery and pre-trial motions as well as appellate briefs and writs in California federal and state courts.

Stay up-to-date with the Procopio newsletter.

Sign Up Now

MEDIA CONTACT

Patrick Ross, Senior Manager of Marketing & Communications
EmailP: 619.906.5740

EVENTS CONTACT

Suzie Jayyusi, Events Planner
EmailP: 619.525.3818