I. Introduction
Any business operating a website needs to be aware of the proliferation of lawsuits targeting websites which use any type of customer tracking technology. While advantageous to the business in its marketing efforts, the data collection subjects the business to potential liability. This is true whether the business is physically located in California or elsewhere – if the business gathers California customer’s information, a risk arises.
II. What sort of technologies are being targeted?
a. Web Beacons: Web beacons gather information about visitors to websites. They are usually invisible and used to monitor website traffic and the effectiveness of email marketing campaigns. Web beacons track visitor behavior, such as the pages they view and the links they click. When a web beacon loads on a website or in an email, it sends data back to the website owner or the third-party company.
b. Session Replay: The Session Replay Code enables website operators and third-party providers of the technology to record, save, and replay users’ interactions with the website, like an electronic transcript. The code captures interactions at a granular level, including all of the user’s mouse movements, clicks, scrolls, zooms, window resizes, keystrokes, text entry, and other navigations through the website. Session Replay Providers use the information captured to recreate a video playback of the user’s interaction with the website.
c. Chat Features: Live or automated instant messaging features on websites designed to help users communicate for customer service purposes.
d. Pixel Trackers and Google Analytics: The Meta Pixel is a publicly available piece of code that Meta allows third-party website developers to install on their websites. In a nutshell, the Meta Pixel allows website developers to learn: (1) if and when website users take certain actions on a website, and (2) generalized information about website users, which can be used for targeting advertising. Google Analytics operates similarly to the Meta Pixel.
III. California’s Invasion of Privacy Act
The California Invasion of Privacy Act (“CIPA”) was created to address illegal wiretapping. Now, the plaintiffs’ bar is using CIPA to attack new, web-based technologies. CIPA provides for a civil private right of action, , civil penalties of $5,000 per violation; or (2) trebled actual damages, whichever is higher. CIPA also authorizes courts to enjoin future and ongoing violations of the Act. T
CIPA also has prohibits use of a “pen register” (a log of outgoing phone numbers) or use of a “trap and trace device” (a log of incoming phone numbers). In addition to the civil remedies discussed above, businesses can be liable for a fine up to $2,500.
IV. Why These Technologies and CIPA Matter to You and Your Business
The plaintiffs’ bar has been sending numerous demand letters and filing myriad CIPA lawsuits, including class action suits, arising out of the use of third-party web technologies and “trap and trace” devices. To limit your exposure, it is important to be proactive, by ensuring you have an up-to-date Terms of Use and Privacy Policy. If your business becomes the target of a demand letter or lawsuit, Buchalter has an experienced team of litigators ready to assist.
