Recent class action lawsuits have targeted websites’ use of third-party tools, like Meta Pixel, under the California Invasion of Privacy Act (CIPA) and other wiretapping laws.
This article provides an overview of CIPA’s scope, main requirements, and the emerging legal landscape regarding these technologies.
The purpose of CIPA is to protect California residents and their private communications from illegal wiretapping and eavesdropping. Though it existed prior to the internet era, CIPA, like similar state and federal wiretapping laws, has recently been applied to online activities following development in case law; this is especially true with regard to third-party data-collecting technologies like Meta Pixel, chatbots, analytics, and session replay tools.
Wiretapping laws have been used by US attorneys to target website owners more frequently, claiming that certain online data collection and sharing activities are covered by these regulations. Recent court rulings recognizing possible links between wiretapping laws and the use of the abovementioned third-party technologies on websites are the driving force behind this development.
The focus, in particular, is on the connection between third-party service providers accessing information collected on websites through these technologies and the unauthorized access to private communications (in this case, between the user and website owner) regulated by CIPA and other wiretapping laws.
The main claims brought forward in these lawsuits generally focus on:
While some courts have accepted the above claims under CIPA and wiretapping laws, seeing a link between these technologies and potential privacy violations, others have rejected such claims. Thus creating some uncertainty. Given the evolving legal landscape, businesses can take several steps to protect themselves from potential litigation:
The intersection of wiretapping laws and online data collection is a developing area of law. While many lawsuits are still pending, it is crucial for businesses to stay informed and adopt proactive measures to ensure compliance. Transparency and user consent are key strategies to mitigate legal risks in this uncertain environment.