• Central District of California dismisses lawsuit alleging that a third-party’s interception of communications over a website’s live chat feature violated California’s wiretapping and eavesdropping prohibitions.  
  • Important to the Court’s holding was its finding that the code used by the third party to acquire and transmit the contents of the chat communications was not necessarily used to intercept the communications while they were “in transit” but rather to store them after they were received.

In recent years, the “live chat” feature often used on consumer-facing websites has become the subject of lawsuits brought under the California Invasion of Privacy Act (“CIPA”).  In particular, there have been a surge of putative class actions challenging the use of this feature under Sections 631(a) and 632.7 of CIPA, which prohibit wiretapping and eavesdropping on certain communications.

This month, Judge Sunshine S. Sykes of the Central District of California dismissed one such lawsuit at the motion to dismiss phase, holding that the plaintiff had failed to allege any unlawful conduct under CIPA.  Cody v. Boscov’s, Inc., No. 22-cv-01434 (C.D. Cal. May 6, 2024).

The plaintiff alleged that she used her smart phone to visit a website belonging to the department store, Boscov’s, and conducted a brief conversation through the website’s chat feature.  She further alleged that Boscov’s chat feature contained a code that intercepted customer inquiries and rerouted them to computer servers owned and controlled by a separate company, Kustomer, which then stored and used the customer information it gathered for its own purposes.  The plaintiff alleged that this practice violated Sections 631(a) and 632.7 of CIPA.

CIPA Section 631(a) imposes liability on an entity that “intentionally taps, or makes any unauthorized connection . . . with any telegraph or telephone wire, line, cable or instrument of any internal telephonic communication system, or willfully and without the consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report or communication while the same is in transit . . . ” (emphasis added).  The same section also imposes liability on an entity that “aids, agrees with, employs, or conspires with any person or persons” to commit one or more of the aforesaid acts.”

The Court dismissed plaintiff’s claims under Section 631(a) based in large part on its determinations that (i) using a cell phone’s web browser does not constitute a “telephonic communication” and (ii) the alleged code was not necessarily used to intercept customer communications “while”they were “in transit,” rather than to store such communications after they were received by Boscov’s.  The Court’s findings are consistent with other recent decisions coming out of California courts, finding that when a third party is purportedly recording and storing communications, they are operating like a tape recorder utilized by the defendant and therefore an extension of the defendant, as opposed to an eavesdropping “friend against the door.” See, e.g., Licea v. Am. Eagle Outfitters, Inc., 659 F. Supp. 3d 1072, 1083 (C.D. Cal. 2023). 

Separately, the Court also dismissed plaintiff’s claim under CIPA Section 632.7, which imposes liability on an entity that intercepts “a communication transmitted between two cellular radio telephones, a cellular radio telephone and a landline telephone, two cordless telephones, a cordless telephone and a landline telephone, or a cordless telephone and a cellular radio telephone.”  The Court held that although the plaintiff need not identify the exact type of “telephone” the defendant employed, she failed to plead facts to support a “reasonable inference that the defendant used some device that could constitute either a cell phone, cordless phone, or landline phone under the statute.”

While many courts, like this one, have rejected CIPA claims based on website chat features, these decisions have not deterred plaintiffs from continuing to bring these claims, and their case theories will continue to evolve.  To reduce exposure to CIPA lawsuits, it would be prudent for companies that employ a live chat feature on their website to consider:  (i) notifying chat users that their communications may be recorded and shared; and (ii) requesting users consent to record and share their communications before they begin chatting. 

For more background on the current wave of website technology CIPA cases, see our previous blog post: Privacy Class Action Spotlight: Latest Wave of Wiretap Class Actions Continues Despite Dismissals as Plaintiffs Try New Approaches – Insights – Proskauer Rose LLP.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Amy Gordon Amy Gordon

Amy Gordon is an associate in the Litigation Department and a member of the Mass Torts & Product Liability group. Amy’s practice focuses on a wide range of complex civil and commercial litigation matters, including product liability defense, class action defense, privacy and…

Amy Gordon is an associate in the Litigation Department and a member of the Mass Torts & Product Liability group. Amy’s practice focuses on a wide range of complex civil and commercial litigation matters, including product liability defense, class action defense, privacy and data security, and telecommunications disputes. She is also a member of the litigation team representing the Financial Oversight and Management Board in the Commonwealth of Puerto Rico’s bankruptcy proceedings.

In addition, Amy advises clients across industries on economic sanctions and asset forfeiture related issues.

Amy earned her J.D. from the University of Texas School of Law, where she was a Cybersecurity Graduate Fellow and served as Chief Notes Editor for The Review of Litigation. During law school, Amy interned for the Honorable Nicholas G. Garaufis in the United States District Court for the Eastern District of New York.

Photo of Leslie Shanklin Leslie Shanklin

Leslie Shanklin is a partner in the Corporate Department, co-head of the Privacy & Cybersecurity Group and a member of the of the Technology, Media & Telecommunications group.

Leslie’s practice focuses on privacy and data security, delivering comprehensive expertise around data-related risk and…

Leslie Shanklin is a partner in the Corporate Department, co-head of the Privacy & Cybersecurity Group and a member of the of the Technology, Media & Telecommunications group.

Leslie’s practice focuses on privacy and data security, delivering comprehensive expertise around data-related risk and compliance. Leslie provides pragmatic, strategic and tech-savvy legal counsel to clients seeking to realize the essential value of data to their businesses while effectively managing risk and preserving trust. Leslie draws from deep legal, practical and technical expertise gained from leading global privacy teams and operations for multinational companies.

Leslie’s experience includes advising on the legal and risk aspects of data strategy, building and operationalizing data protection compliance programs in all regions of the world, providing strategic legal counsel around data privacy and security issues in commercial transactions, advising on legal aspects of information security risk, compliance and incident response, and advising on federal, state and international regulatory enforcement actions.

Leslie advises clients with a global lens, helping clients craft nimble, risk-based, forward-looking approaches to data management in the rapidly-evolving US and international privacy and information security legal landscape, including:

  • Federal laws such as Section 5 of the FTC Act and FTC rules and guidance, COPPA, VPPA, TCPA, and HIPAA
  • State laws such as the California Consumer Privacy Act (CCPA including CPRA amendments) and the California Medical Information Act (CMIA), as well as various existing and evolving laws in other US states such as Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Iowa (ICDPA), Tennessee (TIPA), Indiana (ICDPA), Montana (MCDPA) and Washington (My Health My Data Act)
  • International law and guidance such as the EU General Data Protection Regulation (GDPR), the ePrivacy Directive, the UK Data Protection Act, Brazil’s General Data Protection Law (LGPD), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)

Leslie is a Certified Information Privacy Professional in the United States (CIPP/US) and Europe (CIPP/E) with the International Association of Privacy Professionals (IAPP). She previously served as Co-Chair of the international Hybrid Broadcast Broadband Television (HbbTV) Association Privacy Task Force.

Prior to joining Proskauer, Leslie led global privacy teams for media and entertainment companies for over a decade and most recently served on the Privacy leadership team for Warner Bros. Discovery.

Photo of Jeff Warshafsky Jeff Warshafsky

Jeff Warshafsky is a partner in the Litigation Department. A versatile commercial litigator and strategic advisor, Jeff specializes in consumer class actions, sports litigation, false advertising, trademark, and other intellectual property disputes.

Jeff defends companies in connection with consumer class actions involving advertising…

Jeff Warshafsky is a partner in the Litigation Department. A versatile commercial litigator and strategic advisor, Jeff specializes in consumer class actions, sports litigation, false advertising, trademark, and other intellectual property disputes.

Jeff defends companies in connection with consumer class actions involving advertising and privacy issues. He has handled dozens of class actions around the country for multinational companies across diverse sectors including consumer product companies, retailers, and sports leagues. Jeff also counsels clients to avoid being targeted in such actions, helps them respond to demand letters from plaintiffs’ counsel, and negotiates resolutions.

Additionally, Jeff represents clients in competitor versus competitor advertising disputes, including in Lanham Act cases and advertising self-regulation disputes before the National Advertising Division and the National Advertising Review Board. He also counsels companies on advertising substantiation issues, with an emphasis on complex scientific testing, such as clinical trials and sensory testing. Jeff regularly advises major sports leagues on complex business disputes.

Jeff maintains a robust pro bono immigration practice, assisting clients with asylum and U-Visa applications and in connection with removal proceedings. In addition to his active practice, Jeff is an editor of and contributor to the Firm’s false advertising blog, Watch This Space: Proskauer on Advertising Law.