Key Takeaways:

  • The Ninth Circuit court of appeals reviewed three separate proposed class actions against Papa John’s International Inc., Converse Inc., and Bloomingdale’s, all centered on whether certain website tracking activities violated the California Invasion of Privacy Act (CIPA).
  • The plaintiffs in these cases alleged that companies unlawfully used technologies like “session replay” software and chatbots to monitor website visitors’ interactions, intercepting their information and transmitting it to third parties without consent, thereby violating CIPA Section 631.
  • The court assessed how CIPA, an older wiretapping law, applies to modern website tracking like session replay and chatbots, focusing on definitions of “interception” and “contents.”

Key Takeaways

  • In a recent decision by the Ninth Circuit in Briskin, the court ruled that e-commerce platform Shopify purposefully directed its conduct toward California because of its nationwide operations, rejecting the need for differential targeting of a forum state.
  • Notably, the court found a direct causal nexus between Shopify’s conduct and Briskin’s claims, deeming an exercise of specific jurisdiction over Shopify in California fair and reasonable.
  • Legal scholars are concerned that the decision could broadly expand the scope of specific personal jurisdiction and increase litigation risks for online platforms.
  • Companies should reassess their data practices and anticipate forum shopping by plaintiffs following Briskin.
  • Over a hundred cases are pending from the wave of privacy class actions that commenced last year alleging violations of state wiretap statutes based on use of website session replay, chatbot and pixel technologies.
  • Plaintiffs’ firms are continuing to file new cases based on chatbot and pixel tech despite an increasing number of dismissals while also trying new approaches focused on email marketing tech and identity graphing.

Judge Jeffrey White of the Northern District of California recently dismissed a putative class action lawsuit in which plaintiffs claimed they faced an imminent threat of future of harm in the form of identity theft and fraud because their personal information, specifically their driver’s license numbers, may have been compromised

In a recent decision, the Ninth Circuit held that “the ECPA unambiguously applies to foreign citizens.” In Suzlon Energy Ltd. v. Microsoft, Suzlon Energy demanded Microsoft to produce emails from the Hotmail email account of an Indian citizen imprisoned abroad. The district court held that the Electronic Communications Privacy Act (“ECPA”) prohibited Microsoft from producing the documents even though the individual was not a U.S. citizen. The Ninth Circuit affirmed.

In an important decision for employers, the U.S. Supreme Court unanimously overturned a decision by the U.S. Court of Appeals for the Ninth Circuit in a case involving an employee’s assertion that a government employer had violated the Fourth Amendment by unreasonably obtaining and reviewing personal text messages sent and received on employer-issued pagers. The decision, a victory for employers, provides helpful guidance for management of electronic communication systems and workplace searches. Read this alert to learn more about the decision and how it may affect you.

On May 28, 2010, in an unpublished decision, the U.S. Court of Appeals for the Ninth Circuit affirmed the California district court’s dismissal of a class action lawsuit against retailer Gap, Inc. because, among other things, the plaintiff failed to show that the loss of his personal information harmed him in a legally cognizable way. The Ninth Circuit’s decision echoes those issued in every “identity exposure” lawsuit to date: an increased risk of identity theft does not a lawsuit make!