Skullcandy Trap and Trace Class Action

Trap and Trace Class Action Against Skullcandy

/in /by

Skullcandy Trap and Trace Class Action

California law firm Tauler Smith LLP has filed a trap and trace class action against Skullcandy. The civil suit, filed in Los Angeles County Superior Court, accuses the headphone technology company of unlawfully sharing customer data with TikTok for the purposes of fingerprinting and de-anonymization. The consumer fraud lawyers litigating the lawsuit have also accused Skullcandy of violating California consumer protection laws by failing to obtain consent from website visitors.

Are you a California resident who visited the Skullcandy website? If so, you might be eligible to join a class against lawsuit against Skullcandy. Contact Tauler Smith LLP for more information.

Skullcandy Headphone Company Accused of Using Trap & Trace Fingerprinting Software

Skullcandy is a company that sells technology products, including headphones, earphones, and Bluetooth speakers marketed to a “youth” demographic, with an emphasis on use during videogaming, snowboarding, and skateboarding. These products are primarily sold in brick-and-mortar retail stores and via the company’s online store.

The legal complaint against Skullcandy alleges that the company’s website installed sophisticated software to de-anonymize website traffic, allowing social media behemoth TikTok access to personal information about otherwise anonymous site visitors. The trap and trace software allegedly runs on virtually every page of Skullcandy’s website, meaning that anyone who visited the site may have unknowingly been the victim of a digital privacy violation. More specifically, the Skullcandy trap and trace software relies on electronic impulses generated from website visitors’ devices. This is allegedly done by Skullcandy in concert with the social media platform TikTok to identify site visitors and gain valuable information about Skullcandy’s target market.

What Is a Trap & Trace Device?

According to California consumer protection law, a trap and trace device is any type of device or process capable of capturing incoming electronic impulses to identify the originating number, dialing, routing, addressing, or signaling information. In other words, it’s a device that can trace the source of an electronic communication. When a company uses one of these devices to obtain customer data without authorization, the act could constitute a very serious violation of California’s Trap and Trace Law and subject the company to fines and other statutory penalties.

Lawsuit: Skullcandy Customer Data Unlawfully Shared with TikTok

According to the class action lawsuit filed in L.A. Superior Court, the Skullcandy website uses software created by TikTok for the express purpose of identifying site visitors. This is accomplished through a process known as “fingerprinting,” which collects extensive data about otherwise anonymous website visitors. The personal information is then matched with existing records that TikTok has already acquired about the millions of Americans who use the popular social media platform. At the same time, TikTok adds the data to their accumulated data about user behavior.

Skullcandy Accused of Violating the California Invasion of Privacy Act

The California Invasion of Privacy Act (CIPA) was enacted to curb the invasion of privacy resulting from use of certain technologies that pose “a serious threat to the free exercise of personal liberties.” The statute applies to the unlawful use of trap & trace software by companies doing business in California and imposes civil liability against businesses that use trap and trace software without first obtaining either direct permission from website visitors or legal permission from a judge via a court order.

According to the class action recently filed against Skullcandy in California court, the company’s trap and trace software begins to collect personal information the moment a user lands on the Skullcandy website. This is done despite the fact that the site features a “cookie banner” which ostensibly would prohibit Skullcandy from gathering customer data until the customer signs off on it. Instead, website visitor data has already been sent to TikTok before the visitor even has a chance to consent.

The personal information gathered by the TikTok trap & trace software includes the following:

  • Device and browser information.
  • Geographic information.
  • Referral tracking.
  • URL tracking.
  • Images of products the user is interested in.

You May Be Eligible to Join the California Trap & Trace Class Action Against Skullcandy

It is a major breach of trust, and violation of California consumer protection law, for a company to use trap and trace software to obtain a website visitor’s phone number or other identifying information. The class action lawsuit recently filed against Skullcandy alleges that the headphone company is collaborating with the Chinese government to obtain personal information from website visitors. Further, the lawsuit alleges that the company is doing this without informing site visitors.

A California resident who visited the Skullcandy website may be eligible to join the class action lawsuit and obtain monetary damages. That’s because California has tough consumer protection laws, and the statutory penalties for violations of Section 638.51 of the California Penal Code in particular are severe. Companies that unlawfully use a trap and trace device can be punished with a statutory penalty of $2,500 for each violation of the law.

Did You Visit the Skullcandy Website? Contact a Los Angeles Consumer Protection Lawyer

If you visited the Skullcandy website, it is possible that your confidential information was unlawfully collected and shared with third parties. The Los Angeles consumer protection attorneys at Tauler Smith LLP are representing plaintiffs in a class action against Skullcandy. Call 310-590-3927 or email us.

C2 Education Trap and Trace Class Action

Trap and Trace Class Action Against C2 Education

/in /by

C2 Education Trap and Trace Class Action

One of the country’s largest tutoring companies has been accused of invading the privacy of customers. The California consumer protection attorneys at Tauler Smith LLP recently filed a trap and trace class action against C2 Education for collaborating with TikTok, the popular but controversial social media platform, by installing a trap & trace device on its website as a means to collect data from consumers. According to the lawsuit, C2 Education has installed a code on their website that automatically sends user details to TikTok. Additionally, the TikTok de-anonymization software secretly installed on the tutoring website makes it possible for the educational services provider to identify site users by using electronic impulses generated from site visitors’ devices. All of these alleged acts constitute clear violations of California’s strong digital privacy laws, which is why the tutoring company now faces a class action lawsuit in federal court.

For additional information about the class action filed against C2 Educational Systems Inc., keep reading this blog.

What Is the Legal Definition of a “Trap and Trace Device”?

Section 638.50(c) of the California Penal Code defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” As set forth by the statute, a company must first get a court order before installing a trap and trace device on a website.

Violations of § 638.50(c), or any other part of the California Invasion of Privacy Act (CIPA), could result in the offender being civilly liable for monetary damages.

Class Action Lawsuit: C2 Education Collected Personal Data of Website Visitors

C2 Education markets itself as the nation’s preeminent tutoring, test prep, and college admissions counseling provider. C2 Education provides online tutoring programs for K-12 students, including standardized test preparations, school subjects tutoring, college admission counseling, and education boot camps. The tutoring company serves more than 25,000 students across the country every year, with services offered both online at the C2 Education website and at brick-and-mortar locations throughout the United States, including California.

As part of its marketing regime, C2 Education has partnered with social media app TikTok to install sophisticated software on the tutoring website’s landing page. This software allegedly allows C2 Education to gain access to very personal information about consumers who happen to land on the site, including the individual’s location, source, and identity.

Is C2 Education Using TikTok to Unlawfully Share Customer Data?

The TikTok de-anonymization software allegedly used by C2 Education is designed for the sole purpose of identifying and capturing the source of incoming electronic impulses, which makes it possible to identify dialing, routing, addressing, and signaling information generated by users of the C2 Education website. Significantly, this software is deployed without consumers’ knowledge or consent.

According to the recent lawsuit filed in U.S. district court, visitors to the C2 Education website are not informed that the site is capturing their personal identifying information. The class action suit also alleges that site visitors are not informed that the company is collaborating with the Chinese government. That’s because C2 Education did not obtain consumers’ express or implied consent to be subject to data sharing with Chinese-owned TikTok for the purposes of fingerprinting and de-anonymization.

“Fingerprinting” Technology

The TikTok software allegedly used by C2 Education collects consumer data via a process known as “fingerprinting.” This means that the software gathers and stores as much data as it can about an otherwise anonymous visitor to the website and then matches it with data that TikTok has already acquired and accumulated about hundreds of millions of Americans who use the social media app.

“Advanced Matching” Technology

The TikTok software, which uses “AutoAdvanced Matching” technology, scans the C2 Education website by running code or “scripts.” When the site user provides personal information – such as name, date of birth, or mailing address – the details are sent simultaneously to TikTok so that the social media provider can isolate with certainty the individual to be targeted.

Tutoring Company Sued for Violating California’s Trap and Trace Law

The invasive TikTok software allegedly runs on every page of C2 Education’s website, making it impossible for site visitors to avoid having their data collected. This means that every time a user clicks on a page, the site instantly sends the communications to TikTok. The social media company then adds the data to their massive collection of user behavior and, in turn, assists C2 Education with targeted marketing while keeping a trove of information for itself. These disturbing acts prompted Los Angeles consumer protection law firm Tauler Smith LLP to file a class action lawsuit against C2 Education in the United States District Court for the Central District of California.

C2 Education’s alleged installation of the TikTok tracing software is a violation of California’s Trap and Trace Law, which is codified as California Penal Code Section 638.51. This is part of the California Invasion of Privacy Act (CIPA), which imposes civil liability and significant statutory penalties against companies that install trap and trace software without either user permission or a court order.

Statutory Penalties

The class action lawsuit against C2 Education seeks multiple forms of relief for plaintiffs, including the following:

  • A court order enjoining C2 Education from continuing its alleged unlawful conduct, as well as an order to disgorge any data already collected through use of the TikTok software.
  • Statutory damages provided by the CIPA, which may include fines of up to $2,500 for each violation of the statute.

Did You Visit the C2 Education Website? Contact a California Consumer Protection Attorney Today

Did you visit the C2 Education website? If you filled out any online forms or provided any personal information to the tutoring company, you may be eligible to join a class action lawsuit to obtain monetary damages. The California consumer fraud attorneys at Tauler Smith LLP are representing plaintiffs who were victims of consumer privacy violations by C2 Education. To learn more, call 310-590-3927 or email us today.

Smashbox Trap and Trace Class Action

Trap and Trace Class Action Against Smashbox Cosmetics

/in /by

Smashbox Trap and Trace Class Action

Tauler Smith LLP recently filed a trap and trace class action against Smashbox Cosmetics, and now the legal action is getting significant press coverage. A recent Law.com article on the Smashbox lawsuit details how the makeup company has been accused of using TikTok’s “trap and trace” software to help the social media platform unlawfully collect and store the confidential information of website visitors. According to the Los Angeles consumer protection lawyers who filed the lawsuit, Smashbox failed to obtain consent from consumers before acquiring their data via a process known as “fingerprinting.” Now, Smashbox has been sued in a California superior court.

Are you a California resident who visited the Smashbox website? To learn whether you might qualify to join the class action suit as a plaintiff, contact us today.

Smashbox Beauty Cosmetics Accused of Using Unlawful Fingerprinting Software

Smashbox Beauty Cosmetics is a cosmetics company that sells primers, foundations, lipsticks, and other types of makeup to consumers both online and in retail stores. The class action lawsuit, which was recently filed in Los Angeles County Superior Court, alleges that Smashbox runs “advanced matching” on its website to scan the site “for recognizable form fields containing phone numbers, email addresses, and other identifying information about customers.”

More specifically, the makeup company is accused of helping TikTok use fingerprinting software to match data from otherwise-anonymous website visitors to existing data that has already been stored by the social media platform. The TikTok app then gathers device and browser information, geographic information, referral tracking, and URL tracking. According to the lawsuit, this is done without users’ consent.

Selling Consumer Data to TikTok?

Smashbox allegedly benefits from the fingerprinting data because TikTok is then able to provide targeted advertisements on the website. Moreover, it is believed by the plaintiffs that Smashbox may be selling this consumer information to other third parties for similar purposes. Depending on the type of information provided on website forms, this could include things like age, gender, race, and even more intimate details about users.

Lead plaintiffs’ attorney Robert Tauler criticized Smashbox for allegedly collaborating with TikTok to collect and share sensitive information about consumers who visit the company’s website. According to Tauler, there are no safeguards in place to protect this information: “TikTok keeps this data for reasons that our leaders believe pose a threat to ordinary citizens.” The dangers of giving Chinese-owned TikTok access to confidential information about Americans have been highlighted in recent months by the National Security Agency (NSA), which has called the social media company “a platform for surveillance”.

CIPA Consumer Privacy Complaint Filed Against Smashbox

A class action complaint has been filed against Smashbox for alleged violations of the California Trap and Trace Law. That law is contained in California Penal Code § 638.51, which is part of the California Invasion of Privacy Act (CIPA).

Los Angeles consumer fraud attorney Robert Tauler, who brought the digital privacy class action on behalf of the plaintiffs, believes that this legal action will send an important message to companies like Smashbox allegedly helping third parties like TikTok collect consumer data without permission. Tauler said that “Smashbox should consider the negative impact their secret and immoral data collection practices are having on society instead of just trying to acquire young customers at any cost.”

Join the Trap & Trace Class Action Lawsuit Against Smashbox

The California Invasion of Privacy Act (CIPA) gives consumer privacy victims the right to sue for financial compensation. In fact, other CIPA complaints alleging trap & trace violations allow for multiple forms of damages to be awarded to successful plaintiffs.

The lawsuit against Smashbox Beauty Cosmetics requests different types of financial compensation for qualifying plaintiffs:

  • Statutory damages pursuant to the California Invasion of Privacy Act (CIPA).
  • Punitive damages to ensure that Smashbox refrains from using trap and trace software in the future.
  • Attorney’s fees and other costs.

Additionally, the consumer privacy class action lawsuit against Smashbox seeks a court order enjoining the company from acquiring and sharing consumer data, as well as an order requiring the company to disgorge all data acquired through the TikTok software.

Did You Visit the Smashbox Website? Contact a California Consumer Protection Attorney Today

If you visited the Smashbox Beauty Cosmetics website and/or filled out any forms on the site, your confidential information may have been unlawfully collected. The Los Angeles consumer protection lawyers at Tauler Smith LLP are currently representing plaintiffs in a class action lawsuit against Smashbox. Call 310-590-3927 or send an email for more information.

Pen Registers

What Are Pen Registers?

/in /by

Pen Registers

A number of recent lawsuits have been filed based on something known as “the pen register theory.” But what are pen registers? One of the surveillance tools commonly used by law enforcement to spy on suspects is the pen register, which allows police to capture phone numbers that were dialed on outgoing calls. Increasingly, these devices are being used by businesses to reveal the content of communications on websites, which poses a very real privacy concern for consumers. Worse yet, many companies with websites are now collaborating with TikTok to identify people who may wish to remain anonymous – exposing confidential information about consumers to third parties without authorization. The good news is that California law protects consumers against invasion of privacy by companies utilizing pen registers and other tracking devices.

To learn more about pen registers and how you can stop companies from using them to unlawfully collect your data, keep reading.

What Is the Definition of a Pen Register?

Both federal and California statutes have defined pen registers in the context of surveillance, especially as it relates to surveillance by law enforcement or other government actors. Recently, the term has been defined in other contexts, including when the devices are used by companies that operate websites targeting consumers.

Generally speaking, a pen register is a device that records any phone numbers that have been dialed from a particular telephone line. In legal cases involving allegations of privacy violations by companies using pen registers, courts have defined a pen register broadly so that it includes programs and software that monitors internet communications.

Differences Between Pen Registers and Trap & Trace Devices

Pen registers differ from trap and trace devices in a significant way: pen registers show the phone numbers that have been dialed by a particular phone, while trap and trace devices show the phone numbers that have called a particular phone. Another way to think of the difference is that pen registers capture data from outgoing communications, and trap and trace devices capture data from incoming communications that identify the originating phone number or geolocation.

Whether the privacy violation involves a pen register or a trap and trace device, the basis for a lawsuit typically remains the same: if a website owner fails to obtain affirmative consent from a site visitor prior to the use of tracking software, it may be a serious violation of California’s consumer fraud and consumer privacy laws such as the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA).

Invasion of Privacy Concerns Raised by Use of Pen Registers and Trap & Trace Devices

The use of pen registers to monitor customers raises concerns about invasion of privacy. Similarly, data sharing via tracking and tracing software can impose significant dangers on web users. For example, one of the major fears with automatic tracking software is that user activity will be tracked across every page on the website, regardless of how private the information might be. This means that highly personal information could be compromised, particularly if a website user is filling out forms on the site.

Pen Register Lawsuits & Trap and Trace Lawsuits in California

The California Invasion of Privacy Act (CIPA) can serve as the basis for a consumer protection lawsuit, particularly when the plaintiff is alleging a digital privacy violation. For a while, the main CIPA claim filed in California courtrooms involved wiretapping lawsuits against companies that violated the privacy rights of website visitors. That’s because this type of unauthorized data collection violated Section 631(a) of the CIPA, which explicitly prohibits third parties from illegal wiretapping or eavesdropping on communications. Recently, however, a lot of CIPA class action lawsuits are being based on either the pen register theory or the trap and trace theory.

When website owners gather data from site visitors without first getting consent, it may constitute a violation of California’s strict privacy laws – specifically Section 638.51 of the California Invasion of Privacy Act (CIPA). This has led to a new wave of CIPA litigation in California courtrooms that involves both pen register claims and trap and trace claims. Many companies that do business in California are now facing class action lawsuits because of the way they use certain analytic tools on their websites. The statutory penalties for violations of the CIPA have proven costly for companies that don’t follow the law – and they have given potential plaintiffs ample reason to talk to a consumer protection attorney about their legal options.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Too many companies in California and elsewhere in the United States are invading the privacy of customers who visit their websites, which in many instances involves data breaches and even the unauthorized sharing of personal data. The California consumer protection lawyers at Tauler Smith LLP represent plaintiffs in class actions and individual lawsuits. We have experience with trap & trace lawsuits and pen register lawsuits. Call us or email us to schedule a free consultation.

Pen Registers vs. Trap and Trace Devices

Pen Registers vs. Trap and Trace Devices

/in /by

Pen Registers vs. Trap and Trace Devices

Invasion of privacy has become a major concern for consumers who frequent websites and make purchases online. That’s because many companies are now using pen registers and trap devices, which may include website cookies, web beacons, script, software code, and other types of software to track user data. While both federal and California law provide strong protections for consumers in these situations, pen registers vs. trap and trace devices is still a distinction that needs to be understood before speaking to a consumer fraud lawyer. What exactly is the difference between a pen register and a trap & trace device? And what legal recourse do you have when a company uses one of these tracking tools to monitor your online activity?

To learn more about the differences between pen registers and trap & trace devices, keep reading this blog.

What Is a Pen Register?

Long before the invention of the internet, pen registers were being used by law enforcement as a crime-fighting tool. A pen register is a physical device that gives government actors the ability to track outgoing phone numbers that have been dialed from a telephone line. If the police suspect illegal activity, they may obtain a court order that allows them to secretly install a pen register on the phone line.

Importantly, courts have ruled that the laws regulating the use of pen registers also extend to online communications. The California Invasion of Privacy Act (CIPA) defines a pen register as “a device or process that records or decodes dialing, routing, addressing or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted.” The types of information commonly collected by pen registers includes phone numbers, email addresses, and internet data such as IP addresses. A pen register does not identify the contents of a communication, which is its main difference from a trap and trace device.

Pen Register Lawsuits in California

Law enforcement has historically used pen traps to record both outgoing and incoming telephone numbers after obtaining a phone-tapping warrant. After the passage of the Patriot Act in 2001, police were able to use the same warrants to monitor Internet communications. Eventually, California lawmakers responded to the increasingly broad government monitoring of American citizens by updating the definition of consumer communications in the California Invasion of Privacy Act (CIPA). This has now prompted many consumers to bring pen register lawsuits against companies that use software to identify website visitors and acquire their personal data.

When a company’s website utilizes certain tools to track interactions and communications with site visitors, it may be a violation of the CIPA. This is especially likely when a website visitor has a reasonable expectation of privacy. As a result, California courtrooms have seen a surge in class action lawsuits filed under a relatively new legal theory: pen register claims and trap and trace claims, both based on the CIPA.

Penalties for Pen Register Violations

When a company uses website session replay software or chatbot features without the consent of site visitors, it may be considered a violation of both federal and California digital privacy laws.

Federal Pen Register Law

Federal law originally addressed pen registers in the Electronic Communications Privacy Act. The statute was later addressed by the USA PATRIOT Act, which was passed in 2001 in response to the September 11 attacks.

California Pen Register Law

California law addresses pen registers in the California Invasion of Privacy Act (CIPA), which imposes statutory penalties of $2,500 for each pen register violation.

Wiretapping Claims vs. Pen Register Claims

California’s consumer privacy laws prohibit companies from recording, transcribing, or otherwise surveilling communications without permission. This is unlawful whether the surveillance involves phones or websites. In the context of websites, wiretapping may involve secretly recording chats that were supposed to remain confidential, or it may involve data acquisition from forms that were filled out by site visitors. The California Invasion of Privacy (CIPA) gives consumers the right to file civil suits when their online conversations have been illegally wiretapped.

Although CIPA wiretapping claims and CIPA pen register claims are similar, there are a few key differences. For instance, a plaintiff bringing a wiretapping claim must show that there was no consent for the monitoring and that their communications were actually captured by the website. By contrast, a plaintiff bringing a pen register claim merely needs to show that the pen register was utilized without either consent or a court order.

What Is the Difference Between Pen Registers and Trap & Trace Devices?

One of the reasons that legal statutes often refer to both pen registers and trap and trace devices in the same sections is that many internet monitoring programs can be utilized to record both incoming and outgoing calls.

Whether the customer information is acquired via pen registers or trap and trace devices, the end result is a serious invasion of customer privacy. The businesses that violate the California Trap and Trace Law often help third parties acquire as much information as possible about website visitors so that the data can then be monetized and sold. That’s why these companies will go to such great lengths to obtain, collect, and organize large pools of data from website visitors without their knowledge or consent.

Talk to a California Consumer Protection Lawyer Today

Tauler Smith LLP is a Los Angeles law firm that represents consumers in both individual lawsuits and class actions across California. Our knowledgeable consumer protection lawyers know how to win pen register lawsuits and trap & trace lawsuits because we have experience with invasion of privacy cases. We will hold website operators accountable for using unauthorized tracking devices on their websites.

Call 310-590-3927 or send an email for a free consultation.

United HealthCare Trap and Trace Class Action

Trap and Trace Class Action Against United HealthCare

/in /by

United HealthCare Trap and Trace Class Action

Los Angeles law firm Tauler Smith LLP recently filed a trap and trace class action against United HealthCare. The national health insurance provider has been accused of collaborating with controversial social media company TikTok to unlawfully collect data from website visitors. These actions would constitute clear violations of the California Invasion of Privacy Act (CIPA), which prohibits companies from using website tracking software to gather personal information about customers. The plaintiffs in the digital privacy class action are pursuing substantial monetary damages for the alleged privacy breaches.

For more information about the lawsuit against United HealthCare, keep reading this blog. And to learn whether you might be eligible to join the class action, contact us directly.

What Is a Trap and Trace Device?

California Penal Code § 638.50(c), which is part of the California Invasion of Privacy Act (CIPA), places considerable restrictions on companies that use trap and trace devices. The statute defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” A person, company, or other entity that wishes to use a trap and trace device must first obtain a court order.

The CIPA, codified as Cal. Penal Code 630, often serves as the basis for lawsuits against companies accused of unlawfully wiretapping or eavesdropping on customer conversations. The statute was enacted for the purpose of curbing the invasion of privacy that often results from the use of certain technologies that pose a threat to the free exercise of personal liberties. The CIPA extends civil liability for surveillance that uses technology generally, and the Trap and Trace Law specifically imposes civil liability and statutory penalties against companies that unlawfully install pen registers or trap and trace software without first obtaining a court order.

Consumer Protection Class Action Filed Against United HealthCare

The recent consumer protection class action lawsuit involving the trap and trace law was filed in the Los Angeles County Superior Court. The defendant in the case is United HealthCare Services, Inc., a private insurance company that provides health insurance plans to consumers. According to the lawsuit, United HealthCare installed a data collection process on its website, https://www.uhc.com, for the purpose of tracking and tracing the identity and source of visitors to the site. United HealthCare allegedly worked with scandal-ridden social media company TikTok to unlawfully share the customer data.

“Fingerprinting”

The software that United HealthCare installed on its website was created by TikTok for the purpose of identifying site visitors. The TikTok software on the United HealthCare website runs code via a process known as “fingerprinting” that enables the company to collect as much data as it can about anonymous site visitors, including device and browser information, geographic information, and URL tracking. This information is then matched with existing data that TikTok has previously acquired from hundreds of millions of Americans who use the social media platform.

Similar allegations of unlawful data collection in collaboration with TikTok have been made in other trap & trace class action lawsuits recently filed in California courts.

“Advanced Matching”

United HealthCare has also been accused of using trap and trace devices to help TikTok collect website visitor information via a process known as “Advanced Matching.” This is a feature that allows TikTok to scan the website for recognizable form fields containing confidential customer information, such as email addresses, phone numbers, and routing information.

Class Action Lawsuit: United HealthCare Surveilled Website Visitors Without Consent

Visitors to the United HealthCare website have a reasonable belief that their web activity will be secure because the website intake page informs users that the information they share is “secure.” But the California class action lawsuit against the health care provider alleges that this is false: customers’ personal information and activity on the site is scanned and sent to TikTok so that its source can be identified through fingerprinting and deanonymization. The lawsuit accuses United HealthCare of giving TikTok access to consumer data without obtaining express or implied consent.

TikTok’s “Best Practices” Policy

Alarmingly, TikTok allegedly has a “best practices” policy encouraging companies like United HealthCare to capture this customer data “as early as possible” and “as frequently as possible.”  The class action lawsuit filed in the L.A. County Superior Court accuses United HealthCare of following TikTok’s best practices to help the social media company gather customer information as soon as a user visits the website: code on the site automatically sends information to TikTok to match the user with TikTok’s fingerprint.

By definition, there is no way for a site visitor to consent to the tracking of their activity because the TikTok software is deployed automatically when a user lands on the United HealthCare website. Site visitors have no way of knowing about the trap and trace devices, and United HealthCare does not even attempt to obtain visitors’ consent.

United HealthCare Accused of Unlawfully Sharing Customer Data with TikTok

Digital privacy is a growing concern for many Americans, particularly as more and more companies commit consumer fraud. One of the most troubling allegations against United HealthCare in the recent trap and trace lawsuit is that the company may be helping TikTok acquire personal information about website visitors. TikTok is owned by the Chinese government, and there are serious concerns that the social media company may be sharing user data with an adversarial foreign country. In fact, the U.S. Congress recently passed legislation that would require TikTok to be sold to a different entity or face a permanent ban in the United States. Additionally, the director of the National Security Agency (NSA) has identified TikTok as “a platform for surveillance” that poses a possible cybersecurity risk to the country.

The class action lawsuit against United HealthCare highlights a major problem with data collection on the United HealthCare website: user data is allegedly being shared with third parties who have the ability to harm California citizens through data aggregation. Moreover, the fact that this is a healthcare provider means that vulnerable American citizens could be targeted based upon their specific medical issues and uninsured status.

Plaintiffs Seek Monetary Damages for Violations of California’s Trap & Trace Law

The class action lawsuit against United HealthCare accuses the healthcare provider of violating California’s Trap and Trace Law. If United HealthCare is found liable in the civil suit, plaintiffs who visited the company’s website may be eligible for substantial monetary damages. That’s because the California Invasion of Privacy Act (CIPA) imposes both statutory damages meant to compensate victims and punitive damages meant to discourage future violators. The law also allows for successful plaintiffs to recover reasonable attorney’s fees and costs.

Did You Visit the United HealthCare Website? Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Did you visit the United HealthCare website and fill out any forms or provide any personal information? If so, you may be eligible to pursue monetary damages for an invasion of privacy violation. That’s because United HealthCare has been accused of using trap & trace technology to help third parties unlawfully collect the confidential information of website visitors.

The California consumer protection lawyers at Tauler Smith LLP are representing plaintiffs in a class action lawsuit against United HealthCare. For more information, call 310-590-3927 or email us.

California Trap and Trace Law

California’s Trap and Trace Law

/in /by

California Trap and Trace Law

California’s trap and trace law protects consumers against the unauthorized tracking of their activity online. For law enforcement, securing a court order to intercept communications is difficult because there are strict limitations on this type of activity. Yet, for companies with websites, it has become far too easy to acquire customer data in the same invasive manner without any authorization or consent. Moreover, once a company has acquired certain information about a user, the company might try to use that information to deliver targeted advertising. In some cases, the customer data might even be sold to a third party. A qualified consumer fraud lawyer can help individuals better understand the nature of the protections provided by California’s consumer privacy laws.

The installation of tracking and tracing software on a website may be a violation of the California Trap and Trace Law. To learn more, keep reading.

What Is a Trap & Trace Device?

The California Invasion of Privacy Act (CIPA) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing or signaling information reasonably likely to identify the source of a wire or electronic communication.”

Trap and trace devices differ from wiretaps because they do not capture the content of communications in real time. Instead, a trap and trace device enables the collection of very particular information from a website visitor: the dialing, routing, addressing, or signaling information (also known as DRAS).

How Do Companies Use Trap and Trace Technology to Collect Consumer Data?

Website tracking software may permit companies to gather identifying information about website visitors, such as their phone number and email address. Tracking devices can also be used to gather other personal information about website users, including device and browser information, geographic information, referral tracking, and URL tracking.

How can trap and trace technology be used to identify the source of an electronic communication? One way that a trap and trace device might work is to capture incoming electronic impulses that identify the dialing, routing, addressing, and signaling information generated by website visitors. For example, as detailed in a recent digital privacy class action complaint against United HealthCare, website users might be asked to provide personal information like their gender, birthday, zip code, and tobacco use history. This data could then be scanned and sent to a third party like TikTok for deanonymization. Significantly, website visitors are never informed that the company is collaborating with a third party to collect customer data.

Tracking Software Is Deployed Automatically and Without Consent

When a company utilizes technology to track the interactions of website visitors, the company must first obtain a court order to do so. In many cases, however, companies do not get a court order to use trap and trace technology on their websites. In fact, the tracking & tracing software is often installed on certain companies’ websites and then deployed automatically: the software may start gathering personal information about users the moment they land on the site. This means that a user’s web activity is tracked before the user even has an opportunity to consent by “accepting cookies” or “managing preferences” on the website.

There are significant privacy concerns raised by the use of trap and trace technology on websites. The truth is that the personal information revealed by internet communications can be far more revealing than the same type of information captured by phone dialing information. That’s because when a trap and trace device captures a person’s internet addressing data, it may also reveal other important aspects of their communications, including geolocation data, purchase history, and other personal information. Moreover, a record of which website URLs a person visited on a website could be used to precisely identify the content of communications on the site.

Companies Accused of Selling Confidential Customer Data to TikTok and Other Third Parties

Companies as diverse as United HealthCare, WebMD, Smashbox, and DraftKings have been sued in recent months for alleged violations of California’s Trap and Trace Law. Many of the companies that utilize and deploy computer software on their websites attempt to make money by selling ads, and this is easier to accomplish when they are able to identify users who can then be commoditized and sold to the highest bidder.

Multiple trap & trace class action lawsuits have been filed against businesses accused of working with social media company TikTok to “fingerprint” website visitors so that their personal information can be collected and shared. For example, one type of trap & trace software allegedly utilized by TikTok allows companies to collect extensive data about anonymous website visitors and then match it with existing data that the social media platform has already acquired and accumulated about hundreds of millions of Americans. The technology can reportedly reconstruct a user’s identity, which then gives companies the ability to use the data to run advertising campaigns targeting the user.

CIPA Section 638.51: California Trap & Trace Law

As more and more websites have begun using technology to track site visitors, the number of lawsuits challenging this kind of technology has risen. Some California class action plaintiffs have started to file consumer protection lawsuits based on the trap and trace device theory, with dozens of lawsuits being filed in California state and federal courts over the last year. That’s because § 638.51 of the California Invasion of Privacy Act (CIPA) limits the ways in which companies can gather information about website users.

The statute that addresses trap and trace devices is broadly worded so that it applies to any device meant to locate a person, including websites. This means that a lot of individuals may qualify to join a class action lawsuit against companies that use these types of devices to acquire personal information about website visitors.

Class Action Lawsuits

Sections 631(a) and 632.7 of the California Invasion of Privacy Act (CIPA) specifically prohibit companies from wiretapping or eavesdropping on conversations with customers, and courts have extended these protections to consumers who visit websites. With respect to trap and trace class actions brought under the CIPA, federal courts have held that the law also applies to Internet communications. As a result, a number of lawsuits are now being filed under Section 638.51 of the consumer privacy statute.

Statutory Penalties

Each trap and trace violation carries a statutory penalty of $2,500, which serves as a strong deterrent for companies that operate websites targeting consumers in California.

Pen Register Lawsuits in California

Another type of legal claim filed under California Penal Code § 638.51 is a consumer protection lawsuit alleging privacy violations based on the pen register theory. The law explicitly prohibits anyone from using a pen register without first getting a court order.

A pen register is a physical machine commonly used by law enforcement to trace signals from someone’s phone or computer. In the context of a website, pen registers can be utilized to identify a website user’s location, browsing history, and purchase history. Pen registers track the phone numbers dialed from a particular phone line; by contrast, trap & trace devices track the numbers of incoming calls to a phone line. Importantly, trap and trace devices can also be utilized to identify the content of online communications, such as website forms that are completed by site visitors.

Call the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Did a website track your personal information without consent? If so, you may be eligible to file a trap & trace lawsuit to recover statutory damages. The Los Angeles consumer protection lawyers at Tauler Smith LLP have experience handling consumer class action complaints filed in both federal and state courtrooms. Call 310-590-3927 or email us now for a free consultation.

Walgreens Consumer Class Action Lawsuit

Consumer Class Action Complaint Against Walgreens

/in /by

Walgreens Consumer Class Action Lawsuit

Tauler Smith LLP recently filed a consumer class action complaint against Walgreens because the retail behemoth is allegedly selling Phenazopyridine Hydrochloride (Phenazo), an unapproved over-the-counter UTI drug, to unsuspecting customers in violation of California’s consumer protection laws. The class action suit, which was filed in federal court in California, alleges that Walgreens uses misleading advertising to deceptively sell Phenazo to treat urinary tract infections even though the drug is unsafe, ineffective, and unlawful to market to consumers.

For more information about the Walgreens UTI drug lawsuit, keep reading this blog.

What Is the FDA Approval Process for Over-the-Counter Drugs?

The U.S. Food and Drug Administration (FDA) regulates the safety and effectiveness of prescription and nonprescription drugs sold in the United States. Before over-the-counter drugs like Phenazo can be sold to consumers, they must be approved by the FDA. This can happen in one of two ways:

  1. The drug goes through the standard FDA approval process, which involves submitting a New Drug Application (NDA).
  2. The drug receives a drug monograph.

A drug monograph is a process that drug manufacturers can utilize to get their products approved for specific therapeutic uses in a particular category. In other words, a drug monograph is a way around the requirement for FDA approval as a finished drug.

New Drug Applications

Under authority granted by the Federal Food, Drug, and Cosmetic Act (FDCA), the FDA typically requires drug manufacturers to submit a New Drug Application (NDA) or an Abbreviated New Drug Application (ANDA) and provide clinical trial data to demonstrate the safety of a new drug before they can market it as a finished drug product.

When the FDA requested data on the safety and efficacy of all OTC urinary antiseptics/analgesics not yet reviewed by the FDA, the request included Phenazopyridine Hydrochloride (Phenazo). In this notice, the FDA stated that Phenazo had not been the subject of an approved NDA, meaning that the UTI drug’s safety was not demonstrated to the satisfaction of the federal regulatory agency.

OTC Drug Monographs

An OTC drug monograph allows drug manufacturers to lawfully market certain over-the-counter drugs based on the safety of a drug’s active ingredients. The monograph process involves a “rule book” that defines specific conditions under which an OTC drug may be considered safe and effective in a given therapeutic category. Under this approach, a manufacturer does not need FDA approval to bring the nonprescription drug to market because only certain ingredients are being marketed as safe for a particular use within a particular therapeutic drug category.

What Is Phenazopyridine?

Phenazopyridine Hydrochloride (Phenazo) is an over-the-counter drug used to treat symptoms of urinary tract infection (UTI), including urinary pain, burning, and discomfort. UTI is a medical condition that disproportionately impacts women, particularly women in underserved communities.

Millions of Americans trust pharmacies to sell them safe, effective, and lawful remedies for their illnesses, including urinary tract infections. For these consumers, pharmacies are the primary point of purchase for over-the-counter drugs, as well as the primary source of information for over-the-counter medications. Reliance on OTC medications is heightened in underprivileged communities where residents are more vulnerable to illness and health concerns due to lack of access to medical care.

Phenazo is marketed and advertised as a drug for urinary tract infections – but the UTI drug has not been approved by the FDA, which means that stores like Walgreens should not be selling it as an over-the-counter treatment.

Walgreens Sued for False Advertising of UTI Drug Phenazo

Argueta v. Walgreens Co. is a high-profile consumer class action lawsuit against the Walgreens Company, which operates the second-largest pharmacy store chain in the United States. The lawsuit, which was filed in the U.S. District Court for the Eastern District of California, accuses the pharmacy of unlawfully selling Phenazopyridine Hydrochloride (Phenazo) over the counter and marketing the misbranded drug as a finished drug product called “Urinary Pain Relief.”

The Walgreens class action alleges that Phenazo has never been approved by the FDA under the NDA/ANDA process, nor has Phenazo ever been brought to market under an established OTC drug monograph. In other words, the drug is allegedly being marketed and sold by Walgreens in violation of California consumer fraud laws.

Walgreens Accused of Violating California’s Unfair Competition Law (UCL)

Walgreens has been accused of violating California’s Unfair Competition Law (UCL) by selling the unapproved OTC drug Phenazo. The UCL is a far-reaching consumer protection statute that applies to many different kinds of unethical business practices, including hidden shipping insurance surcharges, false reference pricing, and deceptive advertising of over-the-counter drug products. The statute explicitly prohibits any “unlawful, unfair or fraudulent business act or practice,” as well as “unfair, deceptive, untrue or misleading advertising.” The basis for the class action lawsuit against Walgreens is that the pharmacy allegedly sells the Phenazo product in a manner that is likely to deceive the public about whether the drug is approved by the FDA and therefore lawful to sell over the counter.

Importantly, the UCL is a strict liability statute. This means that the plaintiff in a UCL claim does not need to show that the defendant intentionally or negligently engaged in fraudulent business practices; all that is needed is a showing that the unfair practice or act occurred. In other words, anyone who purchased an over-the-counter UTI drug product from Walgreens may be entitled to multiple forms of compensation, including restitution, statutory damages, and punitive damages.

Did You Purchase a UTI Drug at Walgreens? Call the California Consumer Protection Lawyers at Tauler Smith LLP

The California consumer protection lawyers at Tauler Smith LLP have filed a class action lawsuit against Walgreens over the sale of Phenazopyridine as an over-the-counter treatment for urinary tract infections. The proposed class of consumers eligible for the lawsuit includes anyone who purchased the Walgreens UTI product in California during the last four (4) years.

Call 310-590-3927 or email us to schedule a free consultation.

Tony Robbins CIPA Lawsuit

CIPA Lawsuit Against Tony Robbins Company

/in /by

Tony Robbins CIPA LawsuitA CIPA lawsuit against the Tony Robbins Company was recently filed in a California superior court. The self-help business has been accused of secretly wiretapping the communications of website users in violation of the California Invasion of Privacy Act, or CIPA. Beyond that, the company has been accused of allowing third parties to use digital surveillance tools to monitor user behavior and eavesdrop on visitor conversations without express or implied consent, which is also a violation of state consumer privacy laws.

To learn more about the class action complaint against the Tony Robbins Company, keep reading.

Class Action Complaint Against Robbins Research International

The defendant in the invasion of privacy case is Robbins Research International, Inc., which operates www.tonyrobbins.com. This is the official website of Tony Robbins, a celebrity self-help guru. Consumers in California and elsewhere access the website to purchase books, programs, and tickets to events on how to master all aspects of their lives.

The case, Haviland v. Robbins Research International, Inc., is being heard in the Los Angeles County Superior Court. The class action complaint alleges violations of the California Invasion of Privacy Act (CIPA), including illegally wiretapping internet communications, as well as aiding, abetting, and paying third parties to eavesdrop on internet conversations.

Illegal Wiretapping

The defendant has been accused of surreptitiously implanting code the Tony Robbins website that allows for the unauthorized recording of private conversations. The civil suit also alleges that the website code allows for the creation of transcripts of these conversations with site visitors. Both acts are violations of the California Invasion of Privacy Act (CIPA), which requires companies to obtain permission from customers before recording online conversations.

Due to the nature of the defendant’s business, customers who use the Tony Robbins website often disclose sensitive personal information via the website chat feature. This information goes beyond mere “record information” like the user’s name and address; it includes confidential information such as the user’s IP address, geolocation information, browsing history, and search history. The data collected by the defendant could enable the creation of detailed profiles about individuals for the purpose of delivering targeted advertisements specifically tailored to their personal interests. Significantly, the data collected from customers who use the website chat feature is allegedly harvested without consent.

Tony Robbins Company Accused of Sharing Customer Data with Third Parties

One of the major allegations in the civil suit against Robbins Research International is that the company allows a third party to collect a bevy of personal information from website visitors without their consent or knowledge. According to the complaint, the Tony Robbins company has entered into financial agreements with a third-party company, UserWay, to embed code into the website’s chat function. This code allegedly enables UserWay to covertly intercept and monitor the chat conversations in real time without the knowledge or consent of site visitors. In other words, the chats that users believe are taking place on the Tony Robbins website are actually occurring on UserWay.

According to the lawsuit, the company’s website privacy policy never discloses to users that the company can share and sell site visitors’ personal information to third parties. The unauthorized sharing of users’ personal information with third parties is a clear violation of the California Invasion of Privacy Act (CIPA). Moreover, the defendant’s alleged behavior is particularly egregious because website users have a reasonable expectation of privacy when they use a seemingly harmless chat box feature on www.tonyrobbins.com.

Customer Data Exposed

The defendant’s actions leave consumers exposed to significant privacy risks because their personal information is allegedly shared with a wide range of entities – and without any clear limitations or safeguards on how that personal information may be used.

Additionally, the lawsuit raises serious concerns about whether this digital privacy violation could further compromise the privacy and control of users’ information by opening the door for the dissemination of personal data to other entities for cross-context behavioral advertising purposes. This kind of invasive practice could subject users to relentless advertising campaigns across multiple platforms – without their consent or knowledge.

How Companies Violate the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act (CIPA) explicitly prohibits both wiretapping and eavesdropping of electronic communications unless all parties to the communication have first provided consent. Most website operators comply with these legal requirements by conspicuously warning visitors if their conversations will be recorded or if any third parties will be eavesdropping on them.

The invasion of privacy law is written in terms of wiretapping, with language barring companies from using a “machine, instrument, or contrivance” to illegally record and eavesdrop on conversations. But it is important to note that courts have found that Cal. Penal Code § 631(a) applies to internet communications. This means that any company that attempts to learn the contents of a website communication without the consent of all parties can be sued for violating the law.

The specific part of the digital privacy statute that Robbins Research International has been accused of violating is Section 631(a), which imposes liability on companies that invade the privacy of consumers. Section 631 is technically a criminal statute, but it does provide a mechanism for victims to bring a civil lawsuit and recover monetary damages.

Call the Los Angles Consumer Protection Attorneys at Tauler Smith LLP

The consumer protection lawyers at Tauler Smith LLP are representing California residents in a class action lawsuit against Robbins Research International. If you visited the Tony Robbins website and used the chat feature, you may be eligible to join the class action complaint. Call 310-590-3927 or email us today to schedule a free consultation.

CPRA Consumer Rights

Consumer Rights Protected by the CPRA

/in /by

CPRA Consumer Rights

When the California Privacy Rights Act (CPRA) was approved by California voters in the 2020 election, it greatly expanded the privacy protections afforded to consumers. The new law also increased the data security obligations of companies operating in the state. The consumer rights protected by the CPRA are important because they address the kind of digital privacy concerns that are prevalent at a time when businesses have access to an unprecedented amount of personal information about customers. When a company violates the CPRA by failing to protect consumer data, they may be subject to substantial fines and exposed to civil liability.

To learn more about how the California Privacy Rights Act protects consumer privacy rights, keep reading.

What Consumer Privacy Rights Are Protected by the CPRA?

The California Privacy Rights Act (CPRA) was intended to strengthen consumer privacy laws already in effect, such as the California Consumer Privacy Act (CCPA). The idea was to protect California residents against invasions of privacy and data breaches when making purchases from businesses or when communicating with businesses online. The statute does this by strengthening consumer rights that existed under the CCPA and by creating new rights that did not previously exist.

These are the existing consumer rights that the CPRA strengthened:

  1. The right to know about any personal data that has been collected by companies.
  2. The right to delete any personal data that has been collected.
  3. The right to opt out of the sale or sharing of personal data with third parties.
  4. The right to be free from discrimination or retaliation for having exercised any of these consumer rights.
  5. The right to bring a private civil action against companies that fail to protect consumers’ personal information against unauthorized access or data breaches.

Additionally, the CPRA created two (2) entirely new consumer privacy rights:

  1. The right to correct personal information that is inaccurate.
  2. The right to limit how “sensitive personal information” is collected, used, and disclosed.

Consumer Right to Correct Inaccurate Personal Data

Under the CPRA, consumers now have the right to request that a business correct any collected information that is inaccurate. Moreover, this right must be disclosed to consumers in a company or website privacy notice. After a consumer has requested that certain information be corrected, the company must use “commercially reasonable efforts” to make the correction.

Consumer Right to Opt Out of Sharing Personal Data

Data privacy was a major focus of lawmakers when the California Consumer Privacy Act (CCPA) was enacted, but the statute may not have gone far enough. While the CCPA gives consumers the right to opt out of the sale of their personal information to third parties, the CPRA gives consumers the same right with respect to the sharing of personal information. Significantly, this consumer privacy right may be exercised regardless of whether the data is being shared for a monetary benefit.

It should also be noted that the data privacy law requires businesses to inform consumers of this right directly on the company website’s homepage. The business must include a conspicuous link with the title “Do Not Sell or Share My Personal Information,” which the consumer can click on to exercise their opt-out right.

New Obligations for Businesses Under the California Privacy Rights Act

The California Privacy Rights Act (CPRA) also increased requirements on businesses to protect the sensitive personal information of consumers against data breaches or other invasions of privacy. For example, businesses are now prohibited from maintaining customers’ personal data for any longer than absolutely necessary.

The CPRA also increased the penalties that companies can face for consumer privacy violations. The statutory fines start at $2,000 for each violation, and they can go as high as $7,500 for a willful violation. Beyond that, the maximum fines can be tripled when the violation involves a child under the age of 16. If a company wants to collect the personal data of consumers under 16 years of age, the young consumer must expressly consent to it. If the consumer is under the age of 13, a parent or guardian must first provide permission before a company can collect personal data.

Additionally, civil penalties may be imposed when the violation involves the theft of customer login information. This means that businesses that expose customer data to a data breach are subject to a lawsuit with significant damages.

Tauler Smith LLP Protects Consumer Privacy Rights in California. Call Us Today.

California law places clear limits on how businesses may use customer information collected during a transaction or website visit. The Los Angeles consumer privacy attorneys at Tauler Smith LLP understand the law and how it protects consumers against unlawful invasion of privacy. We represent plaintiffs in both individual lawsuits and class action lawsuits when a company illegally monitors, collects, shares, or sells a customer’s personal data without permission.

Call 310-590-3927 or send an email to talk to one of our skilled attorneys and explore your legal options.