Peachybbies Consumer Privacy Lawsuit

CIPA Claim Against Peachybbies Can Proceed

/in /by

Peachybbies Consumer Privacy Lawsuit

A California court recently ruled that a trap & trace CIPA claim against Peachybbies can proceed. The Plaintiff, a California consumer, alleged that Peachybbies violated the California Invasion of Privacy Act (CIPA) by installing TikTok Software on its website to track and intercept the personal information of website visitors without their consent. This data was then allegedly shared with TikTok, the Chinese-owned social media platform. While the Defendant attempted to get the case dismissed at an early stage, the Los Angeles County Superior Court has now ruled that the invasion of privacy lawsuit may move forward.

For more information about the ongoing trap and trace complaint against Peachybbies, keep reading this blog.

Peachybbies Accused of Wiretapping Violations of the California Invasion of Privacy Act (CIPA)

Peachybbies Slime, LLC is a popular online platform specializing in handcrafted, sensory-focused slime products marketed to both kids and adults. The company’s website is playfully called the Peachybbies Slime Shop, and visitors can purchase slime products directly from the site. Customers can make one-time purchases, or they can commit to subscription services through the site.

Invasion of Privacy Lawsuit

The Plaintiff, a California consumer, alleged that Peachybbies violated the California Invasion of Privacy Act (CIPA), codified in Cal. Penal Code Section 631. Specifically, the Plaintiff alleged that Peachybbies committed a wiretapping violation of the privacy statute by using TikTok software to track website visitors’ activity on the company’s online “Slime Shop.”

The civil suit against Peachybbies alleges that the company has partnered with TikTok to install sophisticated software on its website landing page. This software, created by TikTok, can be used to learn the location, source, and identity of consumers who happen to land on the Peachybbies website.

Digital “Fingerprinting” Violations

According to the lawsuit, the TikTok Software embedded on the Peachybbies website acts via a process known as “fingerprinting” to collect information from anonymous visitors. Once site visitors are unmasked and identified, their private information could be used for vague “marketing and surveillance reasons.”

Importantly, this personal information is collected the instant a visitor lands on the Peachybbies website, and this data collection continues as the user clicks through the website. This means that anyone who visits the Peachybbies website would have no opportunity to provide consent for the collection of their personal data, nor would they have a chance to consent to the sharing of their data with TikTok.

What Type of Personal Data Is Peachybbies Accused of Collecting from Website Visitors?

Peachybbies has been accused of using “fingerprinting” software to collect website visitors’ personal data. While Peachybbies tried to claim that they did not collect the usernames or passwords of website visitors, the Plaintiff emphasized that the Peachybbies website has embedded powerful fingerprinting software – the TikTok Software – on its website to immediately intercept electronic signals from site visitors’ devices. This private information could include:

  • Geographic information
  • Browser history
  • Images of the visitor
  • Age
  • Date of birth
  • Phone number
  • Physical address

The type of information allegedly collected by the Defendant goes far beyond basic information such as an IP address.

Moreover, once this private information is collected by the Defendant, it is then transmitted to TikTok’s servers without user consent: data collection that is far more extensive and intrusive than a mere IP address. After the personal information of site visitors is shared with TikTok, users can potentially be identified by cross-referencing TikTok’s vast database of information on hundreds of millions of Americans.

California Court Ruling: Peachybbies May Have Unlawfully Used a Trap & Trace Device to Monitor Consumers

The digital privacy lawsuit against Peachybbies is being adjudicated in the Superior Court of the State of California, County of Los Angeles. The Defendant filed a demurrer action seeking to get the trap & trace complaint dismissed for failure to state facts sufficient to state a cause of action. The Defendant made several arguments in support of its demurrer:

  1. There would be public policy concerns if every website was subject to the protections afforded by California’s consumer privacy laws.
  2. There is a conflict between two different privacy laws: the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA).
  3. The Plaintiff does not have standing to sue because she did not allege a specific injury.
  4. The CIPA does not apply to internet communications.

All of these arguments were rejected by the Los Angeles County Superior Court, which overruled the Defendant’s demurrer and ruled in favor of the Plaintiff. The court stated that, for pleading purposes, “the complaint sufficiently establishes the use of a trap and trace device” by Peachybbies.

This is another major courtroom victory for Tauler Smith LLP because it means that the online consumer privacy lawsuit against Peachybbies may now proceed.

Public Policy Supports California Invasion of Privacy Claim Against Peachybbies

In its demurrer motion, the Defendant attempted to argue that the California Invasion of Privacy Act (CIPA) was originally passed as a way to protect individuals against government surveillance. This would mean that the CIPA only applies to “peace officers” who intercept communications, not the parties to the communications themselves. According to the Defendant, any attempt to expand the reach of the Trap & Trace Law to protect consumers against unlawful monitoring and surveillance by businesses would be too sweeping and essentially impose civil liability on every website, especially online e-commerce stores.

In response, the Plaintiff reiterated that the TikTok Software embedded on the Peachybbies website collects data that goes well beyond the type of data required for the ordinary operation of a website.

The Superior Court of Los Angeles County agreed with the Plaintiff. The court declared that, at the pleading stage, “it may be inferred that the Plaintiff is asserting a legitimate privacy violation as opposed to challenging basic website functions.”

California Invasion of Privacy Act (CIPA) Applies to Alleged Consumer Privacy Violations by Peachybbies

The Defendant claimed that the use of TikTok Software by Peachybbies to monitor website visitors was done solely for the purpose of “tracking the effectiveness of their marketing efforts,” including optimizing advertising campaigns and understanding consumer behavior. Since these types of tracking technologies are regulated by the California Consumer Privacy Act (CCPA), argued the Defendant, consumers are already protected: the statute requires businesses to provide clear notice, disclose the categories of personal information collected, and offer consumers the right to opt out of the sharing of their personal data. It is this internet-specific privacy law, said the Defendant, that should apply in the case, not the more far-reaching California Invasion of Privacy Act (CIPA).

In response, the Plaintiff first noted that Peachybbies was distorting the statutory text of both the CIPA and the CCPA. According to the lawsuit, the TikTok Software collects personal data that goes much further than basic analytics because the code embedded on the Peachybbies website captures and transmits signals to TikTok’s servers for the purpose of user identification and behavioral profiling. In its ruling on the demurrer, the Los Angeles County Superior Court noted the Plaintiff’s allegation that “this level of data transmission is not necessary for basic website functionality.”

There Is No Conflict Between CIPA and CCPA Privacy Laws

With respect to any potential conflict between the CCPA and the CIPA, the court rejected the Defendant’s contention that the CCPA should apply in the case instead of the CIPA’s Trap and Trace Law. That’s because the CCPA regulates what companies do after information is collected, while the CIPA governs how such information is obtained in the first place. The two privacy laws actually work in tandem, and the CCPA certainly does not curtail or limit the application of the CIPA in this case.

Moreover, even if the statutes were in conflict, the law that affords the greatest protection for consumer privacy rights would be the controlling law. In this case, the CIPA provides the strongest privacy protection because the TikTok Software used by Peachybbies begins to collect personal data the moment a user lands on the site – and before the user has any chance to read or act on a privacy policy or opt-out.

Once again, the Superior Court of Los Angeles County agreed with the Plaintiff. In its ruling rejecting the Defendant’s demurrer, the court observed that the Defendant failed to cite a single case where a CIPA claim was dismissed for being in conflict with the CCPA.

Court: California Consumer Has Standing to Sue Peachybbies for Violating CIPA

The Defendant argued that the consumer privacy claim should be dismissed because the Plaintiff failed to allege a specific injury resulting from Peachybbies’ consumer data collection practices. According to the Defendant’s demurrer, even if the privacy of consumers is violated when they visit the Peachybbies website, the California consumer who filed this particular lawsuit did not show that her private data had been collected and that her privacy had been invaded.

In response, the Plaintiff noted that the California consumer bringing the lawsuit alleged a clear invasion of her privacy by Peachybbies, including support for her claim with specific facts such as the date of her website visit and the type of data unlawfully collected. These types of privacy invasions caused by surreptitious surveillance software have been recognized by courts as actionable injuries under both the CIPA and the California Constitution. Moreover, the Plaintiff observed that the TikTok Software utilized by Peachybbies collected personal data from every site visitor, including the Plaintiff.

The Los Angeles County Superior Court agreed with the Plaintiff. The court found that, for pleading purposes, “the complaint sufficiently establishes that the Plaintiff’s private data was collected, causing injury.”

Court Ruling: California’s Trap & Trace Law Applies to Websites

The Defendant also made a widely rejected argument that the California Invasion of Privacy Act (CIPA) defines “trap and trace devices” and “pen registers” in a way that excludes websites from the statute because the law only applies to telephone communications, not internet communications. According to the Defendant, pen registers are typically installed on landline telephones to track a subject’s outgoing calls, while trap & trace devices are typically installed on landline telephones to track a subject’s incoming calls. If the CIPA only applies to monitoring by telephones, then it would not apply to the use of TikTok Software to monitor website visitors, to collect their personal information, and to share that data with third parties.

In response, the Plaintiff showed that the Defendant was attempting to limit the scope of California’s consumer privacy laws, including the Trap and Trace Law, to outdated telephone surveillance tools. This would wrongly exclude modern, software-based tracking technologies like the TikTok Software embedded on the Peachybbies website.

Plain Language of CIPA Statute

The Defendant’s interpretation of the California Invasion of Privacy Act (CIPA) would contradict the plain language of the statute, which defines “electronic communication” broadly to include “any transfer of signs, signals, writings, images, sounds, data, or intelligence of any nature in whole or in part by a wire, radio, electromagnetic, photoelectric, or photo-optical system.” The TikTok Software used by the Peachybbies website is a very powerful fingerprinting process that instantly captures incoming electronic impulses and signals from site visitors’ devices as soon as the visitor lands on any page of the website, as well as anytime the visitor clicks on the website. This kind of data collection via electronic impulses clearly falls within the scope of the CIPA.

Legal Precedent

The Defendant’s interpretation of the CIPA would also disregard legal precedent and settled principles of statutory interpretation by numerous California courts. Nowhere in the Trap & Trace Law does it indicate that the statute is limited to telephone surveillance technology. In fact, the CIPA plainly applies to eavesdropping, which can take many forms due to advances in science and technology. California courts have routinely held that the privacy law applies to software because it explicitly references “wire or electronic communications.”

Public Policy

California’s Trap and Trace Law must be applied to evolving methods of digital surveillance in order to protect consumers against the unlawful monitoring of their internet communications, as well as the sharing of their personal data without consent. Any other interpretation of the law would open the floodgates for unscrupulous companies to use their websites to extract and exploit users’ personal information without consent.

In its pre-trial ruling against Peachybbies, the Los Angeles County Superior Court agreed with the Tauler Smith LLP attorneys representing the Plaintiff. The court noted the Defendant’s own definition of a “trap and trace device” references electronic communications that include the transfer of “signs” and “signals.” The court also highlighted the Plaintiff’s allegations that the TikTok Software utilized by Peachybbies collects extensive data that goes far beyond mere IP tracking or routine data collection and that is not needed for the ordinary operation of the website.

Call or Email the California Consumer Protection Lawyers at Tauler Smith LLP

When a website collects your personal information without consent, it is a well-established violation of California criminal and civil law. When your personal data is then shared with third parties, it is also a violation of California’s stringent consumer privacy laws. If you visited a website that tracked your user activity, you may be able to file a lawsuit to recover monetary damages. The Los Angeles consumer protection attorneys at Tauler Smith LLP represent plaintiffs in California invasion of privacy lawsuits, including trap and trace claims.

Call 310-590-3927 or send an email to learn about your legal options.

You might also like
Invasion of Privacy Claims Right of Publicity & Invasion of Privacy Claims
California Invasion of Privacy Act California Invasion of Privacy Act (CIPA)
California Consumer Privacy Act California Consumer Privacy Act (CCPA)
Goodyear Tires Wiretapping Lawsuit Goodyear Tires Wiretapping Lawsuit to Proceed
Amazon Alexa and Ring Settlements FTC Settlement: Amazon’s Alexa, Ring Security Cameras, and Privacy Laws
Arlo Home Security Invasion of Privacy Arlo Home Security System Sued for Invasion of Privacy