Rack Room Shoes Wiretap Lawsuit

Did Rack Room Shoes Violate Federal Wiretap Law?

/in /by

Rack Room Shoes Wiretap Lawsuit

A federal court in California recently issued a key ruling in an important, potentially precedent-setting case, and court observers and legal experts are now asking: Did Rack Room Shoes violate federal wiretap law? The pre-trial ruling, issued by the U.S. District Court for the California Northern District, might have implications for the future of consumer privacy laws nationwide. The case, Smith v. Rack Room Shoes, Inc., could also result in severe consequences for a number of companies, including Meta, Attentive, and Rack Room Shoes. That’s because the companies have been accused of collaborating to collect and share the personal data of online customers in violation of the Federal Wiretap Act.

To find out about this important consumer privacy case and what it could mean for consumer privacy litigants, keep reading.

Rack Room Shoes, Meta, and Attentive Named in Federal Wiretap Lawsuit

Rack Room Shoes, Inc. is a national footwear chain that operates under both the Rack Room Shoes brand and the Off Broadway Shoe Warehouse brand. The chain sells shoes for men, woman, and children both online and in brick-and-mortar stores throughout the United States.

Meta Platforms, Inc. is a global technology company best known for owning and operating major social media platforms such as Facebook, Instagram, and WhatsApp. Meta is one of the largest public companies in the world, with its subsidiary Facebook reporting more than three (3) billion users. The tech company has previously been accused of collecting users’ biometric data without consent.

Attentive is a prominent mobile messaging & email platform. The company provides personalized SMS and email marketing to e-commerce brands that want to automate communications with customers. Attentive markets itself as an AI-powered platform that uses advanced artificial intelligence to capture, store, and activate users’ data.

Smith v. Rack Room Shoes, Inc. is being heard in the United States District Court, Northern District of California. All three companies – Rack Room Shoes, Meta, and Attentive – were named in the digital privacy claim, even though only Rack Room Shoes was named as a Defendant.

Rack Room Shoes Accused of Intercepting Customer Communications Online

Rack Room Shoes has been accused of permitting tech giants Meta, Attentive, and other companies to intercept the communications of visitors to the Rack Room Shoes e-commerce store. This unauthorized surveillance was allegedly done via trackers that Rack Room Shoes embedded on its website.

Perhaps most concerning for California consumers is the allegation that Rack Room Shoes essentially spied on website visitors and then collected their personal information without the users’ knowledge or consent.

Embedded Website Tracking Code

According to the class action suit, Rack Room Shoes embedded the code of third-party companies Meta and Attentive on its website. This code allegedly intercepts the personally identifiable communications of anyone who visits the website, and then the code directs the person’s browser to send a message to Meta or Attentive. Rack Room Shoes allegedly incorporates the data into consumer profiles provided by Meta, Attentive, and other third-party data brokers. These consumer profiles are used by Rack Room Shoes to guide its targeted advertisements. Significantly, these actions would be contrary to commitments in the Rack Room Shoes website privacy policy.

Meta, Attentive, and Data Broker Companies Accused of Collecting and Sharing Customer Data

Meta and Attentive are referenced throughout the class action complaint against Rack Room Shoes. That’s because it is Meta and Attentive tracking code and “scripts” that are allegedly utilized by the Rack Room Shoes website to collect consumer information such as customers’ names, email addresses, phone numbers, and even their online shopping behavior.

Meta Pixel Code

According to the lawsuit, one of the website tracking codes embedded on the Rack Room Shoes site is known as Meta Pixel. This code will allegedly track a site visitor’s communications and then secretly send messages to Meta with the visitor’s personal information, including:

  • The visitor’s search queries.
  • The name of any webpage visited.
  • The name of any button clicked by the site user.
  • Items placed in the user’s online cart.
  • Hashed values corresponding to the visitor’s name, address, phone number, and email.

Additionally, if the person who visits the Rack Room Shoes website happens to have a Facebook profile, the embedded Meta Pixel code will also allegedly send messages containing the person’s Facebook ID.

Attentive Tag Code

Another tracking tool allegedly embedded on the Rack Room Shoes website is known as Attentive Tag. This code allegedly tracks user activity on the site and sends messages to Attentive containing the user’s personal data, including:

  • The full URL string visited.
  • Any products purchased.
  • The user’s unencrypted phone number and email.

Data Broker Companies

The lawsuit against Rack Room Shoes also alleges that the popular shoe chain has similar “data collection” and “data sharing” arrangements with several other third-party companies beyond Meta and Attentive, including data brokers trying to sell personal information obtained from intercepted communications online.

Lawsuit: Rack Room Shoes Violated the Federal Wiretap Act

The plaintiffs filed a class action lawsuit against Rack Room Shoes in the United States District Court for the Northern District of California. The complaint specifically alleges that Rack Room Shoes “knowingly uses intercepted communications” for website visitors for the company’s own commercial purposes, including to “run targeted advertisements.” These actions would constitute serious violations of the Federal Wiretap Act.

The plaintiffs asked the federal court for equitable relief because they suffered harm from the unlawful collection and sharing of their data. The complaint provides support for the contention that their personally identifiable browsing activity has significant financial worth. That’s because this is an era in which browser history data and other personal information obtained online can be extremely valuable to data brokers and other entities that are looking to profit through personalized marketing.

Court Denies Motion to Dismiss: Federal Wiretap Suit Against Rack Room Shoes Can Move Forward

The Rack Room Shoes litigation has already seen multiple pre-trial rulings because the Defendant filed two motions to dismiss the privacy claims.

First Motion to Dismiss

The first motion to dismiss was denied because the federal court found that the plaintiffs “adequately alleged that Rack Room’s privacy policy failed to disclose that a third party may collect, store, and analyze a visitor’s browsing and purchase history in a way that is personally identifiable or that a third party could use that data for its own commercial purposes.” Therefore, said the court, the data collection was plausibly done without consent of website visitors.

Additionally, the court found that the plaintiffs stated valid claims for violations of California consumer privacy laws, including invasion of privacy under both the California Constitution and the California Invasion of Privacy Act (CIPA).

Second Motion to Dismiss

The U.S. District Court heard arguments from both sides before ruling against the Defendant’s motion to dismiss with respect to alleged violations of two statutes: the California Comprehensive Computer Data and Access Fraud Act (CDAFA) and the Federal Wiretap Act.

Although the court granted the motion to dismiss with respect to the California Unfair Competition Law (UCL) and the Consumers Legal Remedies Act (CLRA), the pre-trial ruling was still a major win for the plaintiffs because it means the class action against Rack Room Shoes can proceed on the two most significant claims: alleged violations of California’s computer data fraud law and the federal wiretap law.

Court: Rack Room Shoes May Have Violated the CDAFA

The California Comprehensive Computer Data and Access Fraud Act (CDAFA) is a state law that provides broad protection against the unauthorized use or taking of a person’s data online. As set forth by Cal. Penal Code § 502(c)(2), a person who “knowingly accesses and without permission takes, copies, or makes use of any data from a computer” violates the statute. Section 502(e)(1) further states that any “owner of a computer who suffers damage or loss by reason of a violation of the CDAFA may bring a civil action against the violator.”

In its order declaring that the wiretapping lawsuit against Rack Room Shoes may proceed, the court noted that the plaintiffs had sufficiently alleged that they suffered economic injury because Rack Room Shoes caused Meta, Attentive, and data broker companies to unjustly profit from the personal information and online activity of website visitors.

The court also noted the plaintiffs’ allegation that Rack Room Shoes used customer profiles that integrated the customers’ personally identifiable browsing history, and this allowed the company to run targeted marketing campaigns. (Moreover, Rack Room Shoes told customers in its website Privacy Policy that it would not collect this type of information.)

CDAFA Damages

The class action lawsuit against Rack Room Shoes seeks damages through disgorgement, which is specifically allowed under the CDAFA. Disgorgement is a civil remedy that requires a wrongdoer to give up any profits earned from illegal actions.

The California federal court found that the plaintiffs in the class action plausibly pleaded that they suffered the type of compensable damages that may be recovered in a CDAFA claim. The court noted that online consumers have a stake in any profits derived unjustly from their personal data. The court concluded its discussion of CDAFA damages by stating that the plaintiffs were damaged simply by not having received a share of the allegedly unjust profits generated from their data, regardless of whether there was any direct financial harm. As support for this point, the court quoted the California State Legislature’s discussion of the statutory purpose of the CDAFA: “The legislature found that the protection of lawfully created computer data is vital to the protection of the privacy of individuals.”

Court: Plausible Allegation That Rack Room Shoes Violated the Federal Wiretap Act

The Federal Wiretap Act is part of the Electronic Communications Privacy Act (ECPA). The statute, codified at 18 U.S.C.§ 2511, creates both criminal and civil liability for anyone who intentionally intercepts any wire or electronic communication, as well as for anyone who intentionally uses content knowing that the information was obtained through interception. Anyone whose wire or electronic communication is intercepted, disclosed, or intentionally used in violation of the Federal Wiretap Act may be eligible to file a civil action and recover damages from the person or entity who committed the offense.

The statute defines “intercept” as “the acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” In its pre-trial ruling against the motion to dismiss, the U.S. District Court found that the plaintiffs “plausibly alleged that Rack Room intentionally used intercepted communications in violation of the Federal Wiretap Act.”

Exceptions to Federal Wiretap Act

The Federal Wiretap Act does provide a limited exemption from liability – known as the “party exception” – when the person who intercepted the communication was a party to the communication. However, the limitation on this exception – known as the “crime-tort exception” – is that it does not apply when the interception was “for the purpose of committing any criminal or tortious act.”

In this case, Rack Room Shoes was both a party to the communications and consented to the interception. As such, the party exception to the wiretap law would seemingly be triggered.

However, the court found that the crime-tort exception also applies here, which means that the alleged interception of customer data is still unlawful. In its pre-trial ruling, the court stated that the plaintiffs adequately alleged that Rack Room Shoes “played an active role in the use of embedded code to intercept customers’ electronic communications” because the company customized and deployed the code. Moreover, the court noted that these data collection practices were not clearly disclosed in the company’s privacy policy. As such, said the court, Rack Room Shoes’ alleged tortious purpose in intercepting website visitors’ communications is enough to satisfy the crime-tort exception and expose Rack Room Shoes to liability under the Federal Wiretap Act.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

The Los Angeles consumer protection lawyers at Tauler Smith LLP represent plaintiffs in invasion of privacy cases, including California CIPA claims and federal wiretapping lawsuits. If you believe that your personal information was collected online without your consent, you may be eligible to bring a claim for monetary compensation.

Call 310-590-3927 or email us to learn more.

You might also like
Diet Supplement Criminal Penalties DNP Distributor Gets Prison for Selling Deadly Diet Pills
PPP Loan Lawsuit Payment Protection Program (PPP) Lawsuit
CLRA Consumer Protection What Is the Consumers Legal Remedies Act?
Anxiety Supplement Lawsuit Natrol Class Action for Anxiety Supplements
Macy’s Beauty Box Lawsuit Macy’s Faces Lawsuit for Beauty Box Automatic Subscription
California Automatic Renewal Law California’s Automatic Renewal Law