California Invasion of Privacy Act Lawsuit Against IHOP
The Los Angeles consumer protection lawyers at Tauler Smith LLP recently won a pre-trial demurrer hearing in a trap & trace complaint against IHOP. The California Invasion of Privacy Act lawsuit against IHOP was filed by a California consumer who alleged that the restaurant chain installed a trap and trace device on its website to unlawfully monitor website visitors without consent. IHOP argued that the case should be dismissed before trial, but the court overruled the Defendant’s demurrer and said that the case against IHOP can proceed.
To learn more about the lawsuit against IHOP, keep reading this blog.
Trap & Trace Lawsuit Against IHOP Heard in California Court
The Defendant in the recent digital privacy lawsuit is IHOP Restaurants, LLC. IHOP, or International House of Pancakes, is a popular pancake house restaurant chain with nearly 2,000 locations in the United States and internationally.
The civil suit against IHOP is being adjudicated in the Los Angeles County Superior Court and presided over by Judge Michael Small. A California consumer filed the lawsuit because IHOP allegedly installed a trap & trace device on their website to effectively spy on site visitors. This would constitute a clear violation of the California Invasion of Privacy Act (CIPA), which is codified in California Penal Code Section 638.51.
Cal. Penal Code § 638.51 is known as the “trap and trace” provision because it prohibits companies from utilizing trap & trace devices to collect data from consumers without permission. The statute explicitly states that a person or company “may not install or use a pen register or a trap and trace device without first obtaining a court order.”
TikTok Software
According to the legal complaint, IHOP’s website uses a trap & trace device created by TikTok to gather private information about site visitors without their consent. As soon as consumers access IHOP’s website, their personal information is allegedly collected via the TikTok software.
Demurrer Hearing
The Defendant filed a demurrer to dismiss the lawsuit, with an additional motion to strike a request for punitive damages.
The lawsuit against IHOP alleges that IHOP installed TikTok software on its website and that IHOP uses this software to “trap and trace” private information about consumers. The Los Angeles County Superior Court rejected IHOP’s demurrer and ruled that the allegations against IHOP are sufficient to state a cause of action for a violation of the CIPA.
Lawsuit: IHOP’s Website Software Is a Trap & Trace Device
What exactly is a trap & trace device? The California Invasion of Privacy Act (CIPA) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication.”
The precedent in these cases is clear: courts have repeatedly held that communications or chat features on websites do qualify as “electronic communications” for the purposes of the Trap & Trace Statute. In this case, the court also ruled that the TikTok software allegedly installed by IHOP on its website “falls within the ambit of the definition of a ‘trap and trace device’ in Section 638.50.” That’s because the TikTok software is a device that captures identifying information about visitors to the IHOP website.
Telephone Lines and Websites
In its demurrer, IHOP argued that the reach of the CIPA should be limited to devices that are capable of being physically attached to telephone lines, which relies on a definition of “trap and trace device” that would exclude the invasive TikTok software allegedly installed on the IHOP website.
The court rejected IHOP’s interpretation of the statute because the definition of “trap and trace devices” found in the CIPA is extremely broad: it encompasses more than just devices that capture an originating phone number, and therefore applies to more than just telephone lines.
TikTok Software = Trap & Trace Device
The L.A. County Superior Court went even further than many previous courts to rule that the California Legislature contemplated that the CIPA might cover “the development of new devices and techniques for the purpose of eavesdropping upon private communications.” The court added that the TikTok software allegedly utilized by IHOP is precisely such a “new technique” for capturing the confidential information of consumers without their consent.
IHOP Not Exempt from Liability for Utilizing Trap and Trace Devices
There are a few exceptions to the CIPA prohibition against the use of trap & trace devices. A company may utilize trap & trace devices if:
- The device is being used to operate, maintain, and test a wire or electronic communication service.
- The consent of the user has been obtained prior to use.
In its ruling on the demurrer, the L.A. County Superior Court found that neither of these exceptions applies to IHOP’s use of TikTok trap & trace software on the company website.
Court Rejects IHOP’s Arguments for Exemption
IHOP attempted to argue that it should be exempt from liability under Section 638.51(b)(5) as a “provider of electronic or wire communication services,” with the website being the service it provides. The court found this argument unpersuasive because IHOP failed to show how it might need the TikTok software to operate and maintain its website.
IHOP also tried to argue that it should be exempt from liability because the company has consented to the use of the trap & trace software installed on its website. The court quickly rejected this argument because the consent exception of the CIPA obviously applies to website visitors, not to the owners and operators of a website.
Private Right of Action Against IHOP for Violating the CIPA
In its demurrer, IHOP also argued that there is no private right of action under the California Invasion of Privacy Act (CIPA). If true, this would mean that consumers would not be able to file civil suits against companies that violate the CIPA. But the court rejected this argument because the CIPA specifically provides for statutory damages.
In fact, the CIPA allows victims to file suit against a company that violated the CIPA for either:
- $5,000 per violation; or
- Treble damages equaling three times the amount of actual damages sustained by the victim.
Significantly, the statute calls for plaintiffs who bring trap & trace complaints to be awarded whichever amount is greater.
Plaintiffs Eligible for Punitive Damages in California Invasion of Privacy Cases
Buried within IHOP’s demurrer was also a motion to strike the punitive damages part of the complaint and essentially deny any request for a punitive damages award at the conclusion of the trial.
Although the court granted the motion to strike, it also reiterated that the California Invasion of Privacy Act (CIPA) does allow for punitive damages to be awarded against a defendant. To receive punitive damages for a violation of the Trap and Trace Law, the plaintiff must prove that the defendant acted maliciously or fraudulently when using trap and trace software to collect customer information.
Contact an Experienced Los Angeles Consumer Protection Lawyer
Are you a California resident who visited the IHOP website? Did you visit any other websites operated by companies that might be using trap & trace devices to monitor users? If so, you may be eligible to file a lawsuit in a California court to receive monetary compensation. The Los Angeles consumer protection attorneys at Tauler Smith LLP represent plaintiffs in invasion of privacy claims, and we can help you.
Call 310-590-3927 or email us to schedule a free consultation and learn about your legal options.