Posts

MSC Cruises Trap & Trace Lawsuit

Trap & Trace Lawsuit Against MSC Cruises

MSC Cruises Trap & Trace Lawsuit

The California consumer protection lawyers at Tauler Smith LLP are representing a consumer who filed a trap & trace lawsuit against MSC Cruises. The cruise ship company has been accused of utilizing trap & trace technology on its website to collect customer information without permission. The Superior Court of Los Angeles County recently ruled on a demurrer filed by the Defendant in the case: the court overruled the demurrer, which means that the case against MSC Cruises could proceed to trial.

For additional information about the MSC Cruises trap and trace complaint, keep reading.

Lawsuit: MSC Cruises Violated the California Invasion of Privacy Act (CIPA)

MSC Cruises is the world’s largest privately held cruise company. The global cruise line operates a website that invites customers to “sail to over 250 of the world’s most sought-after travel destinations.” Site visitors can register and book cruises directly on the website.

The civil lawsuit filed against MSC Cruises in L.A. County Superior Court alleges that the cruise ship company violated the California Invasion of Privacy Act (CIPA) by utilizing trap and trace software on their website.

What Is the California Invasion of Privacy Act?

The California Invasion of Privacy Act (CIPA) is codified in Penal Code § 638.51, which states that “a person may not install or use a pen register or a trap and trace device without first obtaining a court order.”

Pen Registers

As set forth by the statute, a “pen register” is a device or process that records certain information transmitted by an instrument that also transmits a wire or electronic communication. This information includes dialing, routing, addressing, or signaling information. Importantly, a pen register does not record or decode the contents of a communication.

There are exceptions to California’s digital privacy law on pen registers. For example, the pen register prohibition in the CIPA does not apply to a device used for billing purposes, cost accounting, or other similar purposes that exist in the ordinary course of business.

Trap & Trace Devices

The California Invasion of Privacy Act (CIPA) defines a “trap and trace device” as “a device or process that captures incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

The last clause in the definition is what MSC Cruises focused on for one of its pre-trial arguments: the Defendant argued that the TikTok Software on its website only intercepts the content of communications, which would not fit the definition of a trap and trace device. However, the court found the opposite to be true: that the civil suit against MSC Cruises sufficiently alleged that the TikTok Software used on the company’s website collects data such as device, browser, and geographic information about site visitors. This is precisely the type of data which would show where users are located and thus violate the CIPA.

MSC Cruises Accused of Using TikTok Software on Its Website

Alarmingly, MSC Cruises is accused of collaborating with the Chinese government to use TikTok software to gather personal information about website visitors without their knowledge or consent. According to the complaint, MSC Cruises installed software created by TikTok on the company’s website. The TikTok Software was allegedly created for the purpose of identifying website visitors, collecting data about the visitors, and then matching the information with existing customer data that the social media platform already possessed.

The complaint alleges that the TikTok Software uses a de-anonymization process that runs codes or “scripts” on the MSC Cruises website to identify users and then send user details to TikTok. This includes data such as browser information, geographic information, referral tracking, and URL tracking.

The digital privacy complaint states that visitors of the MSC Cruises website do not consent to have their data collected and shared with TikTok. That’s because the TikTok Software allegedly starts working the moment a user lands on a website page. According to the trap & trace lawsuit, the software collects and shares the information “regardless of the cookie banner which appears on the site.” In other words, a site visitor does not have an opportunity to opt out of the collecting and sharing of their personal data because this occurs as soon as visitors land on a page or click on a page.

Pre-Trial Motion: Court Rules in Favor of Plaintiff in MSC Cruises Trap & Trace Lawsuit

The Plaintiff, a California consumer represented by Tauler Smith LLP, filed her CIPA complaint against MSC Cruises in Los Angeles County Superior Court. A short time later, the Defendant filed a demurrer with the court. Basically, this meant that the Defendant asked the court to dismiss the complaint. The court heard arguments from both sides, then ruled in favor of the Plaintiff.

Trap & Trace Software

MSC Cruises filed a demurrer with the L.A. County Superior Court on the grounds that the complaint failed to allege a violation of the California Invasion of Privacy Act (CIPA). Specifically, the Defendant argued that it had not utilized a “pen register” or a “trap and trace device” as defined by the statute because the CIPA only explicitly covers telephone-based communications, not website-based communications.

The court rejected the Defendant’s argument and found that the Plaintiff’s trap and trace complaint alleged facts sufficient for a violation of the CIPA. First, the court stated that the plain language of Section 638.51 does not limit the statute to telephone-based communications. Beyond that, the court noted that the Plaintiff did not need to provide a detailed description of the TikTok Software used by MSC Cruises at this stage of the legal proceedings; instead, all that is needed is facts alleging that the software installed on the cruise ship website captures user information which would reasonably lead to the source of the users’ communications with the website.

Consent to Trap & Trace Devices

In its demurrer filed with the court, MSC Cruises also argued that users of its website consented to the capture of their personal data through automated technologies simply by visiting the website. However, the court found that the Plaintiff’s complaint clearly alleged that the TikTok Software captured user data without users’ consent or knowledge. Moreover, this data capture occurred as soon as a user landed on the website – and without users submitting the information to the website voluntarily.

Call a Los Angeles Consumer Protection Attorney Today

Are you a California resident? Did you visit the MSC Cruises website to book a cruise vacation or for any other reason? If so, your personal data may have been compromised. The Los Angeles consumer protection lawyers at Tauler Smith LLP represent victims of consumer privacy violations, and we help them get financial compensation. Call 310-590-3927 or send an email to discuss your legal options.

Taylor Farms CIPA Claim

CIPA Claim Against Taylor Farms

Taylor Farms CIPA Claim

Tauler Smith LLP won an important pre-trial argument in a CIPA claim against Taylor Farms. The lawsuit, which was heard in the Los Angeles County Superior Court, stemmed from allegations that Taylor Farms violated the California Invasion of Privacy Act (CIPA) by using trap & trace software on the produce distribution company’s website to collect customer data without permission. The court ruled that the Plaintiff pled sufficient facts to support a reasonable inference that the Defendant violated the consumer protection statute. This was a major victory for the Los Angeles consumer protection attorneys at Tauler Smith.

Taylor Farms Accused of Using Tracking Software to Collect Customer Information Without Consent

Taylor Farms, which operates under the name Taylor Fresh Foods, Inc., is one of the leading producers of fruits and vegetables in the United States. The company distributes produce to numerous supermarket chains and restaurants, including Chipotle and McDonald’s.

The complaint against Taylor Farms alleged that the company’s website utilized tracking software created by TikTok to identify certain confidential user information, including device and browser information, geographic information, referral tracking, and URL tracking. The use of trap and trace software is a violation of the California Invasion of Privacy Act (CIPA), codified in Penal Code § 638.51. The CIPA has an express purpose to “protect the right of privacy” of California consumers. When a website operator utilizes a trap and trace device to track a site visitor’s information without consent, they have invaded the privacy of that individual.

Digital “Fingerprinting”

According to the lawsuit, the TikTok Software’s digital process is known as “fingerprinting.” This allows companies to gather user data by running code or “scripts” on their websites and then send user details to TikTok. The data is matched with information that the Chinese-owned social media company has already amassed about hundreds of millions of Americans.

What Is a “Trap and Trace Device”?

Section 638.51 of the California Invasion of Privacy Act (CIPA) stipulates that, under most circumstances, “a person may not install or use a pen register or a trap and trace device without first obtaining a court order.”

What is a trap and trace device? The statute defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

Trap & Trace Lawsuit Against Taylor Farms

Taylor Farms was sued for allegedly violating the California Invasion of Privacy Act (CIPA) by using trap & trace software on the company’s website. The lawsuit alleged that the site deployed TikTok Software to identify visitors by using electronic impulses generated from users’ devices. Without either visitors’ consent and or a court order to use the TikTok Software to track visitors of the website, this would be a violation of consumer privacy under the CIPA.

After the lawsuit was filed, Taylor Farms filed a formal objection in the form of a demurrer. The company argued that the original complaint failed to state a cause of action and should therefore be dismissed.

Court: Denied Demurrer in CIPA Complaint Against Taylor Fresh Foods

L.A. Superior Court Judge Daniel S. Murphy heard arguments and then issued a ruling denying the Taylor Farms demurrer. The ruling stated that the Plaintiff’s complaint alleged the two elements necessary to establish a violation of the CIPA:

  1. The Defendant installed a prohibited pen register or trap & trace device.
  2. The Defendant installed the trap & trace device without a court order.

Significantly, the court said that the allegations in the digital privacy complaint against Taylor Fresh Foods, Inc. “support a reasonable inference that Plaintiff had her information tracked without her consent, thus resulting in harm to her personal autonomy.” This outstanding pre-trial outcome represented yet another consumer protection court victory for the Tauler Smith law firm.

The California Invasion of Privacy Act Applies to Websites and Software

In a filing with the court, Taylor Farms argued that the California Invasion of Privacy Act (CIPA) only regulates physical trap & trace devices and therefore does not apply to IP addresses or “standard website data collection.” The court strongly rejected this argument.

In its ruling, the court said that the CIPA does not limit the definition of “pen register” or “trap and trace device” to physical devices attached to telephone lines. In fact, said the court, the statute’s definitions make no reference to a physical attachment. Moreover, a trap & trace device is broadly defined as applying to “electronic communications,” which the court noted “encompasses a range of transfers plainly not limited to telephone lines.”

Additionally, the court agreed with the Plaintiff’s cited case of Greenley v. Kochava, in which the U.S. District Court for the Southern District of California held that a software development kit installed in a third-party mobile application constituted a violation of the CIPA’s pen register prohibition. In that case, the court said that unlawful trap and trace technology can involve software that identifies consumers and gathers data through unique “fingerprinting.”

Section 638.51 Applies to Websites

In its demurrer filing, the Defendant also argued that the CIPA should not apply to websites because such an interpretation would subject every website to liability. Again, the court strongly rejected the Defendant’s argument. The court stated that the TikTok Software allegedly gathered unique location information and tracked user data that went well beyond the type of data which might be necessary for the proper functioning of a website.

In fact, the court said that the Defendant’s interpretation of the CIPA would lead to the “absurd result” of immunizing all websites from prosecution under the law. In other words, the CIPA would basically cease to exist because anyone who visited a website would automatically consent to the use of a trap and trace device and other tracking software.

Who Is the “User” of a Website in a Trap and Trace Claim?

The court also rejected an argument by the Defendant that Taylor Farms was the “user” of the TikTok Software allegedly installed on its website and therefore consented to the use of a pen register or trap & trace device. This argument would mean that no website visitor could ever bring a viable claim under the California Invasion of Privacy Act (CIPA) because every website operator necessarily consents to the use of the software on their own site. In other words, the CIPA “could never be violated.”

Again, the court found that it would be absurd to accept an interpretation of the CIPA which would mean every website operator could escape liability even when website user privacy is invaded.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited a company’s website, it’s possible that your data was shared with third parties like TikTok. The California consumer protection attorneys at Tauler Smith LLP represent plaintiffs in consumer privacy claims, and we can help you. Call 310-590-3927 or email us to schedule a free consultation.

Law.com Article on C2 Education Lawsuit

Law.com Article on C2 Education Trap & Trace Lawsuit

Law.com Article on C2 Education Lawsuit

The Los Angeles consumer protection lawyers at Tauler Smith LLP recently filed a class action against C2 Education in U.S. District Court that accuses the tutoring company of collaborating with TikTok to collect consumer data. The case is getting significant press coverage: a Law.com article on the C2 Education trap & trace lawsuit explores the implications of the federal court’s pre-trial ruling, which denied a motion to dismiss the complaint and essentially said that software embedded on a website can violate the California Trap and Trace Law.

Read the Law.com article, “Federal Ruling ‘Sets Precedent’ for ‘Trap and Trace’ Software Class Actions in Calif.” And for more information about the class action lawsuit against C2 Education, keep reading this blog.

Federal Court: C2 Education May Have Used Trap & Trace Devices to Collect Consumer Information

A Law.com article on the C2 Education trap and trace lawsuit discusses the recent class action complaint filed against the tutoring company for allegedly using trap & trace devices to collect consumer data on its website without permission. The online article also highlights the important precedent that may have been set for trap and trace lawsuits in California:

A federal court delivered a landmark decision impacting “trap and trace” software cases in California, denying defendant C2 Educational Systems Inc. a motion to dismiss a class action alleging it violated the California Invasion of Privacy Act (CIPA) through its partnership with TikTok.

“These allegations demonstrate that Defendant, through the use of the TikTok Software, collected Plaintiff’s information, thereby constituting an invasion of privacy. And invasions of privacy are actionable injuries,” the ruling stated.

“I think it’s a big ruling because you have, in this instance…a federal court saying this is a claim that the federal courts recognize, which generally means that state courts will also recognize trap and trace claims,” said plaintiff’s attorney Robert Tauler.

C2 Education Accused of Collaborating with TikTok to Collect Information from Website Visitors

Los Angeles law firm Tauler Smith LLP filed a class action lawsuit against C2 Education because the online tutoring and test prep company is allegedly violating the California Invasion of Privacy Act (CIPA) through its partnership with TikTok. The Defendant subsequently filed a motion to dismiss the class action from the U.S. District Court for the Central District of California. After evaluating arguments from both sides, the court denied C2 Education’s motion to dismiss.

Assuming the case ultimately reaches trial, the Defendant will need to answer the allegations that they breached California’s Trap and Trace Law, codified as Cal. Penal Code § 638.51 of the CIPA. The Trap and Trace Law prohibits the use of pen registers and trap & trace devices that record dialing or routing information from website visitors. The lawsuit against C2 Education specifically alleges that the tutoring company installed TikTok software on its website to siphon user data and match it with TikTok’s much larger user database. This process, known as “fingerprinting,” gives companies the ability to identify personal information about otherwise anonymous website users.

Landmark Decision: U.S. District Court Sets Precedent for California Trap & Trace Claims

In its motion to dismiss the class action lawsuit, C2 Education argued that the Trap & Trace provision of the California Invasion of Privacy Act (CIPA) should only apply to physical devices attached to telephone lines, not to website software. The United States District Court for the Central District of California disagreed. The court highlighted § 638.50 of the CIPA, which broadly refers to “devices that record or capture information.” The court also cited Greenley v. Kochava, Inc., an earlier case finding that software “fingerprinting” falls squarely under the pen register definition outlined by the CIPA.

Legal experts have noted that the federal court’s pre-trial ruling in the C2 Education trap & trace case may have broadened the scope of the California Trap & Trace Law and, by extension, strengthened protections for consumers against digital privacy violations and fraud. In fact, the Law.com article on the case called it “a landmark decision.” Los Angeles consumer protection lawyer Robert Tauler, who is representing the plaintiff in the C2 Education class action, observed that this is “the first case effectively saying that software on a website can violate the Trap and Trace Law.”

Did You Visit the C2 Education Website? Contact the California Consumer Protection Attorneys at Tauler Smith LLP

Los Angeles law firm Tauler Smith LLP represents plaintiffs in cases involving invasion of privacy violations. Our California consumer protection lawyers have filed dozens of trap & trace claims on behalf of consumers, including a class action complaint against C2 Education. If you are a California resident who visited the C2 Education website, you may be eligible to join the class action lawsuit.

Call 310-590-3927 or email us today.

C2 Education Class Action Trial

Judge Denies Motion to Dismiss Class Action Against C2 Education

C2 Education Class Action Trial

Tauler Smith LLP recently filed a trap and trace lawsuit against C2 Education for violating the California Invasion of Privacy Act (CIPA), and now a federal court has ruled: a judge denied the motion to dismiss the class action against C2 Education. The complaint alleges that the leading provider of tutoring services nationwide has unlawfully installed “trap and trace” software on its website and allowed the social media app TikTok to collect private data from site visitors. The Defendant filed a motion to dismiss the lawsuit, but the court rejected all of the Defendant’s pre-trial arguments. This represents a major victory for the California consumer protection lawyers at Tauler Smith LLP.

For more information about the lawsuit against C2 Education for invasion of privacy, and to learn whether you might be eligible to join the class action, keep reading.

Tutoring Company C2 Education Sued for Invasion of Privacy

Tauler Smith LLP represents California consumers who have filed a class action complaint against C2 Educational Systems Inc., a company which markets itself as a leading provider of tutoring, test prep, and college admissions counseling services to K-12 students in California and throughout the United States. The company’s online tutoring programs can be accessed at the website www.c2educate.com. This website is at the heart of the lawsuit against C2 Education because of the company’s partnership with the controversial social media platform TikTok. According to the lawsuit, C2 Education allows TikTok to install a “trap and trace device” on the tutoring website landing page and to secretly collect personal data about consumers who visit the site.

What Are “Trap and Trace Devices”?

What are trap and trace devices? California consumer protection law defines these as devices or processes that record or capture “dialing, routing, addressing, or signaling information” from a “wire or electronic communication.” When a company embeds and uses a pen register or trap and trace device without first obtaining a court order, they are directly violating Section 638.51 of the Trap and Trace Law.

Lawsuit: C2 Education Violated California’s Trap and Trace Law

The California Trap and Trace Law is codified in California Penal Code § 638.51, a provision of the California Invasion of Privacy Act (CIPA). The lawsuit against C2 Education alleges that the tutoring company violated the Trap and Trace Law’s prohibition against the use of pen registers and trap & trace devices: TikTok software embedded on the C2 Education website is utilized to unlawfully collect site visitors’ information without either express or implied consent. Beyond that, site visitors are never informed that their data is being collected and shared with the Chinese government for “fingerprinting” and de-anonymization.

“Fingerprinting”

According to the legal complaint, the TikTok de-anonymization software installed on the C2 Education website uses a process known as “fingerprinting.” This allows the site to collect data from visitors, and the data is then matched with TikTok’s massive user database to uncover visitors’ identities. The personal data that TikTok allegedly collects from website visitors includes device and browser information, geographic information, referral tracking, and URL tracking.

“AutoAdvanced Matching”

The class action lawsuit also alleges that C2 Education enables TikTok’s “AutoAdvanced Matching” feature, which allows TikTok to run codes or “scripts” that capture data from online forms filled out by website users. This form data may include things like the user’s name, date of birth, and physical address.

Defendant Files Motion to Dismiss Class Action Complaint

The complaint against C2 Education was filed in the United States District Court for the Central District of California. The Defendant filed the motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6), which calls for a case to be dismissed when a plaintiff fails to state a claim upon which relief can be granted.

The Defendant argued that the complaint should be dismissed because:

  1. Section 638.51 does not apply to website software.
  2. The TikTok Software used by C2 Education merely collects information that is necessary for the basic operation and maintenance of the website.
  3. Consent was given for use of the TikTok Software on the C2 Education website.
  4. The TikTok Software only collects the “contents of a communication,” which is allowed under the statute.
  5. Section 638.51 is a criminal statute and does not provide plaintiffs with a private right of action in civil court.

Federal Judge Denies Motion to Dismiss Trap & Trace Lawsuit Against C2 Education

U.S. District Judge R. Gary Klausner heard arguments from both sides and then issued a ruling denying the Defendant’s motion to dismiss. This means that the case against C2 Education could now proceed to trial. In fact, the court strongly rejected all of the Defendant’s arguments, and may have even set precedent for trap & trace class actions.

The court’s responses to the Defendant’s arguments are addressed below:

  1. CIPA Applies to TikTok Software

C2 Education argued that the claim should be dismissed because California Penal Code § 638.52 uses language about “telephone lines,” not websites. Also, the statute indicates that a pen register or trap and trace device must be a physical device attached to a telephone line. Therefore, argued the Defendant, the TikTok Software embedded in the C2 Education website is not covered by the Trap and Trace Law because the software is not a physical device attached to a phone line. The U.S. District Court disagreed.

In rejecting the Defendant’s motion for dismissal, the court highlighted an important distinction between § 638.52 and § 638.50. Although Section 638.52 refers to trap & trace devices as physically attached to telephone lines, Section 638.50 does not include any such requirement: the statute refers broadly to “devices or processes” that capture information electronically. Additionally, other federal courts have interpreted the statute broadly by focusing on the result of the impermissible data collection and concluded that tracking software can constitute a pen register or trap & trace device under the law.

  1. TikTok Software Collects Consumers’ Personal Data

C2 Education also argued that the complaint should be dismissed because the TikTok Software only records data needed for the operation and maintenance of the tutoring website. Since the Trap and Trace Law includes an exception for the use of pen registers and trap & trace devices to “operate and maintain” an electronic communication service, this kind of use would be allowed under the law. The district court rejected this argument.

In its ruling, the U.S. District Court noted that the plaintiff alleged that the TikTok Software is used by C2 Education to record more than just IP addresses. For example, the complaint alleges that the software also records browser and device data, form data, and other personal information about website visitors. The court found that this type of data collection is probably not necessary for the operation and maintenance of the website, so the statutory exception cited by the Defendant would not apply in this case.

  1. Consumers Did Not Consent to Use of TikTok Software

Under § 638.51 of the Trap & Trace Law, companies are allowed to use pen registers and trap and trace devices if the website user has provided consent. C2 Education argued that the invasion of privacy lawsuit should be dismissed because the main “user” of the website was the Defendant, who consented to the use of tracking software. The court understandably rejected this argument because California law would seem to indicate that the only relevant user of a website is the site visitor, not the site operator – and the user in this instance did not consent to having their personal data collected by the TikTok software. As such, ruled the court, the lawsuit against C2 Education should survive summary judgment and possibly go to trial.

  1. C2 Education Collects Personal Information from Consumers

The California Trap and Trace Law applies to websites that use pen registers or trap & trace devices to record “dialing, routing, addressing, or signaling information.” However, since the statute seemingly does not apply when the “contents of a communication” are recorded, the Defendant in this case argued that the data collected by the TikTok Software on the C2 Education website does not fall within the scope of the statute. Once again, the U.S. District Court rejected the Defendant’s argument.

The court found that the lawsuit clearly alleges that the TikTok Software used by C2 Education gathers “device and browser information, geographic information, and browsing history.” Moreover, the lawsuit describes multiple data points that the TikTok Software allegedly captures, which is sufficient to bring a claim under the Trap & Trace Law.

  1. CIPA Allows Consumers to Sue for Digital Privacy Violations

The Trap and Trace Law is a part of the California Invasion of Privacy Act (CIPA), which is codified as Cal. Penal Code § 638.51. The Defendant argued that the civil lawsuit against C2 Education should be dismissed at the summary judgment phase because the CIPA is a criminal statute with criminal penalties and does not allow individual defendants to seek monetary remedies in a civil suit. The court rejected this argument because the CIPA explicitly confers a private right of action and allows individual consumers to bring lawsuits. The court specifically pointed to § 637.2, which has a broad and unambiguous endorsement of private rights of action for all CIPA violations.

U.S. District Court: C2 Education’s Use of TikTok Software May Have Violated California Consumer Privacy Laws

At the conclusion of its order rejecting the Defendant’s motion to dismiss, the U.S. District Court for the Central District of California stated that the allegations in the class action complaint “demonstrate that the Defendant, through use of the TikTok Software, collected site visitors’ information, thereby constituting an invasion of privacy.” Significantly, the plaintiffs may now have the opportunity to argue their case at trial – which represents another successful pre-trial outcome for the Tauler Smith litigation team.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited the C2 Education website for any reason, you may have been the victim of an unlawful invasion of privacy. Contact the Los Angeles consumer protection attorneys at Tauler Smith LLP to find out if you are eligible to join a class action lawsuit to receive financial compensation. Call 310-590-3927 or send an email.

Skullcandy Trap and Trace Class Action

Trap and Trace Class Action Against Skullcandy

Skullcandy Trap and Trace Class Action

California law firm Tauler Smith LLP has filed a trap and trace class action against Skullcandy. The civil suit, filed in Los Angeles County Superior Court, accuses the headphone technology company of unlawfully sharing customer data with TikTok for the purposes of fingerprinting and de-anonymization. The consumer fraud lawyers litigating the lawsuit have also accused Skullcandy of violating California consumer protection laws by failing to obtain consent from website visitors.

Are you a California resident who visited the Skullcandy website? If so, you might be eligible to join a class against lawsuit against Skullcandy. Contact Tauler Smith LLP for more information.

Skullcandy Headphone Company Accused of Using Trap & Trace Fingerprinting Software

Skullcandy is a company that sells technology products, including headphones, earphones, and Bluetooth speakers marketed to a “youth” demographic, with an emphasis on use during videogaming, snowboarding, and skateboarding. These products are primarily sold in brick-and-mortar retail stores and via the company’s online store.

The legal complaint against Skullcandy alleges that the company’s website installed sophisticated software to de-anonymize website traffic, allowing social media behemoth TikTok access to personal information about otherwise anonymous site visitors. The trap and trace software allegedly runs on virtually every page of Skullcandy’s website, meaning that anyone who visited the site may have unknowingly been the victim of a digital privacy violation. More specifically, the Skullcandy trap and trace software relies on electronic impulses generated from website visitors’ devices. This is allegedly done by Skullcandy in concert with the social media platform TikTok to identify site visitors and gain valuable information about Skullcandy’s target market.

What Is a Trap & Trace Device?

According to California consumer protection law, a trap and trace device is any type of device or process capable of capturing incoming electronic impulses to identify the originating number, dialing, routing, addressing, or signaling information. In other words, it’s a device that can trace the source of an electronic communication. When a company uses one of these devices to obtain customer data without authorization, the act could constitute a very serious violation of California’s Trap and Trace Law and subject the company to fines and other statutory penalties.

Lawsuit: Skullcandy Customer Data Unlawfully Shared with TikTok

According to the class action lawsuit filed in L.A. Superior Court, the Skullcandy website uses software created by TikTok for the express purpose of identifying site visitors. This is accomplished through a process known as “fingerprinting,” which collects extensive data about otherwise anonymous website visitors. The personal information is then matched with existing records that TikTok has already acquired about the millions of Americans who use the popular social media platform. At the same time, TikTok adds the data to their accumulated data about user behavior.

Skullcandy Accused of Violating the California Invasion of Privacy Act

The California Invasion of Privacy Act (CIPA) was enacted to curb the invasion of privacy resulting from use of certain technologies that pose “a serious threat to the free exercise of personal liberties.” The statute applies to the unlawful use of trap & trace software by companies doing business in California and imposes civil liability against businesses that use trap and trace software without first obtaining either direct permission from website visitors or legal permission from a judge via a court order.

According to the class action recently filed against Skullcandy in California court, the company’s trap and trace software begins to collect personal information the moment a user lands on the Skullcandy website. This is done despite the fact that the site features a “cookie banner” which ostensibly would prohibit Skullcandy from gathering customer data until the customer signs off on it. Instead, website visitor data has already been sent to TikTok before the visitor even has a chance to consent.

The personal information gathered by the TikTok trap & trace software includes the following:

  • Device and browser information.
  • Geographic information.
  • Referral tracking.
  • URL tracking.
  • Images of products the user is interested in.

You May Be Eligible to Join the California Trap & Trace Class Action Against Skullcandy

It is a major breach of trust, and violation of California consumer protection law, for a company to use trap and trace software to obtain a website visitor’s phone number or other identifying information. The class action lawsuit recently filed against Skullcandy alleges that the headphone company is collaborating with the Chinese government to obtain personal information from website visitors. Further, the lawsuit alleges that the company is doing this without informing site visitors.

A California resident who visited the Skullcandy website may be eligible to join the class action lawsuit and obtain monetary damages. That’s because California has tough consumer protection laws, and the statutory penalties for violations of Section 638.51 of the California Penal Code in particular are severe. Companies that unlawfully use a trap and trace device can be punished with a statutory penalty of $2,500 for each violation of the law.

Did You Visit the Skullcandy Website? Contact a Los Angeles Consumer Protection Lawyer

If you visited the Skullcandy website, it is possible that your confidential information was unlawfully collected and shared with third parties. The Los Angeles consumer protection attorneys at Tauler Smith LLP are representing plaintiffs in a class action against Skullcandy. Call 310-590-3927 or email us.

C2 Education Trap and Trace Class Action

Trap and Trace Class Action Against C2 Education

C2 Education Trap and Trace Class Action

One of the country’s largest tutoring companies has been accused of invading the privacy of customers. The California consumer protection attorneys at Tauler Smith LLP recently filed a trap and trace class action against C2 Education for collaborating with TikTok, the popular but controversial social media platform, by installing a trap & trace device on its website as a means to collect data from consumers. According to the lawsuit, C2 Education has installed a code on their website that automatically sends user details to TikTok. Additionally, the TikTok de-anonymization software secretly installed on the tutoring website makes it possible for the educational services provider to identify site users by using electronic impulses generated from site visitors’ devices. All of these alleged acts constitute clear violations of California’s strong digital privacy laws, which is why the tutoring company now faces a consumer class action lawsuit in federal court.

For additional information about the class action filed against C2 Educational Systems Inc., keep reading this blog.

What Is the Legal Definition of a “Trap and Trace Device”?

The California Trap and Trace law is codified in Section 638.51 of the California Invasion of Privacy Act (CIPA), which specifically limits how companies can use trap & trace devices to gather information about website visitors. Section 638.50(c) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” As set forth by the statute, a company must first get a court order before installing a trap and trace device on a website.

Violations of § 638.50(c), or any other part of the California Invasion of Privacy Act (CIPA), could result in the offender being civilly liable for monetary damages.

Class Action Lawsuit: C2 Education Collected Personal Data of Website Visitors

C2 Education markets itself as the nation’s preeminent tutoring, test prep, and college admissions counseling provider. C2 Education provides online tutoring programs for K-12 students, including standardized test preparations, school subjects tutoring, college admission counseling, and education boot camps. The tutoring company serves more than 25,000 students across the country every year, with services offered both online at the C2 Education website and at brick-and-mortar locations throughout the United States, including California.

As part of its marketing regime, C2 Education has partnered with social media app TikTok to install sophisticated software on the tutoring website’s landing page. This software allegedly allows C2 Education to gain access to very personal information about consumers who happen to land on the site, including the individual’s location, source, and identity.

Is C2 Education Using TikTok to Unlawfully Share Customer Data?

The TikTok de-anonymization software allegedly used by C2 Education is designed for the sole purpose of identifying and capturing the source of incoming electronic impulses, which makes it possible to identify dialing, routing, addressing, and signaling information generated by users of the C2 Education website. Significantly, this software is deployed without consumers’ knowledge or consent.

According to the recent lawsuit filed in U.S. district court, visitors to the C2 Education website are not informed that the site is capturing their personal identifying information. The class action suit also alleges that site visitors are not informed that the company is collaborating with the Chinese government. That’s because C2 Education did not obtain consumers’ express or implied consent to be subject to data sharing with Chinese-owned TikTok for the purposes of fingerprinting and de-anonymization.

“Fingerprinting” Technology

The TikTok software allegedly used by C2 Education collects consumer data via a process known as “fingerprinting.” This means that the software gathers and stores as much data as it can about an otherwise anonymous visitor to the website and then matches it with data that TikTok has already acquired and accumulated about hundreds of millions of Americans who use the social media app.

“Advanced Matching” Technology

The TikTok software, which uses “AutoAdvanced Matching” technology, scans the C2 Education website by running code or “scripts.” When the site user provides personal information – such as name, date of birth, or mailing address – the details are sent simultaneously to TikTok so that the social media provider can isolate with certainty the individual to be targeted.

Tutoring Company Sued for Violating California’s Trap and Trace Law

The invasive TikTok software allegedly runs on every page of C2 Education’s website, making it impossible for site visitors to avoid having their data collected. This means that every time a user clicks on a page, the site instantly sends the communications to TikTok. The social media company then adds the data to their massive collection of user behavior and, in turn, assists C2 Education with targeted marketing while keeping a trove of information for itself. These disturbing acts prompted Los Angeles consumer protection law firm Tauler Smith LLP to file a class action lawsuit against C2 Education in the United States District Court for the Central District of California.

C2 Education’s alleged installation of the TikTok tracing software is a violation of California’s Trap and Trace Law, which is codified as California Penal Code Section 638.51. This is part of the California Invasion of Privacy Act (CIPA), which imposes civil liability and significant statutory penalties against companies that install trap and trace software without either user permission or a court order.

Statutory Penalties

The class action lawsuit against C2 Education seeks multiple forms of relief for plaintiffs, including the following:

  • A court order enjoining C2 Education from continuing its alleged unlawful conduct, as well as an order to disgorge any data already collected through use of the TikTok software.
  • Statutory damages provided by the CIPA, which may include fines of up to $2,500 for each violation of the statute.

C2 Education Case Sets Precedent for Trap & Trace Software Claims in California

The class action complaint against C2 Education may have already set a new legal precedent for trap & trace class actions in California. In a pre-trial ruling on a motion to dismiss the complaint, the U.S. District Court effectively said that software installed on a website can violate California’s Trap and Trace Law. Moreover, since this was a federal court ruling, it is likely that California state courts will also recognize trap & trace claims based on website privacy violations.

Did You Visit the C2 Education Website? Contact a California Consumer Protection Attorney Today

Did you visit the C2 Education website? If you filled out any online forms or provided any personal information to the tutoring company, you may be eligible to join a class action lawsuit to obtain monetary damages. The California consumer fraud attorneys at Tauler Smith LLP are representing plaintiffs who were victims of consumer privacy violations by C2 Education. To learn more, call 310-590-3927 or email us today.

Smashbox Trap and Trace Class Action

Trap and Trace Class Action Against Smashbox Cosmetics

Smashbox Trap and Trace Class Action

Tauler Smith LLP recently filed a trap and trace class action against Smashbox Cosmetics, and now the legal action is getting significant press coverage. A recent Law.com article on the Smashbox lawsuit details how the makeup company has been accused of using TikTok’s “trap and trace” software to help the social media platform unlawfully collect and store the confidential information of website visitors. According to the Los Angeles consumer protection lawyers who filed the lawsuit, Smashbox failed to obtain consent from consumers before acquiring their data via a process known as “fingerprinting.” Now, Smashbox has been sued in a California superior court.

Are you a California resident who visited the Smashbox website? To learn whether you might qualify to join the class action suit as a plaintiff, contact us today.

Smashbox Beauty Cosmetics Accused of Using Unlawful Fingerprinting Software

Smashbox Beauty Cosmetics is a cosmetics company that sells primers, foundations, lipsticks, and other types of makeup to consumers both online and in retail stores. The class action lawsuit, which was recently filed in Los Angeles County Superior Court, alleges that Smashbox runs “advanced matching” on its website to scan the site “for recognizable form fields containing phone numbers, email addresses, and other identifying information about customers.”

More specifically, the makeup company is accused of helping TikTok use fingerprinting software to match data from otherwise-anonymous website visitors to existing data that has already been stored by the social media platform. The TikTok app then gathers device and browser information, geographic information, referral tracking, and URL tracking. According to the lawsuit, this is done without users’ consent.

Selling Consumer Data to TikTok?

Smashbox allegedly benefits from the fingerprinting data because TikTok is then able to provide targeted advertisements on the website. Moreover, it is believed by the plaintiffs that Smashbox may be selling this consumer information to other third parties for similar purposes. Depending on the type of information provided on website forms, this could include things like age, gender, race, and even more intimate details about users.

Lead plaintiffs’ attorney Robert Tauler criticized Smashbox for allegedly collaborating with TikTok to collect and share sensitive information about consumers who visit the company’s website. According to Tauler, there are no safeguards in place to protect this information: “TikTok keeps this data for reasons that our leaders believe pose a threat to ordinary citizens.” The dangers of giving Chinese-owned TikTok access to confidential information about Americans have been highlighted in recent months by the National Security Agency (NSA), which has called the social media company “a platform for surveillance”.

CIPA Consumer Privacy Complaint Filed Against Smashbox

A class action complaint has been filed against Smashbox for alleged violations of the California Trap and Trace Law. That law is contained in California Penal Code § 638.51, which is part of the California Invasion of Privacy Act (CIPA).

Los Angeles consumer fraud attorney Robert Tauler, who brought the digital privacy class action on behalf of the plaintiffs, believes that this legal action will send an important message to companies like Smashbox allegedly helping third parties like TikTok collect consumer data without permission. Tauler said that “Smashbox should consider the negative impact their secret and immoral data collection practices are having on society instead of just trying to acquire young customers at any cost.”

Join the Trap & Trace Class Action Lawsuit Against Smashbox

The California Invasion of Privacy Act (CIPA) gives consumer privacy victims the right to sue for financial compensation. In fact, other CIPA complaints alleging trap & trace violations allow for multiple forms of damages to be awarded to successful plaintiffs.

The lawsuit against Smashbox Beauty Cosmetics requests different types of financial compensation for qualifying plaintiffs:

  • Statutory damages pursuant to the California Invasion of Privacy Act (CIPA).
  • Punitive damages to ensure that Smashbox refrains from using trap and trace software in the future.
  • Attorney’s fees and other costs.

Additionally, the consumer privacy class action lawsuit against Smashbox seeks a court order enjoining the company from acquiring and sharing consumer data, as well as an order requiring the company to disgorge all data acquired through the TikTok software.

Did You Visit the Smashbox Website? Contact a California Consumer Protection Attorney Today

If you visited the Smashbox Beauty Cosmetics website and/or filled out any forms on the site, your confidential information may have been unlawfully collected. The Los Angeles consumer protection lawyers at Tauler Smith LLP are currently representing plaintiffs in a class action lawsuit against Smashbox. Call 310-590-3927 or send an email for more information.

Pen Registers

What Are Pen Registers?

Pen Registers

A number of recent lawsuits have been filed based on something known as “the pen register theory.” But what are pen registers? One of the surveillance tools commonly used by law enforcement to spy on suspects is the pen register, which allows police to capture phone numbers that were dialed on outgoing calls. Increasingly, these devices are being used by businesses to reveal the content of communications on websites, which poses a very real privacy concern for consumers. Worse yet, many companies with websites are now collaborating with TikTok to identify people who may wish to remain anonymous – exposing confidential information about consumers to third parties without authorization. The good news is that California law protects consumers against invasion of privacy by companies utilizing pen registers and other tracking devices.

To learn more about pen registers and how you can stop companies from using them to unlawfully collect your data, keep reading.

What Is the Definition of a Pen Register?

Both federal and California statutes have defined pen registers in the context of surveillance, especially as it relates to surveillance by law enforcement or other government actors. Recently, the term has been defined in other contexts, including when the devices are used by companies that operate websites targeting consumers.

Generally speaking, a pen register is a device that records any phone numbers that have been dialed from a particular telephone line. In legal cases involving allegations of privacy violations by companies using pen registers, courts have defined a pen register broadly so that it includes programs and software that monitors internet communications.

Differences Between Pen Registers and Trap & Trace Devices

Pen registers differ from trap and trace devices in a significant way: pen registers show the phone numbers that have been dialed by a particular phone, while trap and trace devices show the phone numbers that have called a particular phone. Another way to think of the difference is that pen registers capture data from outgoing communications, and trap and trace devices capture data from incoming communications that identify the originating phone number or geolocation.

Whether the privacy violation involves a pen register or a trap and trace device, the basis for a lawsuit typically remains the same: if a website owner fails to obtain affirmative consent from a site visitor prior to the use of tracking software, it may be a serious violation of California’s consumer fraud and consumer privacy laws such as the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA).

Invasion of Privacy Concerns Raised by Use of Pen Registers and Trap & Trace Devices

The use of pen registers to monitor customers raises concerns about invasion of privacy. Similarly, data sharing via tracking and tracing software can impose significant dangers on web users. For example, one of the major fears with automatic tracking software is that user activity will be tracked across every page on the website, regardless of how private the information might be. This means that highly personal information could be compromised, particularly if a website user is filling out forms on the site.

Pen Register Lawsuits & Trap and Trace Lawsuits in California

The California Invasion of Privacy Act (CIPA) can serve as the basis for a consumer protection lawsuit, particularly when the plaintiff is alleging a digital privacy violation. For a while, the main CIPA claim filed in California courtrooms involved wiretapping lawsuits against companies that violated the privacy rights of website visitors. That’s because this type of unauthorized data collection violated Section 631(a) of the CIPA, which explicitly prohibits third parties from illegal wiretapping or eavesdropping on communications. Recently, however, a lot of CIPA class action lawsuits are being based on either the pen register theory or the trap and trace theory.

When website owners gather data from site visitors without first getting consent, it may constitute a violation of California’s strict privacy laws – specifically Section 638.51 of the California Invasion of Privacy Act (CIPA). This has led to a new wave of CIPA litigation in California courtrooms that involves both pen register claims and trap and trace claims. Many companies that do business in California are now facing class action lawsuits because of the way they use certain analytic tools on their websites. The statutory penalties for violations of the CIPA have proven costly for companies that don’t follow the law – and they have given potential plaintiffs ample reason to talk to a consumer protection attorney about their legal options.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Too many companies in California and elsewhere in the United States are invading the privacy of customers who visit their websites, which in many instances involves data breaches and even the unauthorized sharing of personal data. The California consumer protection lawyers at Tauler Smith LLP represent plaintiffs in class actions and individual lawsuits. We have experience with trap & trace lawsuits and pen register lawsuits. Call us or email us to schedule a free consultation.

Law.com Article on Smashbox Lawsuit

Law.com Article on Smashbox Class Action Lawsuit

Law.com Article on Smashbox Lawsuit

California’s strong digital privacy laws, like the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA), have become a popular basis for civil suits filed in state courtrooms. A recent Law.com article on the Smashbox class action lawsuit details how the cosmetics company allegedly used trap and trace devices to help social media company TikTok collect and store confidential information from website visitors. According to attorneys for the plaintiff, the data was acquired automatically as soon as individuals landed on the website: they never even had an opportunity to provide consent.

You can read the Law.com article on the Smashbox lawsuit here.

Smashbox Beauty Cosmetics Accused of Using Trap and Trace Devices on Website

The Law.com article on the recent trap & trace class action provides important details about the allegations against Smashbox:

“I personally think it is a shame that Smashbox would share intimate details of a young person’s life, including their skin color, with TikTok. TikTok keeps this data for reasons that our leaders believe pose a threat to ordinary citizens,” said the plaintiff’s attorney, Robert Tauler of Tauler Smith. “Smashbox should consider the negative impact their secret and immoral data collection practices are having on society instead of just trying to acquire young customers at any cost.”

Smashbox Beauty Cosmetics is accused of using TikTok’s “trap and trace” software to collect and store website visitors’ private identifying information, allegedly using “fingerprinting” software to collect and store user data without their consent.

“The TikTok Software installed and activated by Defendant captures data and sends it to TikTok’s servers so that TikTok can reconstruct the user’s identity. As part of this arrangement, Defendant has the ability to use some of the data to run an advertising campaign on TikTok to market its business on social media. The objective for TikTok is to gather as much information about Americans as they can, by any means necessary,” the legal complaint alleges. “In this regard, TikTok has recently been identified as ‘a platform for surveillance’ by the director of the National Security Agency.”

Lawsuit: Smashbox Tracking Customer Data Automatically Without Consent

Companies like Smashbox are allegedly coding the software used on their websites to track a user’s identity and personal information, including things like geolocation data, search terms, and payment methods. Customer activity on the websites is being tracked automatically: as soon as a person visits the site, their actions are monitored regardless of whether they actually consented to the monitoring. Moreover, the confidential customer information acquired by Smashbox and other companies on their websites may later be sold to third parties for the purpose of targeted advertisements.

Call the California Consumer Protection Lawyers at Tauler Smith LLP

Tauler Smith LLP routinely represents plaintiffs in cases involving consumer fraud and invasion of privacy, including allegations against companies that have violated the California Trap and Trace Law. To find out if you are eligible to join the class action against Smashbox Beauty Cosmetics, call or email us today.

Pen Registers vs. Trap and Trace Devices

Pen Registers vs. Trap and Trace Devices

Pen Registers vs. Trap and Trace Devices

Invasion of privacy has become a major concern for consumers who frequent websites and make purchases online. That’s because many companies are now using pen registers and trap devices, which may include website cookies, web beacons, script, software code, and other types of software to track user data. While both federal and California law provide strong protections for consumers in these situations, pen registers vs. trap and trace devices is still a distinction that needs to be understood before speaking to a consumer fraud lawyer. What exactly is the difference between a pen register and a trap & trace device? And what legal recourse do you have when a company uses one of these tracking tools to monitor your online activity?

To learn more about the differences between pen registers and trap & trace devices, keep reading this blog.

What Is a Pen Register?

Long before the invention of the internet, pen registers were being used by law enforcement as a crime-fighting tool. A pen register is a physical device that gives government actors the ability to track outgoing phone numbers that have been dialed from a telephone line. If the police suspect illegal activity, they may obtain a court order that allows them to secretly install a pen register on the phone line.

Importantly, courts have ruled that the laws regulating the use of pen registers also extend to online communications. The California Invasion of Privacy Act (CIPA) defines a pen register as “a device or process that records or decodes dialing, routing, addressing or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted.” The types of information commonly collected by pen registers includes phone numbers, email addresses, and internet data such as IP addresses. A pen register does not identify the contents of a communication, which is its main difference from a trap and trace device.

Pen Register Lawsuits in California

Law enforcement has historically used pen traps to record both outgoing and incoming telephone numbers after obtaining a phone-tapping warrant. After the passage of the Patriot Act in 2001, police were able to use the same warrants to monitor Internet communications. Eventually, California lawmakers responded to the increasingly broad government monitoring of American citizens by updating the definition of consumer communications in the California Invasion of Privacy Act (CIPA). This has now prompted many consumers to bring pen register lawsuits against companies that use software to identify website visitors and acquire their personal data.

When a company’s website utilizes certain tools to track interactions and communications with site visitors, it may be a violation of the CIPA. This is especially likely when a website visitor has a reasonable expectation of privacy. As a result, California courtrooms have seen a surge in class action lawsuits filed under a relatively new legal theory: pen register claims and trap and trace claims, both based on the CIPA.

Penalties for Pen Register Violations

When a company uses website session replay software or chatbot features without the consent of site visitors, it may be considered a violation of both federal and California digital privacy laws.

Federal Pen Register Law

Federal law originally addressed pen registers in the Electronic Communications Privacy Act. The statute was later addressed by the USA PATRIOT Act, which was passed in 2001 in response to the September 11 attacks.

California Pen Register Law

California law addresses pen registers in the California Invasion of Privacy Act (CIPA), which imposes statutory penalties of $2,500 for each pen register violation.

Wiretapping Claims vs. Pen Register Claims

California’s consumer privacy laws prohibit companies from recording, transcribing, or otherwise surveilling communications without permission. This is unlawful whether the surveillance involves phones or websites. In the context of websites, wiretapping may involve secretly recording chats that were supposed to remain confidential, or it may involve data acquisition from forms that were filled out by site visitors. The California Invasion of Privacy (CIPA) gives consumers the right to file civil suits when their online conversations have been illegally wiretapped.

Although CIPA wiretapping claims and CIPA pen register claims are similar, there are a few key differences. For instance, a plaintiff bringing a wiretapping claim must show that there was no consent for the monitoring and that their communications were actually captured by the website. By contrast, a plaintiff bringing a pen register claim merely needs to show that the pen register was utilized without either consent or a court order.

What Is the Difference Between Pen Registers and Trap & Trace Devices?

One of the reasons that legal statutes often refer to both pen registers and trap and trace devices in the same sections is that many internet monitoring programs can be utilized to record both incoming and outgoing calls.

Whether the customer information is acquired via pen registers or trap and trace devices, the end result is a serious invasion of customer privacy. The businesses that violate the California Trap and Trace Law often help third parties acquire as much information as possible about website visitors so that the data can then be monetized and sold. That’s why these companies will go to such great lengths to obtain, collect, and organize large pools of data from website visitors without their knowledge or consent.

Talk to a California Consumer Protection Lawyer Today

Tauler Smith LLP is a Los Angeles law firm that represents consumers in both individual lawsuits and class actions across California. Our knowledgeable consumer protection lawyers know how to win pen register lawsuits and trap & trace lawsuits because we have experience with invasion of privacy cases. We will hold website operators accountable for using unauthorized tracking devices on their websites.

Call 310-590-3927 or send an email for a free consultation.