Posts

Arlo Home Security Invasion of Privacy

Arlo Home Security System Sued for Invasion of Privacy

/in /by

Arlo Home Security Invasion of Privacy

Arlo Home Security System is being sued for invasion of privacy. The consumer protection attorneys at Tauler Smith LLP recently filed the lawsuit on behalf of a California resident who used the company’s website: www.arlo.com/. Specifically, Arlo is accused of engaging in the unauthorized collection, storage, and sharing of the personal information of its customers. Arlo has also been accused of allowing a third-party company to secretly intercept and monitor the online chat conversations of website visitors without their knowledge or consent. Arlo’s actions are alleged as clear violations of the California Invasion of Privacy Act (CIPA), which explicitly prohibits companies from engaging in behavior that violates certain privacy rights of customers.

We believe Arlo could be potentially violating other privacy rights of consumers based on our preliminary investigation. Keep reading this blog for more information.

Arlo Technologies Fails to Protect the Privacy Rights of Customers

Arlo is a home security company that sells doorbells and security cameras with wireless connections. Arlo Technologies, Inc. is the parent company that manufactures the wireless surveillance cameras and smart home security systems being marketed to consumers for both residential and small business use. Customers are able to use the Arlo.com website to purchase products, monitor their home security systems, and communicate with the company.

Arlo primarily manufactures and sells home security cameras, which means that it is absolutely imperative that the company complies with all applicable federal and California state laws and regulations concerning data privacy. Moreover, the nature of Arlo’s business of selling security cameras and recording devices means that the personal information being collected from customers is likely to be extremely sensitive. When Arlo fails to protect the privacy rights of customers, it exposes them to significant risks not just because the information shared typically goes beyond basic record information to include personally identifiable details, but also because users are able to transmit video files over the internet that make them vulnerable to serious abuses of their privacy.

Privacy Lawsuit Filed Against Arlo Home Security System in Los Angeles County Superior Court

The plaintiff in the current lawsuit against Arlo alleges that Arlo unlawfully collected data using a third-party service on its website. The lead attorney for the plaintiff is Betsy Tauler, a consumer protection attorney who focuses on privacy law. Tauler filed the lawsuit in the Los Angeles County Superior Court.

Arlo’s Chatbox:

A major issue has been raised about the digital privacy of consumers who use Arlo’s website and share their private information. When the plaintiff in this case browsed the site, the complaint alleges, she interacted with a chatbox function that used a third party to collect information about her without her consent. Additionally, the home security system company allegedly utilizes the third-party chatbox on the website to unlawfully transmit and store user data. Arlo does this by covertly embedding code into its online chat function that sends the chat to a third party who collects data from the chat without the user’s knowledge. This type of commercial surveillance is illegal in California and violates the California Invasion of Privacy Act (CIPA).

Arlo’s Privacy Policy:

Arlo has been accused of collecting data from many website visitors without providing any disclosures about how their private information is being used. Although the Arlo website has a privacy policy, the policy is easy to miss because it is not prominently displayed on the home page. In fact, the policy is buried deep within the website, making it difficult for users to read and understand its terms before they provide personal information when prompted to do so by the website chat bot. The complaint filed in the Los Angeles County Superior Court alleges that Arlo’s failure to make sure that website visitors are aware of the terms of the privacy policy constitutes a deliberate attempt to mislead them.

Arlo Sued for Violations of the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act (CIPA) prohibits companies from wiretapping and eavesdropping on the electronic communications of customers. The statute also specifically requires website operators to conspicuously warn visitors if their conversations are being recorded or if any third parties are eavesdropping on them.

The CIPA applies to conversations transmitted via a “cellular radio telephone” or a “landline telephone.” These categories have been found to include smartphones that enable web browsing, as well as desktop computers and laptop computers that utilize wi-fi. The plaintiff in this case accessed Arlo’s website using a smartphone.

Arlo Home Security System faces a civil suit for violating two sections of the California Invasion of Privacy Act:

  • Section 631
  • Section 632.7

§631 of the CIPA:

Section 631(a) of California’s Penal Code prohibits companies from using any machine, instrument, or contrivance to wiretap a conversation. The statute also forbids companies from reading the contents of any message or communication without the consent of all parties to the communication.

Section 631 applies not just to telephone conversations, but also to internet communications. This means that Arlo’s wiretapping of website chat communications would constitute a clear violation of the CIPA.

Additionally, Arlo allegedly embedded software on its website for the purpose of recording and eavesdropping on customer communications, which is also prohibited because this type of session recording software qualifies as a “machine, instrument, or contrivance” as defined by the statute.

§632.7 of the CIPA:

Arlo has also been accused of violating Section 632.7 of California’s Penal Code by intercepting and intentionally recording customer communications transmitted via telephone. The plaintiff in this case accessed Arlo’s website and used the chat feature with a smartphone, which qualifies as a sophisticated “cellular radio telephone” as defined by the law. Since the statute prohibits companies from recording telephony communications without the consent of all parties, Arlo’s actions would constitute a violation of Section 632.7.

According to the complaint, Arlo’s actions demonstrate that the company is more interested in profiting from its users’ personal information than it is in protecting users’ privacy rights.

Arlo Allegedly Surveils Customers

Arlo allegedly also allows ADA, a third-party company, to eavesdrop on customer conversations. ADA allegedly collects transcripts of these conversations and uses them for financial gain in unregulated dark data markets without any limitations. Additionally, ADA may be exposing Arlo customer data in international data transfers, which could involve foreign countries with different data protection laws.

Arlo allegedly pays substantial sums of money to ADA to embed code into the website chat feature. This is how ADA is able to allegedly intercept the chat communications in real time. The third-party company then eavesdrops on those conversations and stores transcripts. Website visitors have no way of knowing that this is being done. In fact, the complaint alleges that no one who uses the chatbox feature on the Arlo.com website is informed that they are being subjected to unlawful surveillance.

Do You Use Arlo for Home Security? Call the California Consumer Protection Attorneys at Tauler Smith LLP

Anyone within California who uses Arlo and believes they have been unlawfully collecting data may be eligible to file an invasion of privacy lawsuit to recover injunctive relief and statutory damages under the California Invasion of Privacy Act (CIPA) or other consumer protection laws.

The California consumer fraud lawyers at Tauler Smith LLP are representing plaintiffs in a class action lawsuit against Arlo Home Security System. For more information, call 310-590-3927 or send us an email.

Amazon Alexa and Ring Settlements

FTC Settlement: Amazon’s Alexa, Ring Security Cameras, and Privacy Laws

/in /by

Amazon Alexa and Ring Settlements

Amazon recently reached a settlement with the Federal Trade Commission (FTC) and the Department of Justice (DOJ), agreeing to pay $31 million in civil penalties for consumer privacy violations associated with the company’s Alexa voice assistant devices and Ring doorbell cameras. The DOJ alleged that Amazon engaged in a number of unreasonable privacy practices, ultimately resulting in an FTC settlement involving Amazon’s Alexa, Ring security cameras, and privacy laws.

The use of home security cameras and other internet-connected devices to spy on and illegally record customers has triggered several high-profile lawsuits, including a recent invasion of privacy claim against Arlo Home Security System in California. In the Amazon case, the tech behemoth was accused of violating federal laws by using Alexa voice devices and Ring doorbell cameras to unlawfully collect voice and video data, including data from children. The FTC and the DOJ said that Amazon illegally stored voice information, geolocation information, and video recordings without user permission. Moreover, the tech giant allegedly failed to delete kids’ Alexa recordings when those removals were requested by parents. The FTC and the DOJ filed complaints against Amazon in federal court, and now those cases have been settled: Amazon agreed to pay $25 million for its Alexa privacy violations that compromised children’s data and another $6 million for Ring privacy violations that exposed users to surveillance, threats, and harassment.

To learn more about the DOJ and FTC settlements reached with Amazon over the company’s Alexa voice service and home security cameras, keep reading this blog.

Federal Trade Commission Accuses Amazon of Invading Privacy of Alexa Users

The Amazon settlement resolved two separate claims filed against the tech company by the FTC:

  1. A claim that Amazon’s Alexa service was being used in violation of federal child privacy laws.
  2. A claim that the Ring doorbell cameras were being used to illegally spy on customers.

The FTC’s Alexa complaint was filed in the United States District Court for the Western District of Washington, and it alleged that Amazon violated both the Federal Trade Commission Act (FTC Act) and the Children’s Online Privacy Protection Act (COPPA) by deceiving parents about how data collected by the Alexa devices would be utilized. Specifically, the FTC alleged that Amazon unlawfully recorded children’s voices and maintained their geolocation data while telling parents that they could delete voice recordings and other data collected by the Alexa app.

What Is Amazon’s Alexa Service?

Amazon’s Alexa is a cloud-based voice assistant service that is used by millions of Americans. Alexa allows consumers to interact with technology designed to make their lives easier. For example, Alexa can be used to check the weather, learn the latest news developments, perform online searches for information, listen to music and audiobooks, play games, order products from Amazon.com, and stream content on smart TVs. Global sales of Alexa devices have topped more than half a billion, with use of the Alexa voice service increasing every year since it reached the market. This includes more than 800,000 children under the age of 13 who have their own Alexa profiles.

Alexa devices are made by both Amazon and third-party manufacturers, meaning that the technology is available on hundreds of millions of devices. Although Amazon’s marketing of its Alexa service and Echo devices claims that they are “designed to protect users’ privacy,” the fact that the Alexa mobile application is connected to the internet means that the data recorded by the device is accessible online and exposes users to scary breaches of their privacy.

Amazon Violations of the FTC Act

Section 5 of the Federal Trade Commission Act (FTC Act) prohibits companies from engaging in “unfair or deceptive acts or practices in or affecting commerce.” Amazon was accused of committing multiple violations of Section 5 of the FTC Act:

  • Falsely representing that users of the Alexa app could delete their geolocation data upon request.
  • Falsely representing that Alexa users could delete voice recordings, including voice recordings of their children.
  • Unfair privacy practices that caused substantial injury to users of the Alexa service.

Amazon Violations of the Children’s Online Privacy Protection Act (COPPA)

The Children’s Online Privacy Protection Act (COPPA) is a federal law that was passed by Congress in 1998, and it was intended to strengthen general privacy laws with specific protections for minors under the age of 13 who use the internet. The impetus for COPPA was a rise in websites that were secretly collecting the personal data of children. The COPPA Rule is codified in Section 1303(b) of COPPA, 15 U.S.C. § 6502(b), and Section 553 of the Administrative Procedure Act, 5 U.S.C. § 553. The COPPA Rule imposes strict requirements on the operators of commercial websites that target children: these websites must notify parents about the information collected. COPPA also requires website operators to give parents the option to delete their kids’ information at any time.

Although Amazon specifically promised Alexa users in a “Children’s Privacy Disclosure” that the company would delete their data upon request, the FTC alleged that Amazon continued to maintain children’s data long after such requests had been made. FTC consumer protection chief Samuel Levine observed that COPPA explicitly forbids companies “from keeping children’s data forever.”

Moreover, even in those instances when Amazon did erase the data, they reportedly retained written transcripts of the children’s recordings in a database that was accessible by employees. Amazon did not disclose to parents that the company was keeping the written transcripts and continuing to access them. FTC Commissioner Alvaro Bedoya said that Amazon deceived parents about its data deletion practices by failing to comply with parental requests to erase children’s voice data collected by Alexa. This was a violation of federal laws meant to protect children against online threats and privacy invasions.

Amazon tried to justify its actions by saying that it kept children’s voice information to improve the company’s voice recognition algorithm, to help the company better respond to voice commands, and to give parents enough time to review the information. According to Amazon, the algorithm is a form of artificial intelligence (AI) that learns and gains capabilities as it acquires more information. Artificial intelligence has become extremely controversial as an increasing number of tech companies have started to introduce AI products and applications into the marketplace. This is one reason that it was so important for the FTC to send a strong message to Amazon and others that using AI and other technologies to invade customer privacy will not be tolerated by the government. The Amazon Alexa settlement will bar the company from using children’s data to train the company’s algorithms.

Amazon Settles FTC Case Alleging Alexa Consumer Privacy Invasions

Samuel Levine, the FTC consumer protection chief, commented on the Amazon Alexa settlement and highlighted “Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and flouting parents’ deletion requests.” All of these actions violated the Child Online Privacy Protection Act (COPPA) and “sacrificed privacy for profits.”

The Alexa settlement with the FTC includes a number of provisions:

  • Amazon must pay a $25 million civil penalty.
  • Amazon can no longer use children’s geolocation data or voice information for the purpose of creating or improving company products.
  • Amazon must delete any inactive Alexa accounts belonging to children.
  • Amazon must notify all users about the FTC action against the company, as well as the settlement.
  • Amazon is prohibited from misrepresenting its privacy policies in the future, especially as they pertain to geolocation data, voice recordings, and children’s voice information.
  • Amazon must create and strictly enforce a privacy program related to geolocation data.

As part of the Amazon Alexa settlement, the company will have to implement privacy safeguards for child users. The company will also have to make significant changes to the way it stores Alexa data: there will be a requirement that Amazon delete certain information right away so that underage children won’t have their information exposed. Amazon has also agreed to delete child accounts that are inactive, as well as voice data and geolocation data from active accounts.

In the wake of the Alexa settlement, FTC Commissioner Alvaro Bedoya warned companies “sprinting to do the same” thing as Amazon that they should think twice, especially if their products will be used by kids. Bedoya, who has two children of his own, said that “nothing is more visceral to a parent than the sound of their child’s voice.”

Department of Justice Files Complaint Against Amazon for Invading Privacy of Ring Home Security Camera Users

The Federal Trade Commission (FTC) doesn’t just protect children’s privacy; the agency is committed to protecting the privacy of all consumers. That’s why the FTC and the Department of Justice (DOJ) brought a second case against Amazon alleging that the tech giant violated federal law by allowing employees and contractors to access Ring doorbell cameras used by customers, with the access leading to illegal surveillance of the customers. Additionally, the FTC said that Ring did not take sufficient actions to stop hackers from accessing customer cameras.

Amazon Subsidiary Company Ring Sells Home Security Cameras

Ring is a subsidiary company of Amazon that primarily sells home security cameras, doorbells, and other accessories that are connected to the internet. Amazon has sold more than one million indoor cameras to customers in the United States and internationally. These cameras are typically used on the exterior entryways of a home, but they can also be used as indoor cameras to monitor private spaces such as bedrooms and bathrooms. It is these indoor cameras that were frequently targeted by Ring employees and hackers looking to spy on customers, with nearly 40% of all Ring devices that were compromised being either Stick Up Cams or Indoor Cams marketed primarily for indoor use.

Amazon bought Ring in 2018 for roughly $1 billion. Although most of the alleged privacy violations happened before Amazon acquired Ring, the parent company is still liable for any violations of federal law. Ring security cameras are marketed by Amazon as affordable cameras that can be attached to houses or, more commonly, to doors so that users can monitor entry into their homes. But while customers believed that they were securing their homes by using Ring cameras, they were actually exposing their homes to nefarious actors – many of whom were employed by Amazon.

DOJ Complaint Against Amazon for Ring Doorbell Cameras

The Justice Department filed its Ring complaint on behalf of the Federal Trade Commission (FTC) in the U.S. District Court for the District of Columbia. The complaint alleged that Amazon violated Section 5 of the FTC Act in connection with the company’s Ring cameras.

Ring Security Cameras Illegally Accessed by Company Employees

According to the DOJ complaint, Ring home security cameras were accessed by company workers who subsequently spied on and harassed customers. In fact, the workers who gained access to the devices were also able to communicate directly with customers and threaten them. There were documented instances of female customers being cursed at in their bedrooms, children being subjected to racist slurs, and a number of Ring customers receiving death threats. These same individuals harassing and terrorizing Ring customers also used the cameras to set off false alarms and to change home security settings.

The Ring home security videos were reportedly available to every employee, and this was true for all customer videos over a period of several years. The complaint filed by the Department of Justice in federal court stated that Ring “gave every employee…full access to every customer video.” Beyond allowing unauthorized access, Ring’s lapses when it came to customer security also meant that company employees were able to download customer videos and then share those videos freely with anyone. The videos could be downloaded, saved, and even transferred by both Ring employees and contractors based out of Ukraine.

Ring Employees Spied on Customers

One Ring employee allegedly accessed and viewed thousands of recordings from Ring security videos being used by female customers. According to the FTC, this employee targeted 81 different women who were using the Ring Stick Up Cams. The employee’s criminal actions included focusing searches on Ring cameras with names suggesting that they had been placed in customer bedrooms or bathrooms. The illegal spying reportedly continued for months before Ring took any action at all to stop it.

Another Ring employee was accused of accessing a camera belonging to a female employee and subsequently spying on her by watching video recordings stored on her account.

These privacy beaches continued for months and, in many cases, years before Ring finally took action to limit what the FTC called “dangerously overbroad access” and impose any kind of technical or procedural restrictions on employees who were trying to access customers’ home security videos. Additionally, the FTC complaint stated that Ring did not obtain consent for human review of video recordings, and that the company “buried information in its Terms of Service and Privacy Policy.” This meant that consumers had no way of knowing that Ring employees had access to their stored videos.

Ring Exposed Consumers to Cyberattacks by Hackers

Ring also had insufficient security measures to protect customer information against hacking, which led to some customer accounts being compromised via credential stuffing and brute force attacks. The FTC alleged that the doorbell company’s failure to fix “bugs in the system” allowed hackers to access customer cameras and, in some cases, to harass and frighten customers. This stemmed from “system vulnerabilities,” which Ring failed to repair despite knowing that the problems existed.

During one cyberattack committed against Ring, more than 55,000 U.S. customers had their Ring accounts compromised. Nearly 1,000 of these customer accounts had their stored videos unlawfully accessed, which included viewing, downloading, and sharing of recordings, livestream videos, and customer profiles.

Amazon Settles Ring Consumer Privacy Complaint

The Ring settlement with the DOJ and the FTC requires Amazon to pay $5.8 million. That money will be used to issue refunds to Ring customers who were affected by any privacy violations and data breaches. The settlement also requires Amazon to delete Ring data that had been stored since before Amazon acquired the company. Amazon must also implement new privacy and security measures to ensure that consumer data is not exposed or compromised, including multi-factor authentication before access is granted to customer accounts.

Both the Alexa settlement and the Ring settlement will need to be approved by federal judges before they take effect.

California Laws Protecting Consumers Against Invasion of Privacy: CIPA, CCPA, CLRA, and UCL

California’s consumer protection laws are among the strongest in the country, with the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), the Consumers Legal Remedies Act (CLRA), and the California Unfair Competition Law (UCL) providing robust protections against invasion of privacy, false advertising, and consumer fraud that go even further than federal laws like the FTC Act and COPPA. For example, companies that do business in California are not allowed to expose or share the sensitive personal information that you disclose when you use their products, services, or websites.

California’s digital privacy and consumer protection laws also explicitly prohibit companies from illegal wiretapping on websites, unauthorized recording of online chats, sharing the personal data of customers, false advertising that misleads consumers, and other deceptive business practices.

Contact the California Consumer Protection Attorneys at Tauler Smith LLP

Did you purchase or use a home security camera, doorbell camera, Alexa device, or any other internet-connected device? If so, your privacy may have been invaded in violation of both federal and California state laws. The experienced Los Angeles consumer protection lawyers at Tauler Smith LLP can help you file a civil suit for invasion of privacy and get financial compensation. Call 310-590-3927 or email us today.

Goodyear Tires Wiretapping Lawsuit

Goodyear Tires Wiretapping Lawsuit to Proceed

/in /by

Goodyear Tires Wiretapping Lawsuit

In a highly anticipated ruling, a federal judge in California recently denied Goodyear’s motion to dismiss wiretapping claims based on their use of third-party chat applications hosted on their website. This ruling allows the Goodyear Tires wiretapping lawsuit to proceed. The complaint alleges that when users visit www.goodyear.com/ and use the website chat feature, they share personal data in communications that are unlawfully recorded and transcribed. The plaintiff alleged that Goodyear was allowing a third-party company to intercept, eavesdrop, and store transcripts of the conversations, which is prohibited by the California Invasion of Privacy Act (CIPA).

Do you live in California? Did you use a chat feature on a commercial website? You may be eligible to file a civil suit for invasion of privacy and get financial compensation. Contact us now.

CIPA Claim: Judge Denies Motion to Dismiss Goodyear Wiretapping Lawsuit

The California Central District Court recently issued a ruling in a case involving allegations that Goodyear Tires violated the California Invasion of Privacy Act (CIPA) by wiretapping user chats on the company’s website. The federal court agreed with the plaintiff that the chat feature violated the CIPA, ruling that the plaintiff contends that Goodyear used a third-party service to “intercept in real time” website visitors’ chat conversations. The court added that the allegation that user messages were unlawfully intercepted “is to be taken as true at this stage of the case.”

In her CIPA claim, the plaintiff alleged that visitors to the Goodyear Tires website share “sensitive personal information” when they use the chat conversation. Significantly, the court ruled that the plaintiff pled sufficient facts for a claim under § 631(a) of the CIPA by showing that chat communications were intercepted, and those communications plausibly contained “more than mere record information” such as her name and address.

Wiretapping of Smartphone Communications

The California Central District Court also addressed the fact that the plaintiff accessed the Goodyear Tires website on her smartphone, which is considered a cellular phone with web capabilities. The federal court noted the precedent set by other courts that have applied § 632.7 of the CIPA to internet-based communications, ruling that the plaintiff has sufficiently alleged that users of Goodyear’s chat feature have a reasonable expectation of privacy because they share highly sensitive personal data.

California Has the Strongest Data Privacy Laws in the Country

California’s consumer protection laws include the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). The CIPA requires companies to get permission before recording any online chats, while the CCPA gives customers the right to prevent companies from sharing their personal data and the CPRA bolsters those digital privacy protections. California’s data privacy laws go even further by placing the onus on companies to make efforts to warn customers if their phone conversations or online chats are being monitored or recorded. In fact, California has some of the strongest such laws in the country. This may be why Goodyear’s terms of use include a forum selection clause requiring claims to be filed in another state: Ohio.

Goodyear Website Terms of Use

The Goodyear Tires website has a “Terms of Use and Privacy Policy” hyperlink at the bottom of the homepage. Site visitors can only see this link by scrolling all the way down on the website. When a user clicks on this link, they are directed to a “Terms, Conditions & Privacy Policy” page that includes another link for Terms of Use. There is no option for the user to click a button acknowledging that they have read the terms of use. Buried deep on this page is a section on “Applicable Laws,” which includes a forum selection clause stating that anyone who uses the Goodyear website automatically consents to litigating any legal disputes in an Ohio courtroom.

Goodyear Forum Selection Clause

In a recent lawsuit filed in California by Los Angeles false advertising attorney Robert Tauler against Goodyear, the tire company attempted to get the case moved to a jurisdiction with less stringent consumer protection laws. Goodyear specifically requested that the venue be changed from the U.S. District Court for the Central District of California to the District Court for the Northern District of Ohio.

Goodyear Tires argued that the plaintiff already agreed to having any legal proceedings handled in Ohio because she used the Goodyear website and automatically consented to the forum selection clause contained in the website’s “Terms of Use.” Robert Tauler responded on behalf of the plaintiff and persuasively argued that it was not possible for the plaintiff to legally consent to the forum selection clause because there was neither actual nor constructive notice of the “Terms of Use.”

The California federal trial court hearing the case ultimately rejected Goodyear’s motion to change venue, which means that the case will be adjudicated in the California Central District Court and decided under California’s very strong invasion of privacy and consumer protection laws. The court gave several reasons for ruling in favor of the consumer-plaintiff and against Goodyear, including contract formation laws which require mutual assent in order for a contract to be binding on both parties.

Are Internet Contracts Legally Enforceable?

The Ninth Circuit Court of Appeals previously identified two categories of internet contracts like the Goodyear terms of use:

  1. Clickwrap Agreements: Site visitors must check a box to confirm that they agree with the website’s terms and conditions of use.
  2. Browsewrap Agreements: Site visitors are able to click on a hyperlink that will take them to a page with the website’s terms and conditions of use.

An important aspect of browsewrap agreements is that it is possible for a site visitor to continue using a website without knowing that the agreement even exists. That’s because browsewrap agreements like the one on the Goodyear Tires website do not require site visitors to take any affirmative action. This creates a legal issue for internet contracts that rely on browsewrap agreements since users might not have an opportunity to assent to the terms of use. Courts have held that such a contract can only be valid if the website user had either actual or constructive notice of the terms and conditions.

Goodyear Browsewrap Agreement

The Goodyear browsewrap agreement does not qualify as a valid, legally binding internet contract because the website terms of use are inconspicuous: the hyperlink can only be seen when the user scrolls to the bottom of the page, and the text does not stand out against the background colors. This does not provide the user with sufficient notice. In Wilson v. Huuuge, Inc., the Ninth Circuit Court of Appeals held that courts should not enforce a similar smartphone app agreement “where the terms are buried at the bottom of the page or tucked away in obscure corners of the website.”

Additionally, there is nothing on the Goodyear Tires website that requires the consumer to click a button, check a box, or take any other action that would unambiguously convey their assent to the terms of use. This also means that site visitors are not provided with constructive notice of the website terms of use which they are supposedly agreeing to abide by.

Class Action Lawsuit Against Goodyear Tires for Violating California’s Wiretapping Law

When you visit a website, you have an expectation that your personal data will be protected and that any conversations you have on the website will remain confidential. The Los Angeles consumer protection attorneys at Tauler Smith LLP help clients file CIPA claims both individually and in class action lawsuits against companies that violate California’s data privacy laws. For example, our attorneys have represented individuals whose data was compromised due to illegal wiretapping and eavesdropping, including chat conversations on company websites.

The CIPA is a criminal statute that subjects companies to criminal penalties, including jail time and substantial fines. Victims can also bring civil lawsuits to recover statutory damages of $5,000 for each illegally recorded conversation. In some cases, it may be possible to recover treble damages, meaning that plaintiffs are eligible for up to three (3) times the total economic damages caused by the invasion of privacy.

Contact the California Consumer Protection Attorneys at Tauler Smith LLP Today

Did you use the chat feature on the Goodyear Tires website? Did you use a chat feature on any other commercial website? If so, your personal data may have been unlawfully recorded without your consent and in violation of both state and federal wiretapping laws. The California consumer protection lawyers at Tauler Smith LLP can help you. Call 310-590-3927 or send an email to learn more and find out if you are eligible to file a CIPA claim.

California Consumer Privacy Act

California Consumer Privacy Act (CCPA)

/in /by

California Consumer Privacy Act

California has some of the strongest consumer privacy laws in the country, and companies that violate those laws could face serious legal repercussions. For example, state residents have a right to privacy under the California Consumer Privacy Act (CCPA). These privacy rights exist when a prospective customer talks to a salesperson or customer service rep on the phone, communicates via an online chat feature, or fills out a form on a website. Anytime a company monitors, records, or uses the data collected in these communications without permission, it may be considered an unlawful invasion of privacy that subjects the offending company to civil penalties. Moreover, consumers whose personal information is exposed in a data breach may be entitled to recover statutory damages, which can total thousands of dollars.

To learn more about the California Consumer Privacy Act, keep reading this blog.

Digital Privacy Concerns for California Consumers

Digital privacy is a major concern in the internet era. Studies show that many Americans are worried about a lack of control over their personal information, particularly the information they share with companies on the internet. For example, a Pew Research Center survey found that approximately 60% of Americans believe that it is simply not possible to go through their daily lives without companies monitoring them and collecting their data. The same survey also showed that more than 80% of U.S. adults are concerned about how companies use the data that is collected.

State laws like the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA) recognize the importance of giving consumers some degree of control over their sensitive personal information. That’s why the CIPA requires companies to disclose when they are wiretapping or recording conversations, and the CCPA allows consumers to opt out of having their data shared by companies.

What Is the California Consumer Privacy Act?

In 2018, state legislators passed the California Consumer Privacy Act (CCPA). This was the very first state privacy law, and it has served as a model for other states looking to strengthen protections for consumer data. The CCPA imposes obligations on businesses that collect customer data, as well as specifically allowing consumers to make demands about how their personal information is used by businesses.

What Consumer Rights Are Protected by the CCPA?

Among the most important consumer rights protected by the California Consumer Privacy Act (CCPA) are:

  • The right for consumers to know exactly what type of personal information is collected by a business, including how that information will be used, shared, or sold by the business.
  • The right to request that any personal information collected by a business be deleted.
  • The right for consumers to submit an “opt-out” request and prevent a business from selling their personal information.
  • The right not to be discriminated against by a business simply for exercising consumer rights under the CCPA. This means that businesses cannot deny you the ability to purchase goods or services or otherwise complete a transaction just because you asked about the personal information they collect.

The CPRA Amended the CCPA to Strengthen Consumer Privacy Rights

The California Privacy Rights Act (CPRA) amended the CCPA to enhance consumer privacy protections and brought the state law more in line with the robust protections provided under international law by the European Union General Data Protection Regulation (GDPR).

The CPRA placed severe restrictions on companies doing business in California, and it also created new consumer rights such as the right to correct any personal data that is inaccurate. Additionally, the CPRA broadened the scope of previous CCPA protections in other ways. For example, the CPRA allows consumers to opt out of the sharing of their personal information with third party advertisers. Under the old consumer privacy law, opting out was only an option with respect to the sale of personal information.

Filing a Civil Lawsuit Under the CCPA

In most cases, the California Consumer Protection Act (CCPA) does not create a private right of action that would allow consumers to file civil suits. But the California Attorney General does have the ability to take action against businesses that violate the CCPA. The possible civil penalties that may be imposed against companies include a fine of $7,500 for each violation of the data privacy law.

Additionally, there is at least one situation where a consumer may be able to bring a civil lawsuit: when the consumer’s personal information is exposed in a security breach because the business failed to follow adequate security procedures. Victims of data theft can file a claim under the CCPA to recover statutory damages of up to $750 for each incident.

Call the Los Angeles Consumer Privacy Lawyers at Tauler Smith LLP

Were you a victim of a data breach by a company that exposed your personal information? You need an experienced Los Angeles consumer protection lawyer who is familiar with the nuances of state privacy laws, including the California Consumer Privacy Act. The Los Angeles consumer privacy attorneys at Tauler Smith LLP are prepared to represent you in a civil suit, and we can help you get financial compensation for any harm you suffered when your privacy rights were infringed.

Call 310-590-3927 or send an email to schedule a free initial consultation about your case.

California Invasion of Privacy Act

California Invasion of Privacy Act (CIPA)

/in /by

California Invasion of Privacy Act

It is quite common these days for businesses to monitor and record phone calls with customers, whether it’s to ensure that orders are accurate, to review employee interactions, or for some other reason. At the same time, new technologies have made it easier than ever to eavesdrop on private communications. Unfortunately, this has resulted in some companies going too far by invading the privacy of customers. The California Invasion of Privacy Act (CIPA) is a state law that makes it illegal for businesses to wiretap consumer communications and record you without your consent. Businesses that violate the CIPA may be subject to both criminal and civil penalties, including a lawsuit filed by any consumers whose conversations were wiretapped or recorded without permission.

To learn more about the California Invasion of Privacy Act, keep reading this blog.

What Is California’s Invasion of Privacy Law?

California has the nation’s strongest consumer protection laws, including the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the California Consumers Legal Remedies Act, and the California Unfair Competition Law (UCL). The CCPA was enacted in 2018 to become the nation’s first state privacy law, and it strengthened protections for customer data collected by businesses online. The CIPA has a longer history, having been passed by the California State Legislature in 1967 for the purpose of more broadly protecting the privacy rights of all state residents, including consumers. Under the CIPA, it is illegal for companies to wiretap or record conversations unless all participants have consented to the recording. This applies to telephone conversations and online communications.

Cell Phones

Although the wiretapping law was initially intended to cover calls on landline phones, the use of cellular phones has been addressed by the statute. Cal. Pen. Code sections 632.5 and 632.6 specifically prohibit the use of a recording device when a call involves a cellular phone, whether it’s two cell phones or one cell phone and one landline phone.

Websites & Session Replay Software

In addition to recording phone conversations, a lot of companies also keep records of their interactions and communications with customers who visit a company website. This becomes problematic – and possibly illegal – when the company uses session replay software to capture visitor interactions with their website. That’s because the use of this type of tracking software may constitute an unlawful intercept of the communication, as defined by California’s wiretap law.

Session replay software allows website operators to monitor how a user interacts with the website. The tool then reproduces a video recording that shows the user’s interactions, including what they typed, where they scrolled, whether they highlighted text, and how long they stayed on certain pages. When companies employ this software, the very fact that a machine is being used to intercept customer communications constitutes a violation of the CIPA.

California Penal Code Section 631: Wiretapping

California Penal Code Section 631 forbids anyone from illegally wiretapping a conversation. The law specifically prohibits the following:

  • Using a machine to connect to a phone line.
  • Trying to read a phone message without the consent of all the parties participating in the conversation.
  • Using any information obtained through a wiretapped conversation.
  • Conspiring with another person to commit a wiretapping offense.

Some states allow a call to be recorded when just one participant is aware of the wiretap and consents to it, even if the person recording the call is the one providing consent. But California is a two-party consent state, which means that everyone involved in the call or chat must agree to it being recorded. If just one party does not provide consent, then recording the conversation constitutes a violation of the CIPA and can result in both criminal and civil penalties.

Out-of-State Businesses

Even if the person who called you or chatted with you was not located in California, you can still bring a lawsuit under the Invasion of Privacy Act as long as you were in the state at the time of the call or chat. That’s because out-of-state businesses must still comply with California laws when communicating with someone who is in the state.

California Penal Code Section 632: Eavesdropping

Section 632 of the California Penal Code addresses the crime of eavesdropping. Many times, a wiretapping case also involves eavesdropping offenses where the offending party both taps a phone line and listens in on the conversation. The main difference between the two is that eavesdropping does not necessarily involve the tapping of a phone line.

The statute defines “eavesdropping” as the use of a hidden electronic device to listen to a confidential communication. Significantly, the law is not limited to phone conversations. When someone intentionally eavesdrops on an in-person conversation, they may be subject to criminal charges and a civil suit for damages. The types of electronic devices that are often used to illegally eavesdrop include telephones, video cameras, surveillance cameras, microphones, and computers. If the device was concealed from one of the parties, it may constitute a violation of California’s eavesdropping laws.

Can You Sue for Invasion of Privacy in California?

Although the California Invasion of Privacy Act is technically a criminal statute, Cal. Pen. Code §637.2 gives victims of wiretapping and eavesdropping the ability to bring a civil suit against the person or company that illegally recorded the conversation. If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages. Additionally, §638.51 gives consumers the ability to file a lawsuit against companies that use trap & trace devices to illegally monitor website visits without consent.

If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages.

How to Prove Invasion of Privacy Under the CIPA

To win your CIPA claim, you will need to prove that the conversation was illegally recorded in the first place. In some cases, this will be obvious because the business will reveal that they are monitoring and recording the call or chat. In other cases, consumers may learn about illegal wiretapping during the discovery process when the defendant is forced to turn over company records.

The other elements of a CIPA claim that you will need to establish at trial include:

  • The defendant intentionally used an electronic device to listen in on and/or record the conversation.
  • You had an expectation that the conversation would not be recorded.
  • You or at least one other person on the call did not consent to having the conversation recorded.
  • You suffered some kind of harm or injury as a result of your privacy rights being violated by the defendant.

The use of a cellular phone can change the burden of proof needed to win a CIPA claim. That’s because courts will typically use a strict liability standard when at least one of the participants on the call was using a cell phone. This means that the context and circumstances of the call won’t matter; the court will automatically presume that there was an expectation of privacy. Additionally, strict liability will apply to the defendant even when they did not realize that the other person on the call was using a cell phone.

What Is the Penalty for Invasion of Privacy?

The criminal penalties for violating the California Invasion of Privacy Act (CIPA) include possible jail time and significant fines. Businesses that violate the CIPA may also be exposed to civil penalties when a consumer files a lawsuit in state court.

Criminal Penalties

The CIPA gives criminal prosecutors wide latitude to charge an offense as either a misdemeanor or a felony, depending on the facts of the case. If a CIPA violation is charged as a misdemeanor, the defendant could be sentenced to one year in jail and ordered to pay up to $2,500 in statutory fines for each violation. If the violation is charged as a felony, the possible jail time could increase to three years. Additionally, anyone convicted of a second wiretapping offense could face more substantial fines.

Civil Penalties

The CIPA lists statutory penalties that may be imposed against companies or individuals who violate the statute. The court can order the defendant to pay $5,000 in statutory damages for each illegally recorded conversation, or three (3) times the actual economic damages you suffered because of the privacy breach. The judge in your case will have the option to choose whichever amount is greater: the statutory damages or the actual damages.

Depending on the circumstances of your case, you might also be able to file a right of publicity lawsuit. That’s because right of publicity claims and invasion of privacy claims often overlap, especially when a business attempts to profit from someone else’s image or likeness without consent.

California Invasion of Privacy Statute of Limitations

It is very important that you take immediate action and speak with a qualified consumer protection attorney as soon as you suspect that a company may have violated your privacy during a communication. That’s because the California Invasion of Privacy Act (CIPA) requires plaintiffs to file a civil suit within one (1) year of the date on which the conversation happened. Failure to bring your case before one year has passed could result in your lawsuit being dismissed.

The statute of limitations period typically begins when the plaintiff knew about the defendant’s illegal wiretapping. But what happens when the plaintiff did not learn about the invasion of privacy violation until later? In these cases, the court usually applies a reasonable person standard, which means that the court will attempt to determine the point at which a reasonable person standing in the shoes of the plaintiff would have known about the unlawful act by the defendant. In other words, should the plaintiff have discovered the privacy violation before the statute of limitations expired?

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If a company invaded your privacy by secretly recording a conversation without your permission, you may be eligible to file a civil suit to recover statutory damages. The first step you should take is to speak with an experienced Los Angeles consumer protection attorney at Tauler Smith LLP. We can help you decide how to best proceed with your case.

Call 310-590-3927 or email us today.