class action lawsuits Archives - Tauler Smith LLP Los Angeles Trial Attorneys

Posts

Trap & Trace Claim Against Rad Power Bikes

May 29, 2025/in Consumer Protection /by taulersmith

Tauler Smith LLP secured a major courtroom win in a California trap & trace claim against Rad Power Bikes. The plaintiff, a California consumer, filed a class action lawsuit alleging that the e-bike company utilized TikTok tracking code on its website to deanonymize users by trapping and tracing their personal information. The digital privacy case is being heard in the U.S. District Court for the Central District of California, which recently ruled on a pre-trial motion filed by the Defendant. The federal court denied the motion to dismiss, which means that the case could move forward to trial. Significantly, the court found that the plaintiff “plausibly alleged” that the TikTok software embedded on the Rad Power Bikes website can qualify as a trap and trace device under the California Invasion of Privacy Act (CIPA).

To learn more about the invasion of privacy lawsuit against Rad Power Bikes, keep reading this blog.

Rad Power Bikes Accused of Using TikTok Software to Collect Personal Data from Website Visitors

Rad Power Bikes Inc. is an electric bicycle company that operates in the United States. The company sells e-bikes that typically use rechargeable batteries to generate power and travel at higher speeds than normal bicycles. Rad Power Bikes sells its bicycles and related accessories primarily at retail showrooms and on the company’s website at radpowerbikes.com.

According to the civil suit in the California Central District Court, the TikTok software on the Rad Power Bikes website instantly collects visitors’ personal data, including device information, browser information, and geographic location. This information is then sent back to TikTok, which allegedly matches the new data to existing data that the social media app already has on hundreds of millions of individual users. The result is that TikTok is able to identify individual users who visit the Rad Power Bikes site.

Lawsuit: Rad Power Bikes Violated Trap & Trace Law in California Invasion of Privacy Act (CIPA)

The plaintiff in the CIPA class action suit is a California consumer who visited the Rad Power Bikes website. The lawsuit alleges that the website embedded advertising-related TikTok software to deanonymize and identify visitors for marketing and surveillance purposes. This was allegedly done for the benefit of both Rad Power Bikes and social media company TikTok.

According to the complaint, the TikTok software on radpowerbikes.com “gathers device and browser information, geographic information, referral tracking, and URL tracking by running code of scripts to send user details to TikTok.” Moreover, this unauthorized collection of visitors’ personal data allegedly occurs as soon as a visitor accesses the website; visitors do not have an opportunity to consent to the gathering of their data.

TikTok “Fingerprinting”

TikTok allegedly benefits from the collection of user information on the Rad Power Bikes site by comparing the data to its own massive database. This allows TikTok to “fingerprint” and identify website visitors. Since TikTok is currently owned by the communist Chinese government, this kind of data breach could pose significant security risks to American citizens.

CIPA Lawsuit

The legal basis for the lawsuit against Rad Power Bikes is the California Trap and Trace Law, which is codified as Cal. Penal Code § 638.51 in the California Invasion of Privacy Act (CIPA).

The plaintiff in the Rad Power Bikes lawsuit is seeking several types of damages: declaratory relief, statutory damages, and attorney’s fees. Additionally, the plaintiff is seeking to certify the lawsuit as a class action applicable to anyone in California who visited the Rad Power Bikes website.

Court Denies Motion to Dismiss, Allows Trap and Trace Lawsuit Against Rad Power Bikes to Proceed

Rad Power Bikes filed a motion to dismiss before trial. The U.S. district court issued a ruling and denied the motion, which means that the consumer protection case may now go to trial.

The Defendant made three arguments in support of its motion to dismiss the case during the pre-trial stage:

The Defendant argued that the plaintiff in the class action lacked personal jurisdiction.
The Defendant argued that the plaintiff lacked standing to sue.
The Defendant argued that California’s invasion of privacy statute only applies to the interception of telephone calls, not websites.

The court rejected all of these arguments, finding in favor of the plaintiff.

Personal Jurisdiction

Personal jurisdiction is a legal term that means the court has authority to hear a case involving a party with a sufficient connection to the state where the court is located. In this case, the lawsuit was filed in a federal court located in California. That means the plaintiff must show that the Defendant, Rad Power Bikes, does business in California.

In the plaintiff’s response to the motion to dismiss, he alleged that Rad Power Bikes purposefully directed its activities to California “by regularly engaging with California residents through its website and its retail stores.” Moreover, argued the plaintiff, the e-bike company also shared website visitors’ data with TikTok in California.

In its ruling on the motion to dismiss, the court found that Rad Power Bikes did, in fact, intentionally direct its activities to California by allegedly gathering personal information from California visitors to the company’s website. Additionally, the court noted that the electric bike company has a “substantial presence” in the state with four retail stores. Beyond that, Rad Power Bikes has also contracted with TikTok to send user data to California. Therefore, said the court, there are more than enough contacts between Rad Power Bikes and California to establish personal jurisdiction in the state.

Standing to Sue

The court also found that the plaintiff in the case has Article III standing to sue. That’s because the plaintiff adequately alleged an injury caused by the use of TikTok software on the Rad Power Bikes website.

Article III standing is a constitutional requirement that only individuals who have suffered an injury in fact – or a particularized injury – may bring a case in federal court.

Under the California Invasion of Privacy Act (CIPA), it is illegal for a person or business to use devices to capture “dialing, routing, addressing, or signaling information from a wire or electronic communication.” In the lawsuit against Rad Power Bikes, the plaintiff alleged that his statutory privacy rights were infringed – and that this constituted a clear violation of the CIPA. In rejecting the motion to dismiss, the U.S. district court concluded that a violation of privacy rights protected by California law “is sufficient injury for standing purposes.”

CIPA Applies to Websites

The last argument made by the Defendant in its motion to dismiss was that the California Trap and Trace Law does not apply to websites. The court strongly rejected this argument. That’s because the Trap & Trace Law, contained in the California Invasion of Privacy Act (CIPA), applies to any device that records or captures information from a wire or electronic communication. While the Defendant wants the law to apply solely to communications via telephone lines, numerous courts have found that the statute applies to website communications.

With respect to the application of California’s digital privacy laws to websites, Rad Power Bikes also made a sweepingly broad argument that the CIPA claim should be dismissed because it “effectively seeks to criminalize the Internet.” The Defendant’s contention is that most websites use tools like the TikTok software, so a finding in favor of the consumer-plaintiff would have severe implications for all consumer-facing websites. The court rejected this argument on its face. Moreover, the court noted that any questions about the scope of the CIPA should be addressed to the California Legislature, which enacted the consumer privacy law in the first place.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Are you a California resident? Did you visit the Rad Power Bikes website? Then you might be eligible to join a consumer class action lawsuit to recover damages for violations of the California Invasion of Privacy Act (CIPA). The Los Angeles consumer protection attorneys at Tauler Smith LLP have extensive experience representing plaintiffs in trap & trace claims and invasion of privacy lawsuits in both federal and state courts.

Call 310-590-3927 or email us today to discuss your legal options.

Trap and Trace Class Action Against HoMedics

May 28, 2025/in Consumer Protection /by taulersmith

A federal court in California recently ruled on a trap and trace class action against HoMedics and FKA Distributing Co. – and the ruling was fantastic news for the consumer protection attorneys at Tauler Smith LLP. The plaintiff in the case is a California resident who visited the HoMedics website. According to the legal complaint, the website utilized TikTok software to unlawfully collect personal information from the plaintiff and other consumers who visited the site. Now the court has issued a pre-trial ruling in favor of the plaintiff to deny the Defendant’s motion to dismiss.

For more information about the TikTok trap & trace complaint against HoMedics, and to find out if you might be eligible to join the class action, keep reading.

Lawsuit: HoMedics Used TikTok Software to Collect Personal Data of Website Visitors

FKA Distributing Co., or FKA Brands, is a personal care product company. FKA Distributing sells its products across the U.S. and globally in major department stores, specialty stores, and drugstores. Some of the main FKA brands include HoMedics, House of Marley, Revamp Professional, Obus Forme, Ellia, JAM Audio, HMDX Audio, and Sol Republic. FKA primarily does business as HoMedics, which specializes in products related to health and wellness.

HoMedics sells a number of personal care items for the medical and spa industries, including hot/cold compression wraps, dental appliances, magnetic therapy products, electronic back and body massagers, humidifiers, air purifiers, and water purification systems. HoMedics also sells therapeutic bedding products: pillows, mattresses, and protective bedding. Additionally, HoMedics makes products for Sharper Image and Stanley Black & Decker. Many of these products are sold on the Homedics.com website.

Digital Privacy Lawsuit Against HoMedics

The plaintiff alleged that when she visited the Defendant’s website, Homedics.com, her personal data was unlawfully collected with TikTok-created deanonymization software. According to the complaint, the TikTok software instantly gathered data about the plaintiff as soon as she visited the website, including her geographic location and other personal identifying information.

The purpose of this data collection was allegedly to match it with TikTok’s existing data, which could then be used to identify individual visitors. This has legal implications because the collection of a website visitor’s personal data without consent is a direct violation of California’s Trap and Trace Law. That law is codified in Cal. Penal Code § 638.51.

Class Action Lawsuit Against HoMedics in California Central District Court

The plaintiff, a California resident, filed a class action against FKA Distributing Co. on behalf of all persons living in California whose identifying information was sent to TikTok through the use of the HoMedics website. The lawsuit was initiated in the Los Angeles Superior Court and was later removed to a federal court: the United States District Court for the Central District of California.

The class action alleged that FKA Distributing violated California’s Trap and Trace Law. When the case was moved to federal court, FKA Distributing filed a motion to dismiss. That motion was rejected by the court, which means that the claim may now move forward.

HoMedics Accused of Violating the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act, also known as the CIPA, is codified in Cal. Penal Code § 630. The law imposes both civil and criminal penalties against offenders who engage in electronic interception, recording, or eavesdropping on private communications.

Section 638.51 of the statute prohibits the installation of a pen register or trap & trace device unless the party has obtained a court order to do so.

Under section 637.2 of the statute, a plaintiff can bring a private right of action for violations of the CIPA. This means that consumers can file a lawsuit and recover statutory damages if their personal data has been collected without consent.

Court: FKA Distributing and HoMedics May Have Violated California’s Trap & Trace Law

The first court order in the FKA Distributing TikTok complaint was issued in response to a motion to dismiss. The Defendant argued that the TikTok software allegedly used on the HoMedics website does not constitute a “trap and trace device” within the meaning of § 638.50(c). However, the court found the Defendant’s argument “unpersuasive,” stating that the TikTok software could plausibly constitute a “trap and trace device” and therefore could be a violation of the statute.

HoMedics TikTok Trap & Trace Software

The TikTok software allegedly utilized by the HoMedics website works by gathering the device information, browser information, and geographic information of site visitors, which then allows TikTok to identify individual users.

The California Invasion of Privacy Act (CIPA) defines a trap and trace device as any “device or process that captures the incoming electronic or other impulses” identifying the source of the communication. The federal court in this case noted that the statute’s reference to a “device or process” implies that it is the result of the information gathering that matters: the use of an AutoAdvanced Matching feature on the HoMedics website to identify the source of website visitors does fall within the scope of the Trap & Trace Law.

No Consumer Consent for Data Gathering

FKA Distributing Co. also argued that consent for the tracking of visitors’ data was granted by the Defendant, which was also a party to all communications on its website. The court rejected this absurd argument on its face since the person who needs to provide consent is clearly the website user whose personal data is being tracked by the website.

The Defendant attempted to argue that, by definition, a person cannot “intercept” communications to which they were already a party. But the court found that this narrow reading of the law only applies to allegations of wiretapping violations, not cases like this one that go beyond wiretapping and involve broader allegations of electronic interception.

No Automatic Consent for Data Collection

The court also rejected the Defendant’s argument that website visitors automatically consent to the data collection practices simply by visiting HoMedics.com.

The Defendant claimed that its website Privacy Policy provided notice of the site’s use of a trap and trace device, including a warning to site visitors that the Defendant may collect personal data like the user’s name, email, phone number, and postal address. But the court said that this was not sufficient to prove that a reasonable user reading the Privacy Policy would definitely understand it – or that it would necessarily involve the use of TikTok software to monitor and essentially spy on the user.

Federal Court Denies Dismissal of TikTok Trap & Trace Claim Against HoMedics

The California Central District Court recently issued a second court order in the digital privacy complaint against FKA Distributing Co. and HoMedics. FKA Distributing argued that the complaint should be dismissed for lack of personal jurisdiction, failure to allege a concrete injury, and failure to allege an actual violation of the Trap & Trace Law. The court rejected all of these arguments, finding them “unavailing.”

Personal Jurisdiction

The federal court quickly found that the Defendant waived personal jurisdiction when they failed to raise it as an issue in an earlier motion to dismiss the invasion of privacy complaint.

Consumers Harmed by HoMedics Privacy Violations

The court also found that the plaintiff adequately alleged concrete and particularized injury to her privacy rights. Specifically, the court said that the plaintiff provided the facts necessary for a trap & trace complaint, such as the number of times she visited the HoMedics website, exactly what information she provided on the site, what information the Defendant captured, and the fact that she was not aware of the Defendant’s tracking practices.

The plaintiff showed that she visited the HoMedics website in March 2024. The plaintiff also clearly alleged that the Defendant operates TikTok software on the website for the purpose of collecting users’ personal identifying information, including:

Device and browser types.
Geographic locations.
Referral URLs.

Moreover, the plaintiff alleged that the Defendant unlawfully collects this information from everyone who visits the website, and that this happens automatically as soon as anyone lands on the site.

TikTok Software Violates Consumer Privacy Interests

FKA Distributing Co. argued that the plaintiff failed to show that any private or personal identifying information had been collected by the Defendant’s website. The court rejected this argument as well. According to the court, the plaintiff alleges that the Defendant’s TikTok software “effectively de-anonymizes the website user” to collect tracking information. Additionally, this data collection allegedly happens regardless of whether the user has a TikTok account.

The court concluded that the plaintiff’s allegations are sufficient to establish a concrete injury from visiting HoMedics.com. This injury would be a direct harm to the plaintiff’s privacy interests because the compilation and collection of users’ personal data occurs without consent.

Did You Visit the HoMedics Website? Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If you visited the HoMedics website for any reason, it’s possible that your data was unlawfully collected and sent to TikTok. This could make you eligible to join a class action lawsuit to receive monetary compensation for the violation of your privacy rights. The legal team at Tauler Smith LLP represents plaintiffs in California trap & trace claims, consumer fraud complaints, and other types of consumer protection lawsuits. We can help you get justice.

Call 310-590-3927 or send an email to talk with one of our experienced California consumer protection attorneys today.

Law.com Article on C2 Education Trap & Trace Lawsuit

August 4, 2024/in Press /by taulersmith

The Los Angeles consumer protection lawyers at Tauler Smith LLP recently filed a class action against C2 Education in U.S. District Court that accuses the tutoring company of collaborating with TikTok to collect consumer data. The case is getting significant press coverage: a Law.com article on the C2 Education trap & trace lawsuit explores the implications of the federal court’s pre-trial ruling, which denied a motion to dismiss the complaint and essentially said that software embedded on a website can violate the California Trap and Trace Law.

Read the Law.com article, “Federal Ruling ‘Sets Precedent’ for ‘Trap and Trace’ Software Class Actions in Calif.” And for more information about the class action lawsuit against C2 Education, keep reading this blog.

Federal Court: C2 Education May Have Used Trap & Trace Devices to Collect Consumer Information

A Law.com article on the C2 Education trap and trace lawsuit discusses the recent class action complaint filed against the tutoring company for allegedly using trap & trace devices to collect consumer data on its website without permission. The online article also highlights the important precedent that may have been set for trap and trace lawsuits in California:

A federal court delivered a landmark decision impacting “trap and trace” software cases in California, denying defendant C2 Educational Systems Inc. a motion to dismiss a class action alleging it violated the California Invasion of Privacy Act (CIPA) through its partnership with TikTok.

“These allegations demonstrate that Defendant, through the use of the TikTok Software, collected Plaintiff’s information, thereby constituting an invasion of privacy. And invasions of privacy are actionable injuries,” the ruling stated.

“I think it’s a big ruling because you have, in this instance…a federal court saying this is a claim that the federal courts recognize, which generally means that state courts will also recognize trap and trace claims,” said plaintiff’s attorney Robert Tauler.

C2 Education Accused of Collaborating with TikTok to Collect Information from Website Visitors

Los Angeles law firm Tauler Smith LLP filed a class action lawsuit against C2 Education because the online tutoring and test prep company is allegedly violating the California Invasion of Privacy Act (CIPA) through its partnership with TikTok. The Defendant subsequently filed a motion to dismiss the class action from the U.S. District Court for the Central District of California. After evaluating arguments from both sides, the court denied C2 Education’s motion to dismiss.

Assuming the case ultimately reaches trial, the Defendant will need to answer the allegations that they breached California’s Trap and Trace Law, codified as Cal. Penal Code § 638.51 of the CIPA. The Trap and Trace Law prohibits the use of pen registers and trap & trace devices that record dialing or routing information from website visitors. The lawsuit against C2 Education specifically alleges that the tutoring company installed TikTok software on its website to siphon user data and match it with TikTok’s much larger user database. This process, known as “fingerprinting,” gives companies the ability to identify personal information about otherwise anonymous website users.

Landmark Decision: U.S. District Court Sets Precedent for California Trap & Trace Claims

In its motion to dismiss the class action lawsuit, C2 Education argued that the Trap & Trace provision of the California Invasion of Privacy Act (CIPA) should only apply to physical devices attached to telephone lines, not to website software. The United States District Court for the Central District of California disagreed. The court highlighted § 638.50 of the CIPA, which broadly refers to “devices that record or capture information.” The court also cited Greenley v. Kochava, Inc., an earlier case finding that software “fingerprinting” falls squarely under the pen register definition outlined by the CIPA.

Legal experts have noted that the federal court’s pre-trial ruling in the C2 Education trap & trace case may have broadened the scope of the California Trap & Trace Law and, by extension, strengthened protections for consumers against digital privacy violations and fraud. In fact, the Law.com article on the case called it “a landmark decision.” Los Angeles consumer protection lawyer Robert Tauler, who is representing the plaintiff in the C2 Education class action, observed that this is “the first case effectively saying that software on a website can violate the Trap and Trace Law.”

Did You Visit the C2 Education Website? Contact the California Consumer Protection Attorneys at Tauler Smith LLP

Los Angeles law firm Tauler Smith LLP represents plaintiffs in cases involving invasion of privacy violations. Our California consumer protection lawyers have filed dozens of trap & trace claims on behalf of consumers, including a class action complaint against C2 Education. If you are a California resident who visited the C2 Education website, you may be eligible to join the class action lawsuit.

Call 310-590-3927 or email us today.

Judge Denies Motion to Dismiss Class Action Against C2 Education

July 30, 2024/in Consumer Protection /by taulersmith

Tauler Smith LLP recently filed a trap and trace lawsuit against C2 Education for violating the California Invasion of Privacy Act (CIPA), and now a federal court has ruled: a judge denied the motion to dismiss the class action against C2 Education. The complaint alleges that the leading provider of tutoring services nationwide has unlawfully installed “trap and trace” software on its website and allowed the social media app TikTok to collect private data from site visitors. The Defendant filed a motion to dismiss the lawsuit, but the court rejected all of the Defendant’s pre-trial arguments. This represents a major victory for the California consumer protection lawyers at Tauler Smith LLP.

For more information about the lawsuit against C2 Education for invasion of privacy, and to learn whether you might be eligible to join the class action, keep reading.

Tutoring Company C2 Education Sued for Invasion of Privacy

Tauler Smith LLP represents California consumers who have filed a class action complaint against C2 Educational Systems Inc., a company which markets itself as a leading provider of tutoring, test prep, and college admissions counseling services to K-12 students in California and throughout the United States. The company’s online tutoring programs can be accessed at the website www.c2educate.com. This website is at the heart of the lawsuit against C2 Education because of the company’s partnership with the controversial social media platform TikTok. According to the lawsuit, C2 Education allows TikTok to install a “trap and trace device” on the tutoring website landing page and to secretly collect personal data about consumers who visit the site.

What Are “Trap and Trace Devices”?

What are trap and trace devices? California consumer protection law defines these as devices or processes that record or capture “dialing, routing, addressing, or signaling information” from a “wire or electronic communication.” When a company embeds and uses a pen register or trap and trace device without first obtaining a court order, they are directly violating Section 638.51 of the Trap and Trace Law.

Lawsuit: C2 Education Violated California’s Trap and Trace Law

The California Trap and Trace Law is codified in California Penal Code § 638.51, a provision of the California Invasion of Privacy Act (CIPA). The lawsuit against C2 Education alleges that the tutoring company violated the Trap and Trace Law’s prohibition against the use of pen registers and trap & trace devices: TikTok software embedded on the C2 Education website is utilized to unlawfully collect site visitors’ information without either express or implied consent. Beyond that, site visitors are never informed that their data is being collected and shared with the Chinese government for “fingerprinting” and de-anonymization.

“Fingerprinting”

According to the legal complaint, the TikTok de-anonymization software installed on the C2 Education website uses a process known as “fingerprinting.” This allows the site to collect data from visitors, and the data is then matched with TikTok’s massive user database to uncover visitors’ identities. The personal data that TikTok allegedly collects from website visitors includes device and browser information, geographic information, referral tracking, and URL tracking.

“AutoAdvanced Matching”

The class action lawsuit also alleges that C2 Education enables TikTok’s “AutoAdvanced Matching” feature, which allows TikTok to run codes or “scripts” that capture data from online forms filled out by website users. This form data may include things like the user’s name, date of birth, and physical address.

Defendant Files Motion to Dismiss Class Action Complaint

The complaint against C2 Education was filed in the United States District Court for the Central District of California. The Defendant filed the motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6), which calls for a case to be dismissed when a plaintiff fails to state a claim upon which relief can be granted.

The Defendant argued that the complaint should be dismissed because:

Section 638.51 does not apply to website software.
The TikTok Software used by C2 Education merely collects information that is necessary for the basic operation and maintenance of the website.
Consent was given for use of the TikTok Software on the C2 Education website.
The TikTok Software only collects the “contents of a communication,” which is allowed under the statute.
Section 638.51 is a criminal statute and does not provide plaintiffs with a private right of action in civil court.

Federal Judge Denies Motion to Dismiss Trap & Trace Lawsuit Against C2 Education

U.S. District Judge R. Gary Klausner heard arguments from both sides and then issued a ruling denying the Defendant’s motion to dismiss. This means that the case against C2 Education could now proceed to trial. In fact, the court strongly rejected all of the Defendant’s arguments, and may have even set precedent for trap & trace class actions.

The court’s responses to the Defendant’s arguments are addressed below:

CIPA Applies to TikTok Software

C2 Education argued that the claim should be dismissed because California Penal Code § 638.52 uses language about “telephone lines,” not websites. Also, the statute indicates that a pen register or trap and trace device must be a physical device attached to a telephone line. Therefore, argued the Defendant, the TikTok Software embedded in the C2 Education website is not covered by the Trap and Trace Law because the software is not a physical device attached to a phone line. The U.S. District Court disagreed.

In rejecting the Defendant’s motion for dismissal, the court highlighted an important distinction between § 638.52 and § 638.50. Although Section 638.52 refers to trap & trace devices as physically attached to telephone lines, Section 638.50 does not include any such requirement: the statute refers broadly to “devices or processes” that capture information electronically. Additionally, other federal courts have interpreted the statute broadly by focusing on the result of the impermissible data collection and concluded that tracking software can constitute a pen register or trap & trace device under the law.

TikTok Software Collects Consumers’ Personal Data

C2 Education also argued that the complaint should be dismissed because the TikTok Software only records data needed for the operation and maintenance of the tutoring website. Since the Trap and Trace Law includes an exception for the use of pen registers and trap & trace devices to “operate and maintain” an electronic communication service, this kind of use would be allowed under the law. The district court rejected this argument.

In its ruling, the U.S. District Court noted that the plaintiff alleged that the TikTok Software is used by C2 Education to record more than just IP addresses. For example, the complaint alleges that the software also records browser and device data, form data, and other personal information about website visitors. The court found that this type of data collection is probably not necessary for the operation and maintenance of the website, so the statutory exception cited by the Defendant would not apply in this case.

Consumers Did Not Consent to Use of TikTok Software

Under § 638.51 of the Trap & Trace Law, companies are allowed to use pen registers and trap and trace devices if the website user has provided consent. C2 Education argued that the invasion of privacy lawsuit should be dismissed because the main “user” of the website was the Defendant, who consented to the use of tracking software. The court understandably rejected this argument because California law would seem to indicate that the only relevant user of a website is the site visitor, not the site operator – and the user in this instance did not consent to having their personal data collected by the TikTok software. As such, ruled the court, the lawsuit against C2 Education should survive summary judgment and possibly go to trial.

C2 Education Collects Personal Information from Consumers

The California Trap and Trace Law applies to websites that use pen registers or trap & trace devices to record “dialing, routing, addressing, or signaling information.” However, since the statute seemingly does not apply when the “contents of a communication” are recorded, the Defendant in this case argued that the data collected by the TikTok Software on the C2 Education website does not fall within the scope of the statute. Once again, the U.S. District Court rejected the Defendant’s argument.

The court found that the lawsuit clearly alleges that the TikTok Software used by C2 Education gathers “device and browser information, geographic information, and browsing history.” Moreover, the lawsuit describes multiple data points that the TikTok Software allegedly captures, which is sufficient to bring a claim under the Trap & Trace Law.

CIPA Allows Consumers to Sue for Digital Privacy Violations

The Trap and Trace Law is a part of the California Invasion of Privacy Act (CIPA), which is codified as Cal. Penal Code § 638.51. The Defendant argued that the civil lawsuit against C2 Education should be dismissed at the summary judgment phase because the CIPA is a criminal statute with criminal penalties and does not allow individual defendants to seek monetary remedies in a civil suit. The court rejected this argument because the CIPA explicitly confers a private right of action and allows individual consumers to bring lawsuits. The court specifically pointed to § 637.2, which has a broad and unambiguous endorsement of private rights of action for all CIPA violations.

U.S. District Court: C2 Education’s Use of TikTok Software May Have Violated California Consumer Privacy Laws

At the conclusion of its order rejecting the Defendant’s motion to dismiss, the U.S. District Court for the Central District of California stated that the allegations in the class action complaint “demonstrate that the Defendant, through use of the TikTok Software, collected site visitors’ information, thereby constituting an invasion of privacy.” Significantly, the plaintiffs may now have the opportunity to argue their case at trial – which represents another successful pre-trial outcome for the Tauler Smith litigation team.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited the C2 Education website for any reason, you may have been the victim of an unlawful invasion of privacy. Contact the Los Angeles consumer protection attorneys at Tauler Smith LLP to find out if you are eligible to join a class action lawsuit to receive financial compensation. Call 310-590-3927 or send an email.

Trap and Trace Class Action Against Skullcandy

July 8, 2024/in Consumer Protection /by taulersmith

California law firm Tauler Smith LLP has filed a trap and trace class action against Skullcandy. The civil suit, filed in Los Angeles County Superior Court, accuses the headphone technology company of unlawfully sharing customer data with TikTok for the purposes of fingerprinting and de-anonymization. The consumer fraud lawyers litigating the lawsuit have also accused Skullcandy of violating California consumer protection laws by failing to obtain consent from website visitors.

Are you a California resident who visited the Skullcandy website? If so, you might be eligible to join a class against lawsuit against Skullcandy. Contact Tauler Smith LLP for more information.

Skullcandy Headphone Company Accused of Using Trap & Trace Fingerprinting Software

Skullcandy is a company that sells technology products, including headphones, earphones, and Bluetooth speakers marketed to a “youth” demographic, with an emphasis on use during videogaming, snowboarding, and skateboarding. These products are primarily sold in brick-and-mortar retail stores and via the company’s online store.

The legal complaint against Skullcandy alleges that the company’s website installed sophisticated software to de-anonymize website traffic, allowing social media behemoth TikTok access to personal information about otherwise anonymous site visitors. The trap and trace software allegedly runs on virtually every page of Skullcandy’s website, meaning that anyone who visited the site may have unknowingly been the victim of a digital privacy violation. More specifically, the Skullcandy trap and trace software relies on electronic impulses generated from website visitors’ devices. This is allegedly done by Skullcandy in concert with the social media platform TikTok to identify site visitors and gain valuable information about Skullcandy’s target market.

What Is a Trap & Trace Device?

According to California consumer protection law, a trap and trace device is any type of device or process capable of capturing incoming electronic impulses to identify the originating number, dialing, routing, addressing, or signaling information. In other words, it’s a device that can trace the source of an electronic communication. When a company uses one of these devices to obtain customer data without authorization, the act could constitute a very serious violation of California’s Trap and Trace Law and subject the company to fines and other statutory penalties.

Lawsuit: Skullcandy Customer Data Unlawfully Shared with TikTok

According to the class action lawsuit filed in L.A. Superior Court, the Skullcandy website uses software created by TikTok for the express purpose of identifying site visitors. This is accomplished through a process known as “fingerprinting,” which collects extensive data about otherwise anonymous website visitors. The personal information is then matched with existing records that TikTok has already acquired about the millions of Americans who use the popular social media platform. At the same time, TikTok adds the data to their accumulated data about user behavior.

Skullcandy Accused of Violating the California Invasion of Privacy Act

The California Invasion of Privacy Act (CIPA) was enacted to curb the invasion of privacy resulting from use of certain technologies that pose “a serious threat to the free exercise of personal liberties.” The statute applies to the unlawful use of trap & trace software by companies doing business in California and imposes civil liability against businesses that use trap and trace software without first obtaining either direct permission from website visitors or legal permission from a judge via a court order.

According to the class action recently filed against Skullcandy in California court, the company’s trap and trace software begins to collect personal information the moment a user lands on the Skullcandy website. This is done despite the fact that the site features a “cookie banner” which ostensibly would prohibit Skullcandy from gathering customer data until the customer signs off on it. Instead, website visitor data has already been sent to TikTok before the visitor even has a chance to consent.

The personal information gathered by the TikTok trap & trace software includes the following:

Device and browser information.
Geographic information.
Referral tracking.
URL tracking.
Images of products the user is interested in.

You May Be Eligible to Join the California Trap & Trace Class Action Against Skullcandy

It is a major breach of trust, and violation of California consumer protection law, for a company to use trap and trace software to obtain a website visitor’s phone number or other identifying information. The class action lawsuit recently filed against Skullcandy alleges that the headphone company is collaborating with the Chinese government to obtain personal information from website visitors. Further, the lawsuit alleges that the company is doing this without informing site visitors.

A California resident who visited the Skullcandy website may be eligible to join the class action lawsuit and obtain monetary damages. That’s because California has tough consumer protection laws, and the statutory penalties for violations of Section 638.51 of the California Penal Code in particular are severe. Companies that unlawfully use a trap and trace device can be punished with a statutory penalty of $2,500 for each violation of the law.

Did You Visit the Skullcandy Website? Contact a Los Angeles Consumer Protection Lawyer

If you visited the Skullcandy website, it is possible that your confidential information was unlawfully collected and shared with third parties. The Los Angeles consumer protection attorneys at Tauler Smith LLP are representing plaintiffs in a class action against Skullcandy. Call 310-590-3927 or email us.

C2 Education Trap and Trace Class Action

Trap and Trace Class Action Against C2 Education

July 8, 2024/in Consumer Protection /by taulersmith

One of the country’s largest tutoring companies has been accused of invading the privacy of customers. The California consumer protection attorneys at Tauler Smith LLP recently filed a trap and trace class action against C2 Education for collaborating with TikTok, the popular but controversial social media platform, by installing a trap & trace device on its website as a means to collect data from consumers. According to the lawsuit, C2 Education has installed a code on their website that automatically sends user details to TikTok. Additionally, the TikTok de-anonymization software secretly installed on the tutoring website makes it possible for the educational services provider to identify site users by using electronic impulses generated from site visitors’ devices. All of these alleged acts constitute clear violations of California’s strong digital privacy laws, which is why the tutoring company now faces a consumer class action lawsuit in federal court.

For additional information about the class action filed against C2 Educational Systems Inc., keep reading this blog.

What Is the Legal Definition of a “Trap and Trace Device”?

The California Trap and Trace law is codified in Section 638.51 of the California Invasion of Privacy Act (CIPA), which specifically limits how companies can use trap & trace devices to gather information about website visitors. Section 638.50(c) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” As set forth by the statute, a company must first get a court order before installing a trap and trace device on a website.

Violations of § 638.50(c), or any other part of the California Invasion of Privacy Act (CIPA), could result in the offender being civilly liable for monetary damages.

Class Action Lawsuit: C2 Education Collected Personal Data of Website Visitors

C2 Education markets itself as the nation’s preeminent tutoring, test prep, and college admissions counseling provider. C2 Education provides online tutoring programs for K-12 students, including standardized test preparations, school subjects tutoring, college admission counseling, and education boot camps. The tutoring company serves more than 25,000 students across the country every year, with services offered both online at the C2 Education website and at brick-and-mortar locations throughout the United States, including California.

As part of its marketing regime, C2 Education has partnered with social media app TikTok to install sophisticated software on the tutoring website’s landing page. This software allegedly allows C2 Education to gain access to very personal information about consumers who happen to land on the site, including the individual’s location, source, and identity.

Is C2 Education Using TikTok to Unlawfully Share Customer Data?

The TikTok de-anonymization software allegedly used by C2 Education is designed for the sole purpose of identifying and capturing the source of incoming electronic impulses, which makes it possible to identify dialing, routing, addressing, and signaling information generated by users of the C2 Education website. Significantly, this software is deployed without consumers’ knowledge or consent.

According to the recent lawsuit filed in U.S. district court, visitors to the C2 Education website are not informed that the site is capturing their personal identifying information. The class action suit also alleges that site visitors are not informed that the company is collaborating with the Chinese government. That’s because C2 Education did not obtain consumers’ express or implied consent to be subject to data sharing with Chinese-owned TikTok for the purposes of fingerprinting and de-anonymization.

“Fingerprinting” Technology

The TikTok software allegedly used by C2 Education collects consumer data via a process known as “fingerprinting.” This means that the software gathers and stores as much data as it can about an otherwise anonymous visitor to the website and then matches it with data that TikTok has already acquired and accumulated about hundreds of millions of Americans who use the social media app.

“Advanced Matching” Technology

The TikTok software, which uses “AutoAdvanced Matching” technology, scans the C2 Education website by running code or “scripts.” When the site user provides personal information – such as name, date of birth, or mailing address – the details are sent simultaneously to TikTok so that the social media provider can isolate with certainty the individual to be targeted.

Tutoring Company Sued for Violating California’s Trap and Trace Law

The invasive TikTok software allegedly runs on every page of C2 Education’s website, making it impossible for site visitors to avoid having their data collected. This means that every time a user clicks on a page, the site instantly sends the communications to TikTok. The social media company then adds the data to their massive collection of user behavior and, in turn, assists C2 Education with targeted marketing while keeping a trove of information for itself. These disturbing acts prompted Los Angeles consumer protection law firm Tauler Smith LLP to file a class action lawsuit against C2 Education in the United States District Court for the Central District of California.

C2 Education’s alleged installation of the TikTok tracing software is a violation of California’s Trap and Trace Law, which is codified as California Penal Code Section 638.51. This is part of the California Invasion of Privacy Act (CIPA), which imposes civil liability and significant statutory penalties against companies that install trap and trace software without either user permission or a court order.

Statutory Penalties

The class action lawsuit against C2 Education seeks multiple forms of relief for plaintiffs, including the following:

A court order enjoining C2 Education from continuing its alleged unlawful conduct, as well as an order to disgorge any data already collected through use of the TikTok software.
Statutory damages provided by the CIPA, which may include fines of up to $2,500 for each violation of the statute.

C2 Education Case Sets Precedent for Trap & Trace Software Claims in California

The class action complaint against C2 Education may have already set a new legal precedent for trap & trace class actions in California. In a pre-trial ruling on a motion to dismiss the complaint, the U.S. District Court effectively said that software installed on a website can violate California’s Trap and Trace Law. Moreover, since this was a federal court ruling, it is likely that California state courts will also recognize trap & trace claims based on website privacy violations.

Did You Visit the C2 Education Website? Contact a California Consumer Protection Attorney Today

Did you visit the C2 Education website? If you filled out any online forms or provided any personal information to the tutoring company, you may be eligible to join a class action lawsuit to obtain monetary damages. The California consumer fraud attorneys at Tauler Smith LLP are representing plaintiffs who were victims of consumer privacy violations by C2 Education. To learn more, call 310-590-3927 or email us today.

Trap and Trace Class Action Against Smashbox Cosmetics

April 21, 2024/in Consumer Protection /by taulersmith

Tauler Smith LLP recently filed a trap and trace class action against Smashbox Cosmetics, and now the legal action is getting significant press coverage. A recent Law.com article on the Smashbox lawsuit details how the makeup company has been accused of using TikTok’s “trap and trace” software to help the social media platform unlawfully collect and store the confidential information of website visitors. According to the Los Angeles consumer protection lawyers who filed the lawsuit, Smashbox failed to obtain consent from consumers before acquiring their data via a process known as “fingerprinting.” Now, Smashbox has been sued in a California superior court.

Are you a California resident who visited the Smashbox website? To learn whether you might qualify to join the class action suit as a plaintiff, contact us today.

Smashbox Beauty Cosmetics Accused of Using Unlawful Fingerprinting Software

Smashbox Beauty Cosmetics is a cosmetics company that sells primers, foundations, lipsticks, and other types of makeup to consumers both online and in retail stores. The class action lawsuit, which was recently filed in Los Angeles County Superior Court, alleges that Smashbox runs “advanced matching” on its website to scan the site “for recognizable form fields containing phone numbers, email addresses, and other identifying information about customers.”

More specifically, the makeup company is accused of helping TikTok use fingerprinting software to match data from otherwise-anonymous website visitors to existing data that has already been stored by the social media platform. The TikTok app then gathers device and browser information, geographic information, referral tracking, and URL tracking. According to the lawsuit, this is done without users’ consent.

Selling Consumer Data to TikTok?

Smashbox allegedly benefits from the fingerprinting data because TikTok is then able to provide targeted advertisements on the website. Moreover, it is believed by the plaintiffs that Smashbox may be selling this consumer information to other third parties for similar purposes. Depending on the type of information provided on website forms, this could include things like age, gender, race, and even more intimate details about users.

Lead plaintiffs’ attorney Robert Tauler criticized Smashbox for allegedly collaborating with TikTok to collect and share sensitive information about consumers who visit the company’s website. According to Tauler, there are no safeguards in place to protect this information: “TikTok keeps this data for reasons that our leaders believe pose a threat to ordinary citizens.” The dangers of giving Chinese-owned TikTok access to confidential information about Americans have been highlighted in recent months by the National Security Agency (NSA), which has called the social media company “a platform for surveillance”.

CIPA Consumer Privacy Complaint Filed Against Smashbox

A class action complaint has been filed against Smashbox for alleged violations of the California Trap and Trace Law. That law is contained in California Penal Code § 638.51, which is part of the California Invasion of Privacy Act (CIPA).

Los Angeles consumer fraud attorney Robert Tauler, who brought the digital privacy class action on behalf of the plaintiffs, believes that this legal action will send an important message to companies like Smashbox allegedly helping third parties like TikTok collect consumer data without permission. Tauler said that “Smashbox should consider the negative impact their secret and immoral data collection practices are having on society instead of just trying to acquire young customers at any cost.”

Join the Trap & Trace Class Action Lawsuit Against Smashbox

The California Invasion of Privacy Act (CIPA) gives consumer privacy victims the right to sue for financial compensation. In fact, other CIPA complaints alleging trap & trace violations allow for multiple forms of damages to be awarded to successful plaintiffs.

The lawsuit against Smashbox Beauty Cosmetics requests different types of financial compensation for qualifying plaintiffs:

Statutory damages pursuant to the California Invasion of Privacy Act (CIPA).
Punitive damages to ensure that Smashbox refrains from using trap and trace software in the future.
Attorney’s fees and other costs.

Additionally, the consumer privacy class action lawsuit against Smashbox seeks a court order enjoining the company from acquiring and sharing consumer data, as well as an order requiring the company to disgorge all data acquired through the TikTok software.

Did You Visit the Smashbox Website? Contact a California Consumer Protection Attorney Today

If you visited the Smashbox Beauty Cosmetics website and/or filled out any forms on the site, your confidential information may have been unlawfully collected. The Los Angeles consumer protection lawyers at Tauler Smith LLP are currently representing plaintiffs in a class action lawsuit against Smashbox. Call 310-590-3927 or send an email for more information.

What Are Pen Registers?

April 19, 2024/in Consumer Protection /by taulersmith

A number of recent lawsuits have been filed based on something known as “the pen register theory.” But what are pen registers? One of the surveillance tools commonly used by law enforcement to spy on suspects is the pen register, which allows police to capture phone numbers that were dialed on outgoing calls. Increasingly, these devices are being used by businesses to reveal the content of communications on websites, which poses a very real privacy concern for consumers. Worse yet, many companies with websites are now collaborating with TikTok to identify people who may wish to remain anonymous – exposing confidential information about consumers to third parties without authorization. The good news is that California law protects consumers against invasion of privacy by companies utilizing pen registers and other tracking devices.

To learn more about pen registers and how you can stop companies from using them to unlawfully collect your data, keep reading.

What Is the Definition of a Pen Register?

Both federal and California statutes have defined pen registers in the context of surveillance, especially as it relates to surveillance by law enforcement or other government actors. Recently, the term has been defined in other contexts, including when the devices are used by companies that operate websites targeting consumers.

Generally speaking, a pen register is a device that records any phone numbers that have been dialed from a particular telephone line. In legal cases involving allegations of privacy violations by companies using pen registers, courts have defined a pen register broadly so that it includes programs and software that monitors internet communications.

Differences Between Pen Registers and Trap & Trace Devices

Pen registers differ from trap and trace devices in a significant way: pen registers show the phone numbers that have been dialed by a particular phone, while trap and trace devices show the phone numbers that have called a particular phone. Another way to think of the difference is that pen registers capture data from outgoing communications, and trap and trace devices capture data from incoming communications that identify the originating phone number or geolocation.

Whether the privacy violation involves a pen register or a trap and trace device, the basis for a lawsuit typically remains the same: if a website owner fails to obtain affirmative consent from a site visitor prior to the use of tracking software, it may be a serious violation of California’s consumer fraud and consumer privacy laws such as the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA).

Invasion of Privacy Concerns Raised by Use of Pen Registers and Trap & Trace Devices

The use of pen registers to monitor customers raises concerns about invasion of privacy. Similarly, data sharing via tracking and tracing software can impose significant dangers on web users. For example, one of the major fears with automatic tracking software is that user activity will be tracked across every page on the website, regardless of how private the information might be. This means that highly personal information could be compromised, particularly if a website user is filling out forms on the site.

Pen Register Lawsuits & Trap and Trace Lawsuits in California

The California Invasion of Privacy Act (CIPA) can serve as the basis for a consumer protection lawsuit, particularly when the plaintiff is alleging a digital privacy violation. For a while, the main CIPA claim filed in California courtrooms involved wiretapping lawsuits against companies that violated the privacy rights of website visitors. That’s because this type of unauthorized data collection violated Section 631(a) of the CIPA, which explicitly prohibits third parties from illegal wiretapping or eavesdropping on communications. Recently, however, a lot of CIPA class action lawsuits are being based on either the pen register theory or the trap and trace theory.

When website owners gather data from site visitors without first getting consent, it may constitute a violation of California’s strict privacy laws – specifically Section 638.51 of the California Invasion of Privacy Act (CIPA). This has led to a new wave of CIPA litigation in California courtrooms that involves both pen register claims and trap and trace claims. Many companies that do business in California are now facing class action lawsuits because of the way they use certain analytic tools on their websites. The statutory penalties for violations of the CIPA have proven costly for companies that don’t follow the law – and they have given potential plaintiffs ample reason to talk to a consumer protection attorney about their legal options.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Too many companies in California and elsewhere in the United States are invading the privacy of customers who visit their websites, which in many instances involves data breaches and even the unauthorized sharing of personal data. The California consumer protection lawyers at Tauler Smith LLP represent plaintiffs in class actions and individual lawsuits. We have experience with trap & trace lawsuits and pen register lawsuits. Call us or email us to schedule a free consultation.

Law.com Article on Smashbox Class Action Lawsuit

April 17, 2024/in Press /by taulersmith

California’s strong digital privacy laws, like the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA), have become a popular basis for civil suits filed in state courtrooms. A recent Law.com article on the Smashbox class action lawsuit details how the cosmetics company allegedly used trap and trace devices to help social media company TikTok collect and store confidential information from website visitors. According to attorneys for the plaintiff, the data was acquired automatically as soon as individuals landed on the website: they never even had an opportunity to provide consent.

You can read the Law.com article on the Smashbox lawsuit here.

Smashbox Beauty Cosmetics Accused of Using Trap and Trace Devices on Website

The Law.com article on the recent trap & trace class action provides important details about the allegations against Smashbox:

“I personally think it is a shame that Smashbox would share intimate details of a young person’s life, including their skin color, with TikTok. TikTok keeps this data for reasons that our leaders believe pose a threat to ordinary citizens,” said the plaintiff’s attorney, Robert Tauler of Tauler Smith. “Smashbox should consider the negative impact their secret and immoral data collection practices are having on society instead of just trying to acquire young customers at any cost.”

Smashbox Beauty Cosmetics is accused of using TikTok’s “trap and trace” software to collect and store website visitors’ private identifying information, allegedly using “fingerprinting” software to collect and store user data without their consent.

“The TikTok Software installed and activated by Defendant captures data and sends it to TikTok’s servers so that TikTok can reconstruct the user’s identity. As part of this arrangement, Defendant has the ability to use some of the data to run an advertising campaign on TikTok to market its business on social media. The objective for TikTok is to gather as much information about Americans as they can, by any means necessary,” the legal complaint alleges. “In this regard, TikTok has recently been identified as ‘a platform for surveillance’ by the director of the National Security Agency.”

Lawsuit: Smashbox Tracking Customer Data Automatically Without Consent

Companies like Smashbox are allegedly coding the software used on their websites to track a user’s identity and personal information, including things like geolocation data, search terms, and payment methods. Customer activity on the websites is being tracked automatically: as soon as a person visits the site, their actions are monitored regardless of whether they actually consented to the monitoring. Moreover, the confidential customer information acquired by Smashbox and other companies on their websites may later be sold to third parties for the purpose of targeted advertisements.

Call the California Consumer Protection Lawyers at Tauler Smith LLP

Tauler Smith LLP routinely represents plaintiffs in cases involving consumer fraud and invasion of privacy, including allegations against companies that have violated the California Trap and Trace Law. To find out if you are eligible to join the class action against Smashbox Beauty Cosmetics, call or email us today.

Pen Registers vs. Trap and Trace Devices

April 15, 2024/in Consumer Protection /by taulersmith

Invasion of privacy has become a major concern for consumers who frequent websites and make purchases online. That’s because many companies are now using pen registers and trap devices, which may include website cookies, web beacons, script, software code, and other types of software to track user data. While both federal and California law provide strong protections for consumers in these situations, pen registers vs. trap and trace devices is still a distinction that needs to be understood before speaking to a consumer fraud lawyer. What exactly is the difference between a pen register and a trap & trace device? And what legal recourse do you have when a company uses one of these tracking tools to monitor your online activity?

To learn more about the differences between pen registers and trap & trace devices, keep reading this blog.

What Is a Pen Register?

Long before the invention of the internet, pen registers were being used by law enforcement as a crime-fighting tool. A pen register is a physical device that gives government actors the ability to track outgoing phone numbers that have been dialed from a telephone line. If the police suspect illegal activity, they may obtain a court order that allows them to secretly install a pen register on the phone line.

Importantly, courts have ruled that the laws regulating the use of pen registers also extend to online communications. The California Invasion of Privacy Act (CIPA) defines a pen register as “a device or process that records or decodes dialing, routing, addressing or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted.” The types of information commonly collected by pen registers includes phone numbers, email addresses, and internet data such as IP addresses. A pen register does not identify the contents of a communication, which is its main difference from a trap and trace device.

Pen Register Lawsuits in California

Law enforcement has historically used pen traps to record both outgoing and incoming telephone numbers after obtaining a phone-tapping warrant. After the passage of the Patriot Act in 2001, police were able to use the same warrants to monitor Internet communications. Eventually, California lawmakers responded to the increasingly broad government monitoring of American citizens by updating the definition of consumer communications in the California Invasion of Privacy Act (CIPA). This has now prompted many consumers to bring pen register lawsuits against companies that use software to identify website visitors and acquire their personal data.

When a company’s website utilizes certain tools to track interactions and communications with site visitors, it may be a violation of the CIPA. This is especially likely when a website visitor has a reasonable expectation of privacy. As a result, California courtrooms have seen a surge in class action lawsuits filed under a relatively new legal theory: pen register claims and trap and trace claims, both based on the CIPA.

Penalties for Pen Register Violations

When a company uses website session replay software or chatbot features without the consent of site visitors, it may be considered a violation of both federal and California digital privacy laws.

Federal Pen Register Law

Federal law originally addressed pen registers in the Electronic Communications Privacy Act. The statute was later addressed by the USA PATRIOT Act, which was passed in 2001 in response to the September 11 attacks.

California Pen Register Law

California law addresses pen registers in the California Invasion of Privacy Act (CIPA), which imposes statutory penalties of $2,500 for each pen register violation.

Wiretapping Claims vs. Pen Register Claims

California’s consumer privacy laws prohibit companies from recording, transcribing, or otherwise surveilling communications without permission. This is unlawful whether the surveillance involves phones or websites. In the context of websites, wiretapping may involve secretly recording chats that were supposed to remain confidential, or it may involve data acquisition from forms that were filled out by site visitors. The California Invasion of Privacy (CIPA) gives consumers the right to file civil suits when their online conversations have been illegally wiretapped.

Although CIPA wiretapping claims and CIPA pen register claims are similar, there are a few key differences. For instance, a plaintiff bringing a wiretapping claim must show that there was no consent for the monitoring and that their communications were actually captured by the website. By contrast, a plaintiff bringing a pen register claim merely needs to show that the pen register was utilized without either consent or a court order.

What Is the Difference Between Pen Registers and Trap & Trace Devices?

One of the reasons that legal statutes often refer to both pen registers and trap and trace devices in the same sections is that many internet monitoring programs can be utilized to record both incoming and outgoing calls.

Whether the customer information is acquired via pen registers or trap and trace devices, the end result is a serious invasion of customer privacy. The businesses that violate the California Trap and Trace Law often help third parties acquire as much information as possible about website visitors so that the data can then be monetized and sold. That’s why these companies will go to such great lengths to obtain, collect, and organize large pools of data from website visitors without their knowledge or consent.

Talk to a California Consumer Protection Lawyer Today

Tauler Smith LLP is a Los Angeles law firm that represents consumers in both individual lawsuits and class actions across California. Our knowledgeable consumer protection lawyers know how to win pen register lawsuits and trap & trace lawsuits because we have experience with invasion of privacy cases. We will hold website operators accountable for using unauthorized tracking devices on their websites.

Call 310-590-3927 or send an email for a free consultation.