Posts

Pen Registers

What Are Pen Registers?

Pen Registers

A number of recent lawsuits have been filed based on something known as “the pen register theory.” But what are pen registers? One of the surveillance tools commonly used by law enforcement to spy on suspects is the pen register, which allows police to capture phone numbers that were dialed on outgoing calls. Increasingly, these devices are being used by businesses to reveal the content of communications on websites, which poses a very real privacy concern for consumers. Worse yet, many companies with websites are now collaborating with TikTok to identify people who may wish to remain anonymous – exposing confidential information about consumers to third parties without authorization. The good news is that California law protects consumers against invasion of privacy by companies utilizing pen registers and other tracking devices.

To learn more about pen registers and how you can stop companies from using them to unlawfully collect your data, keep reading.

What Is the Definition of a Pen Register?

Both federal and California statutes have defined pen registers in the context of surveillance, especially as it relates to surveillance by law enforcement or other government actors. Recently, the term has been defined in other contexts, including when the devices are used by companies that operate websites targeting consumers.

Generally speaking, a pen register is a device that records any phone numbers that have been dialed from a particular telephone line. In legal cases involving allegations of privacy violations by companies using pen registers, courts have defined a pen register broadly so that it includes programs and software that monitors internet communications.

Differences Between Pen Registers and Trap & Trace Devices

Pen registers differ from trap and trace devices in a significant way: pen registers show the phone numbers that have been dialed by a particular phone, while trap and trace devices show the phone numbers that have called a particular phone. Another way to think of the difference is that pen registers capture data from outgoing communications, and trap and trace devices capture data from incoming communications that identify the originating phone number or geolocation.

Whether the privacy violation involves a pen register or a trap and trace device, the basis for a lawsuit typically remains the same: if a website owner fails to obtain affirmative consent from a site visitor prior to the use of tracking software, it may be a serious violation of California’s consumer fraud and consumer privacy laws such as the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA).

Invasion of Privacy Concerns Raised by Use of Pen Registers and Trap & Trace Devices

The use of pen registers to monitor customers raises concerns about invasion of privacy. Similarly, data sharing via tracking and tracing software can impose significant dangers on web users. For example, one of the major fears with automatic tracking software is that user activity will be tracked across every page on the website, regardless of how private the information might be. This means that highly personal information could be compromised, particularly if a website user is filling out forms on the site.

Pen Register Lawsuits & Trap and Trace Lawsuits in California

The California Invasion of Privacy Act (CIPA) can serve as the basis for a consumer protection lawsuit, particularly when the plaintiff is alleging a digital privacy violation. For a while, the main CIPA claim filed in California courtrooms involved wiretapping lawsuits against companies that violated the privacy rights of website visitors. That’s because this type of unauthorized data collection violated Section 631(a) of the CIPA, which explicitly prohibits third parties from illegal wiretapping or eavesdropping on communications. Recently, however, a lot of CIPA class action lawsuits are being based on either the pen register theory or the trap and trace theory.

When website owners gather data from site visitors without first getting consent, it may constitute a violation of California’s strict privacy laws – specifically Section 638.51 of the California Invasion of Privacy Act (CIPA). This has led to a new wave of CIPA litigation in California courtrooms that involves both pen register claims and trap and trace claims. Many companies that do business in California are now facing class action lawsuits because of the way they use certain analytic tools on their websites. The statutory penalties for violations of the CIPA have proven costly for companies that don’t follow the law – and they have given potential plaintiffs ample reason to talk to a consumer protection attorney about their legal options.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Too many companies in California and elsewhere in the United States are invading the privacy of customers who visit their websites, which in many instances involves data breaches and even the unauthorized sharing of personal data. The California consumer protection lawyers at Tauler Smith LLP represent plaintiffs in class actions and individual lawsuits. We have experience with trap & trace lawsuits and pen register lawsuits. Call us or email us to schedule a free consultation.

United HealthCare Trap and Trace Class Action

Trap and Trace Class Action Against United HealthCare

United HealthCare Trap and Trace Class Action

Los Angeles law firm Tauler Smith LLP recently filed a trap and trace class action against United HealthCare. The national health insurance provider has been accused of collaborating with controversial social media company TikTok to unlawfully collect data from website visitors. These actions would constitute clear violations of the California Invasion of Privacy Act (CIPA), which prohibits companies from using website tracking software to gather personal information about customers. The plaintiffs in the digital privacy class action are pursuing substantial monetary damages for the alleged privacy breaches.

For more information about the lawsuit against United HealthCare, keep reading this blog. And to learn whether you might be eligible to join the class action, contact us directly.

What Is a Trap and Trace Device?

California Penal Code § 638.50(c), which is part of the California Invasion of Privacy Act (CIPA), places considerable restrictions on companies that use trap and trace devices. The statute defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” A person, company, or other entity that wishes to use a trap and trace device must first obtain a court order.

The CIPA, codified as Cal. Penal Code 630, often serves as the basis for lawsuits against companies accused of unlawfully wiretapping or eavesdropping on customer conversations. The statute was enacted for the purpose of curbing the invasion of privacy that often results from the use of certain technologies that pose a threat to the free exercise of personal liberties. The CIPA extends civil liability for surveillance that uses technology generally, and the Trap and Trace Law specifically imposes civil liability and statutory penalties against companies that unlawfully install pen registers or trap and trace software without first obtaining a court order.

Consumer Protection Class Action Filed Against United HealthCare

The recent consumer protection class action lawsuit involving the trap and trace law was filed in the Los Angeles County Superior Court. The defendant in the case is United HealthCare Services, Inc., a private insurance company that provides health insurance plans to consumers. According to the lawsuit, United HealthCare installed a data collection process on its website, https://www.uhc.com, for the purpose of tracking and tracing the identity and source of visitors to the site. United HealthCare allegedly worked with scandal-ridden social media company TikTok to unlawfully share the customer data.

“Fingerprinting”

The software that United HealthCare installed on its website was created by TikTok for the purpose of identifying site visitors. The TikTok software on the United HealthCare website runs code via a process known as “fingerprinting” that enables the company to collect as much data as it can about anonymous site visitors, including device and browser information, geographic information, and URL tracking. This information is then matched with existing data that TikTok has previously acquired from hundreds of millions of Americans who use the social media platform.

Similar allegations of unlawful data collection in collaboration with TikTok have been made in other trap & trace class action lawsuits recently filed in California courts.

“Advanced Matching”

United HealthCare has also been accused of using trap and trace devices to help TikTok collect website visitor information via a process known as “Advanced Matching.” This is a feature that allows TikTok to scan the website for recognizable form fields containing confidential customer information, such as email addresses, phone numbers, and routing information.

Class Action Lawsuit: United HealthCare Surveilled Website Visitors Without Consent

Visitors to the United HealthCare website have a reasonable belief that their web activity will be secure because the website intake page informs users that the information they share is “secure.” But the California class action lawsuit against the health care provider alleges that this is false: customers’ personal information and activity on the site is scanned and sent to TikTok so that its source can be identified through fingerprinting and deanonymization. The lawsuit accuses United HealthCare of giving TikTok access to consumer data without obtaining express or implied consent.

TikTok’s “Best Practices” Policy

Alarmingly, TikTok allegedly has a “best practices” policy encouraging companies like United HealthCare to capture this customer data “as early as possible” and “as frequently as possible.”  The class action lawsuit filed in the L.A. County Superior Court accuses United HealthCare of following TikTok’s best practices to help the social media company gather customer information as soon as a user visits the website: code on the site automatically sends information to TikTok to match the user with TikTok’s fingerprint.

By definition, there is no way for a site visitor to consent to the tracking of their activity because the TikTok software is deployed automatically when a user lands on the United HealthCare website. Site visitors have no way of knowing about the trap and trace devices, and United HealthCare does not even attempt to obtain visitors’ consent.

United HealthCare Accused of Unlawfully Sharing Customer Data with TikTok

Digital privacy is a growing concern for many Americans, particularly as more and more companies commit consumer fraud. One of the most troubling allegations against United HealthCare in the recent trap and trace lawsuit is that the company may be helping TikTok acquire personal information about website visitors. TikTok is owned by the Chinese government, and there are serious concerns that the social media company may be sharing user data with an adversarial foreign country. In fact, the U.S. Congress recently passed legislation that would require TikTok to be sold to a different entity or face a permanent ban in the United States. Additionally, the director of the National Security Agency (NSA) has identified TikTok as “a platform for surveillance” that poses a possible cybersecurity risk to the country.

The class action lawsuit against United HealthCare highlights a major problem with data collection on the United HealthCare website: user data is allegedly being shared with third parties who have the ability to harm California citizens through data aggregation. Moreover, the fact that this is a healthcare provider means that vulnerable American citizens could be targeted based upon their specific medical issues and uninsured status.

Plaintiffs Seek Monetary Damages for Violations of California’s Trap & Trace Law

The class action lawsuit against United HealthCare accuses the healthcare provider of violating California’s Trap and Trace Law. If United HealthCare is found liable in the civil suit, plaintiffs who visited the company’s website may be eligible for substantial monetary damages. That’s because the California Invasion of Privacy Act (CIPA) imposes both statutory damages meant to compensate victims and punitive damages meant to discourage future violators. The law also allows for successful plaintiffs to recover reasonable attorney’s fees and costs.

Did You Visit the United HealthCare Website? Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Did you visit the United HealthCare website and fill out any forms or provide any personal information? If so, you may be eligible to pursue monetary damages for an invasion of privacy violation. That’s because United HealthCare has been accused of using trap & trace technology to help third parties unlawfully collect the confidential information of website visitors.

The California consumer protection lawyers at Tauler Smith LLP are representing plaintiffs in a class action lawsuit against United HealthCare. For more information, call 310-590-3927 or email us.

California Trap and Trace Law

California’s Trap and Trace Law

California Trap and Trace Law

California’s trap and trace law protects consumers against the unauthorized tracking of their activity online. For law enforcement, securing a court order to intercept communications is difficult because there are strict limitations on this type of activity. Yet, for companies with websites, it has become far too easy to acquire customer data in the same invasive manner without any authorization or consent. Moreover, once a company has acquired certain information about a user, the company might try to use that information to deliver targeted advertising. In some cases, the customer data might even be sold to a third party. A qualified consumer fraud lawyer can help individuals better understand the nature of the protections provided by California’s consumer privacy laws.

The installation of tracking and tracing software on a website may be a violation of the California Trap and Trace Law. To learn more, keep reading.

What Is a Trap & Trace Device?

The California Invasion of Privacy Act (CIPA) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing or signaling information reasonably likely to identify the source of a wire or electronic communication.”

Trap and trace devices differ from wiretaps because they do not capture the content of communications in real time. Instead, a trap and trace device enables the collection of very particular information from a website visitor: the dialing, routing, addressing, or signaling information (also known as DRAS).

How Do Companies Use Trap and Trace Technology to Collect Consumer Data?

Website tracking software may permit companies to gather identifying information about website visitors, such as their phone number and email address. Tracking devices can also be used to gather other personal information about website users, including device and browser information, geographic information, referral tracking, and URL tracking.

How can trap and trace technology be used to identify the source of an electronic communication? One way that a trap and trace device might work is to capture incoming electronic impulses that identify the dialing, routing, addressing, and signaling information generated by website visitors. For example, as detailed in a recent digital privacy class action complaint against United HealthCare, website users might be asked to provide personal information like their gender, birthday, zip code, and tobacco use history. This data could then be scanned and sent to a third party like TikTok for deanonymization. Significantly, website visitors are never informed that the company is collaborating with a third party to collect customer data.

Tracking Software Is Deployed Automatically and Without Consent

When a company utilizes technology to track the interactions of website visitors, the company must first obtain a court order to do so. In many cases, however, companies do not get a court order to use trap and trace technology on their websites. In fact, the tracking & tracing software is often installed on certain companies’ websites and then deployed automatically: the software may start gathering personal information about users the moment they land on the site. This means that a user’s web activity is tracked before the user even has an opportunity to consent by “accepting cookies” or “managing preferences” on the website.

There are significant privacy concerns raised by the use of trap and trace technology on websites. The truth is that the personal information revealed by internet communications can be far more revealing than the same type of information captured by phone dialing information. That’s because when a trap and trace device captures a person’s internet addressing data, it may also reveal other important aspects of their communications, including geolocation data, purchase history, and other personal information. Moreover, a record of which website URLs a person visited on a website could be used to precisely identify the content of communications on the site.

Companies Accused of Selling Confidential Customer Data to TikTok and Other Third Parties

Companies as diverse as United HealthCare, WebMD, Smashbox, and DraftKings have been sued in recent months for alleged violations of California’s Trap and Trace Law. Many of the companies that utilize and deploy computer software on their websites attempt to make money by selling ads, and this is easier to accomplish when they are able to identify users who can then be commoditized and sold to the highest bidder.

Multiple trap & trace class action lawsuits have been filed against businesses accused of working with social media company TikTok to “fingerprint” website visitors so that their personal information can be collected and shared. For example, one type of trap & trace software allegedly utilized by TikTok allows companies to collect extensive data about anonymous website visitors and then match it with existing data that the social media platform has already acquired and accumulated about hundreds of millions of Americans. The technology can reportedly reconstruct a user’s identity, which then gives companies the ability to use the data to run advertising campaigns targeting the user.

CIPA Section 638.51: California Trap & Trace Law

As more and more websites have begun using technology to track site visitors, the number of lawsuits challenging this kind of technology has risen. Some California class action plaintiffs have started to file consumer protection lawsuits based on the trap and trace device theory, with dozens of lawsuits being filed in California state and federal courts over the last year. That’s because § 638.51 of the California Invasion of Privacy Act (CIPA) limits the ways in which companies can gather information about website users.

The statute that addresses trap and trace devices is broadly worded so that it applies to any device meant to locate a person, including websites. This means that a lot of individuals may qualify to join a class action lawsuit against companies that use these types of devices to acquire personal information about website visitors.

Class Action Lawsuits

Sections 631(a) and 632.7 of the California Invasion of Privacy Act (CIPA) specifically prohibit companies from wiretapping or eavesdropping on conversations with customers, and courts have extended these protections to consumers who visit websites. With respect to trap and trace class actions brought under the CIPA, federal courts have held that the law also applies to Internet communications. As a result, a number of lawsuits are now being filed under Section 638.51 of the consumer privacy statute.

Statutory Penalties

Each trap and trace violation carries a statutory penalty of $2,500, which serves as a strong deterrent for companies that operate websites targeting consumers in California.

Pen Register Lawsuits in California

Another type of legal claim filed under California Penal Code § 638.51 is a consumer protection lawsuit alleging privacy violations based on the pen register theory. The law explicitly prohibits anyone from using a pen register without first getting a court order.

A pen register is a physical machine commonly used by law enforcement to trace signals from someone’s phone or computer. In the context of a website, pen registers can be utilized to identify a website user’s location, browsing history, and purchase history. Pen registers track the phone numbers dialed from a particular phone line; by contrast, trap & trace devices track the numbers of incoming calls to a phone line. Importantly, trap and trace devices can also be utilized to identify the content of online communications, such as website forms that are completed by site visitors.

Call the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Did a website track your personal information without consent? If so, you may be eligible to file a trap & trace lawsuit to recover statutory damages. The Los Angeles consumer protection lawyers at Tauler Smith LLP have experience handling consumer class action complaints filed in both federal and state courtrooms. Call 310-590-3927 or email us now for a free consultation.

Tony Robbins CIPA Lawsuit

CIPA Lawsuit Against Tony Robbins Company

Tony Robbins CIPA LawsuitA CIPA lawsuit against the Tony Robbins Company was recently filed in a California superior court. The self-help business has been accused of secretly wiretapping the communications of website users in violation of the California Invasion of Privacy Act, or CIPA. Beyond that, the company has been accused of allowing third parties to use digital surveillance tools to monitor user behavior and eavesdrop on visitor conversations without express or implied consent, which is also a violation of state consumer privacy laws.

To learn more about the class action complaint against the Tony Robbins Company, keep reading.

Class Action Complaint Against Robbins Research International

The defendant in the invasion of privacy case is Robbins Research International, Inc., which operates www.tonyrobbins.com. This is the official website of Tony Robbins, a celebrity self-help guru. Consumers in California and elsewhere access the website to purchase books, programs, and tickets to events on how to master all aspects of their lives.

The case, Haviland v. Robbins Research International, Inc., is being heard in the Los Angeles County Superior Court. The class action complaint alleges violations of the California Invasion of Privacy Act (CIPA), including illegally wiretapping internet communications, as well as aiding, abetting, and paying third parties to eavesdrop on internet conversations.

Illegal Wiretapping

The defendant has been accused of surreptitiously implanting code the Tony Robbins website that allows for the unauthorized recording of private conversations. The civil suit also alleges that the website code allows for the creation of transcripts of these conversations with site visitors. Both acts are violations of the California Invasion of Privacy Act (CIPA), which requires companies to obtain permission from customers before recording online conversations.

Due to the nature of the defendant’s business, customers who use the Tony Robbins website often disclose sensitive personal information via the website chat feature. This information goes beyond mere “record information” like the user’s name and address; it includes confidential information such as the user’s IP address, geolocation information, browsing history, and search history. The data collected by the defendant could enable the creation of detailed profiles about individuals for the purpose of delivering targeted advertisements specifically tailored to their personal interests. Significantly, the data collected from customers who use the website chat feature is allegedly harvested without consent.

Tony Robbins Company Accused of Sharing Customer Data with Third Parties

One of the major allegations in the civil suit against Robbins Research International is that the company allows a third party to collect a bevy of personal information from website visitors without their consent or knowledge. According to the complaint, the Tony Robbins company has entered into financial agreements with a third-party company, UserWay, to embed code into the website’s chat function. This code allegedly enables UserWay to covertly intercept and monitor the chat conversations in real time without the knowledge or consent of site visitors. In other words, the chats that users believe are taking place on the Tony Robbins website are actually occurring on UserWay.

According to the lawsuit, the company’s website privacy policy never discloses to users that the company can share and sell site visitors’ personal information to third parties. The unauthorized sharing of users’ personal information with third parties is a clear violation of the California Invasion of Privacy Act (CIPA). Moreover, the defendant’s alleged behavior is particularly egregious because website users have a reasonable expectation of privacy when they use a seemingly harmless chat box feature on www.tonyrobbins.com.

Customer Data Exposed

The defendant’s actions leave consumers exposed to significant privacy risks because their personal information is allegedly shared with a wide range of entities – and without any clear limitations or safeguards on how that personal information may be used.

Additionally, the lawsuit raises serious concerns about whether this digital privacy violation could further compromise the privacy and control of users’ information by opening the door for the dissemination of personal data to other entities for cross-context behavioral advertising purposes. This kind of invasive practice could subject users to relentless advertising campaigns across multiple platforms – without their consent or knowledge.

How Companies Violate the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act (CIPA) explicitly prohibits both wiretapping and eavesdropping of electronic communications unless all parties to the communication have first provided consent. Most website operators comply with these legal requirements by conspicuously warning visitors if their conversations will be recorded or if any third parties will be eavesdropping on them.

The invasion of privacy law is written in terms of wiretapping, with language barring companies from using a “machine, instrument, or contrivance” to illegally record and eavesdrop on conversations. But it is important to note that courts have found that Cal. Penal Code § 631(a) applies to internet communications. This means that any company that attempts to learn the contents of a website communication without the consent of all parties can be sued for violating the law.

The specific part of the digital privacy statute that Robbins Research International has been accused of violating is Section 631(a), which imposes liability on companies that invade the privacy of consumers. Section 631 is technically a criminal statute, but it does provide a mechanism for victims to bring a civil lawsuit and recover monetary damages.

Call the Los Angles Consumer Protection Attorneys at Tauler Smith LLP

The consumer protection lawyers at Tauler Smith LLP are representing California residents in a class action lawsuit against Robbins Research International. If you visited the Tony Robbins website and used the chat feature, you may be eligible to join the class action complaint. Call 310-590-3927 or email us today to schedule a free consultation.

Nationwide Mutual Insurance CIPA Lawsuit

CIPA Lawsuit Against Nationwide Mutual Insurance

Nationwide Mutual Insurance CIPA Lawsuit

A CIPA lawsuit was recently filed against Nationwide Mutual Insurance for illegal wiretapping and invasion of privacy, and now a federal judge in California has ruled that the case can proceed to trial. The U.S. District Court judge issued the ruling in response to a motion to dismiss the wiretapping claims under Section 631 of CIPA, or the California Invasion of Privacy Act. The civil suit alleges that Nationwide Mutual unlawfully allows a third party to eavesdrop on customer conversations on the insurance company’s website. Chat communications are allegedly monitored in real time, and the sensitive personal data from those conversations is allegedly stored and used for financial gain. These actions would constitute clear violations of California consumer privacy laws.

These days, it is common for many different types of businesses to violate the CIPA and other invasion of privacy laws. If you live in California and used the chat feature on a company’s website, you may be eligible to join a class action lawsuit for invasion of privacy. The Los Angeles consumer protection lawyers at Tauler Smith LLP can help you get financial compensation.

Nationwide Mutual Insurance Sued for Invasion of Privacy

The defendant in the recent invasion of privacy case is Nationwide Mutual Insurance Co., which is a corporation that offers insurance, retirement, investing, and other financial services and products to consumers in the United States, including residents of California. Nationwide operates a website: www.nationwide.com. The website has a chat feature, which customers can use to have online conversations with Nationwide. Sometimes, the customers who use the chat feature may share sensitive personal data with the company.

Third-Party Wiretapping of Customer Conversations

Nationwide Mutual Insurance has been accused of using a third-party company, Akamai or Kustomer, to embed code into the Nationwide website, which allows the third-party company to monitor and store transcripts of the conversations that occur through the chat feature. Akamai specializes in harvesting data from consumer conversations, which is believed to be the reason that Nationwide contracted with them in the first place.

Significantly, Nationwide does not inform customers who use the chat feature on the website that monitoring of conversations, storing of transcripts, or data harvesting occurs. Beyond that, Nationwide does not obtain customers’ consent for any of these activities.

Federal Judge Denies Motion to Dismiss Wiretapping Lawsuit Against Nationwide Mutual Insurance

The plaintiff in the consumer data privacy case is a California resident who used a smartphone to visit the Nationwide Mutual Insurance website and to communicate with Nationwide via the company’s website chat program. She filed her original legal complaint in Los Angeles County Superior Court, and the case was later removed to the U.S. District Court for the Central District of California.

Once the case arrived in federal court, Nationwide filed a motion to dismiss the complaint. The U.S. District Court recently held a hearing on the motion to dismiss. Although the Section 632.7 CIPA complaint was dismissed, the court ruled that the Section 631 CIPA complaint could move forward to trial. The court found that the plaintiff had stated a valid claim under § 631 of the CIPA because she plausibly alleged that Nationwide aided third-party Akamai in violating the consumer privacy statute.

What Are California’s Data Privacy Laws?

On top of having extremely strong consumer protection laws, California also has some of the strongest digital privacy laws in the country. The three most prominent statutes are the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). All of these data protection laws impose civil liability on companies that invade the privacy of customers. The CIPA imposes a requirement on businesses to obtain permission from customers before recording telephone and internet communications, including online chat conversations. The CCPA specifically prohibits businesses from sharing the personal information of customers with third parties, while the CPRA amended the law to increase the penalties for violating consumer privacy.

What Conduct Is Prohibited by the California Invasion of Privacy Act?

Although Section 631 of the California Invasion of Privacy Act (CIPA) is technically a criminal statute with criminal penalties, the Penal Code authorizes civil liability for violations of the law. This means that consumers whose confidentiality was invaded by a company doing business in California can potentially bring a civil lawsuit for monetary damages.

California courts ruling on CIPA claims have interpreted Section 631 to prohibit three types of conduct:

  1. Intentional wiretapping.
  2. Attempting to learn the contents of a communication in transit over a wire.
  3. Attempting to use information obtained as a result of wiretapping or monitoring of communications.

Additional requirements or elements of a CIPA violation include that the intentional wiretapping was done while the communication was in transit and that the communication was being sent from or received at a location within California. The prohibited conduct includes reading the contents of any message, report, or communication without the consent of all parties to that message, report, or communication. If one of the parties did not know that the chat or other type of communication was being monitored and/or wiretapped, then it would not be possible for them to provide consent or authorization. The bottom line is that eavesdropping on a conversation is a clear violation of Section 631 of the CIPA.

“Aiding” a Violation of the CIPA

Section 631 of the California Invasion of Privacy Act (CIPA) also imposes liability on any company that “aids” or assists another in violating the statute. The plaintiff in this case alleges that Nationwide Mutual Insurance “aided, abetted, and even paid third parties to eavesdrop” on her conversations. Moreover, she alleges that these privacy breaches happened not only with her communications, but also with other consumers’ communications on the Nationwide website.

Party Exception to § 631

There is a “party exception” to Section 631 of the CIPA. Courts have found that a party to a conversation cannot be liable for “eavesdropping” on that conversation. But this gets complicated when the conversation involves a third party. For example, if computer code on a website automatically directs a communication to a third party, the party exception won’t shield the third party from civil liability under the CIPA.

U.S. District Court: Nationwide Mutual Insurance May Have Violated California Invasion of Privacy Law

The plaintiff in the Nationwide Mutual Insurance data privacy case alleged that Nationwide violated the California Invasion of Privacy Act (CIPA) pursuant to California Penal Code § 631. Now, the U.S. District Court for the Central District of California has found that the plaintiff plausibly alleged that Akamai read the contents of her messages, which would constitute a violation of Section 631 by Nationwide for “aiding” in the wiretapping offense. Moreover, the court agreed that it is conceivable that Nationwide hired Akamai specifically to intercept messages and use them for Nationwide’s financial benefit. This would constitute “aiding” the illegal wiretapping by Akamai, which would lead to Nationwide itself being liable for violating the CIPA.

One theory put forward in the case is that Nationwide paid Akamai to “embed code” into the website that “enables Akamai to secretly intercept in real time, eavesdrop upon, and store transcripts” of messages sent via the website chat feature. In fact, it has been alleged that Akamai’s business model is to harvest data from transcripts of communications. Significantly, the federal court said that one inference from the plaintiff’s legal claim is that the personal information being harvested goes beyond mere “record information” like the consumer’s name, address, and subscriber number.

Akamai has been accused of intercepting customers’ messages as they are sent and received on the Nationwide website. The court found that these allegations are “plausible” based on Akamai’s public statements about their conduct. Additionally, the court said that the plaintiff clearly alleged that neither Akamai nor Nationwide Mutual Insurance had her consent to harvest personal data from communications on the Nationwide website.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

Anyone who used the chat feature on a company’s website may have been the victim of illegal wiretapping and privacy violations. If you are a California resident who visited a website, the Tauler Smith LLP legal team can help you. Contact our Los Angeles consumer fraud and false advertising attorneys today. You can call 310-590-3927 or email us.

Website Wiretapping & CIPA

California Invasion of Privacy Act & Website Wiretapping

Website Wiretapping & CIPA

It is important for consumers who interact with businesses online to have a solid understanding of the California Invasion of Privacy Act (CIPA) and website wiretapping. When you have a conversation with someone on the phone or via the computer, there is usually a reasonable expectation that the conversation will remain between the two parties. But what happens when what you believed to be a private conversation was actually being wiretapped, surveilled, and/or recorded by the other party? If this happens in the context of a business transaction, sales call, or online chat, your information could be sold to other companies that profit from the data. This has become a very serious problem in the internet era when personal data can be transmitted and circulated at a rapid pace. It’s one reason that California consumer privacy laws like the CIPA have become so important as tools to protect consumers against unethical business practices.

To learn more about the consumer protections against website wiretapping afforded by the California Invasion of Privacy Act, keep reading this blog.

What Is Website Wiretapping?

Wiretapping is a term used to describe the act of connecting a listening or recording device to a telephone. Website wiretapping occurs when the chat communications on a website are unlawfully recorded, transcribed, or surveilled without permission. These days, wiretapping technology is commonly used to secretly record conversations on websites that were supposed to remain private. Some of the reasons that people might illegally wiretap a website chat include gaining information about a business competitor, learning the details of an opponent’s lawsuit, or acquiring valuable data about a customer that can be sold to others.

Illegal wiretaps are not just against the law; they can also cause significant harm to victims. That’s why California allows individuals to file civil lawsuits against anyone who records their online conversation without consent.

California’s Law on Website Wiretapping: Section 631 of the CIPA

California has a number of very strong consumer protection laws that prohibit companies from jeopardizing the digital privacy and security of customers. Any company that does business in California needs to be completely transparent in their data collection practices, which includes obtaining proper consent from customers and website visitors before any personal information is shared online.

For example, California courts have held that it is a violation of California’s Invasion of Privacy Act (CIPA) for companies to wiretap user chats and other communications on websites. It is specifically a violation of § 631(a) of the CIPA when the intercepted communications contain what might be considered more sensitive than “record information” such as the user’s name, address, email, etc.

Additionally, Section 631 of the CIPA gives consumers a legal right to know when their phone conversation is being recorded, or when their online chat conversation is being monitored and transcribed. That is why a lot of companies provide automated warnings at the beginning of calls to alert customers to the possibility that the call may be monitored or recorded, and privacy policies on websites that disclose the monitoring of website chat communications with session recording technology.

Wiretapping on Websites:

Customers have a reasonable expectation of privacy when they visit a company’s website and use the chat feature. Their privacy rights are violated when a company wiretaps the online conversations, and they are further violated when that company allows third-party entities to eavesdrop on the chat conversations.

In recent years, many companies doing business online have been accused of breaching the privacy of individuals who visit their websites. When those websites are accessible to customers in California, the companies may be violating California’s very robust consumer privacy laws. Companies violate the California Invasion of Privacy Act (CIPA) by illegally wiretapping the conversations of website visitors.

Winning a CIPA Claim for Illegal Wiretapping

The simple fact is that a lot of businesses fail to provide clear warnings about the nature of phone conversations, online chats, or other communications with customers. When a business secretly monitors or records a conversation, the customer whose privacy rights were violated by the illegal wiretapping may be able to take legal action by filing a CIPA claim.

One element of a successful CIPA claim that the plaintiff will need to prove is that they had a reasonable expectation of privacy. Generally, the content and circumstances of the conversation can be used to determine whether such an expectation existed. This is where the court will examine a number of case-specific factors, including:

  • The identity of the person who initiated the conversation.
  • The purpose of the communication.
  • The duration of the conversation.
  • Whether there were prior conversations between the parties.
  • The type of information that was communicated.
  • Whether the party recording the conversation provided a warning.

Section 632(c) of the CIPA clarifies that when the parties to a communication reasonably expect to be overheard or recorded, it does not qualify as a “confidential communication” under the law.

Civil Remedies Available to Consumers Under the CIPA

As mentioned above, the CIPA includes both civil and criminal penalties for companies that violate the statute by unlawfully accessing, maintaining, or sharing customer data. For consumers who have been victimized, the civil penalties can be a valuable tool to get some sort of justice. The CIPA allows consumers to file civil lawsuits in California state court to recover damages of up to $5,000 for each invasion of privacy violation. Additionally, in some cases, the court may order the defendant to pay treble damages that total three (3) times the economic harm suffered by the consumer.

Criminal Penalties for Wiretapping in California

Violations of the wiretapping law can also result in criminal penalties. On the criminal side, the CIPA gives courts the ability to impose penalties such as monetary fines and even jail time. A person charged with a crime for monitoring and recording a private communication could be sentenced to up to three (3) years in the county jail.

The decision about whether to bring criminal charges against a business or individual for breaching your privacy rights by recording a conversation will ultimately be made by prosecutors and other law enforcement authorities. If charges are filed against the defendant, the case will be heard in criminal court. A knowledgeable attorney can help victims start this process, as well as helping victims decide whether to file a civil lawsuit to recover money damages either before or after resolution of the criminal case.

Other Data Privacy Laws in California

Data privacy has been a major concern of California lawmakers for a while now, which is why the state has tended to lead the way with this kind of legislation. In fact, the California Invasion of Privacy Act (CIPA) is just one of the state’s extremely strong consumer fraud laws with a focus on data privacy. The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are two other laws that explicitly protect customers against companies that overreach when it comes to sharing personal data. In fact, both the CCPA and the CPRA require companies doing business in the state to give customers the right to opt out of the sharing of their data.

Recently, plaintiffs have been relying on § 638.51 of the CIPA to file class actions against companies that use pen registers or trap and trace devices to acquire data from website visitors without permission.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP to File a Website Wiretapping Claim

Too often, companies doing business online choose to deliberately disregard the privacy concerns of customers who use their websites. Instead, these companies prioritize financial gains over consumer privacy and personal well-being. If you visited one of these websites and shared any information via a chat feature, you may be able to get statutory damages under the wiretapping provision of the CIPA.

The Los Angeles consumer protection lawyers at Tauler Smith LLP can help you file a website wiretapping claim. Call 310-590-3927 or email us to learn more.

Arlo Home Security Invasion of Privacy

Arlo Home Security System Sued for Invasion of Privacy

Arlo Home Security Invasion of Privacy

Arlo Home Security System is being sued for invasion of privacy. The consumer protection attorneys at Tauler Smith LLP recently filed the lawsuit on behalf of a California resident who used the company’s website: www.arlo.com/. Specifically, Arlo is accused of engaging in the unauthorized collection, storage, and sharing of the personal information of its customers. Arlo has also been accused of allowing a third-party company to secretly intercept and monitor the online chat conversations of website visitors without their knowledge or consent. Arlo’s actions are alleged as clear violations of the California Invasion of Privacy Act (CIPA), which explicitly prohibits companies from engaging in behavior that violates certain privacy rights of customers.

We believe Arlo could be potentially violating other privacy rights of consumers based on our preliminary investigation. Keep reading this blog for more information.

Arlo Technologies Fails to Protect the Privacy Rights of Customers

Arlo is a home security company that sells doorbells and security cameras with wireless connections. Arlo Technologies, Inc. is the parent company that manufactures the wireless surveillance cameras and smart home security systems being marketed to consumers for both residential and small business use. Customers are able to use the Arlo.com website to purchase products, monitor their home security systems, and communicate with the company.

Arlo primarily manufactures and sells home security cameras, which means that it is absolutely imperative that the company complies with all applicable federal and California state laws and regulations concerning data privacy. Moreover, the nature of Arlo’s business of selling security cameras and recording devices means that the personal information being collected from customers is likely to be extremely sensitive. When Arlo fails to protect the privacy rights of customers, it exposes them to significant risks not just because the information shared typically goes beyond basic record information to include personally identifiable details, but also because users are able to transmit video files over the internet that make them vulnerable to serious abuses of their privacy.

Privacy Lawsuit Filed Against Arlo Home Security System in Los Angeles County Superior Court

The plaintiff in the current lawsuit against Arlo alleges that Arlo unlawfully collected data using a third-party service on its website. The lead attorney for the plaintiff is Betsy Tauler, a consumer protection attorney who focuses on privacy law. Tauler filed the lawsuit in the Los Angeles County Superior Court.

Arlo’s Chatbox:

A major issue has been raised about the digital privacy of consumers who use Arlo’s website and share their private information. When the plaintiff in this case browsed the site, the complaint alleges, she interacted with a chatbox function that used a third party to collect information about her without her consent. Additionally, the home security system company allegedly utilizes the third-party chatbox on the website to unlawfully transmit and store user data. Arlo does this by covertly embedding code into its online chat function that sends the chat to a third party who collects data from the chat without the user’s knowledge. This type of commercial surveillance is illegal in California and violates the California Invasion of Privacy Act (CIPA).

Arlo’s Privacy Policy:

Arlo has been accused of collecting data from many website visitors without providing any disclosures about how their private information is being used. Although the Arlo website has a privacy policy, the policy is easy to miss because it is not prominently displayed on the home page. In fact, the policy is buried deep within the website, making it difficult for users to read and understand its terms before they provide personal information when prompted to do so by the website chat bot. The complaint filed in the Los Angeles County Superior Court alleges that Arlo’s failure to make sure that website visitors are aware of the terms of the privacy policy constitutes a deliberate attempt to mislead them.

Arlo Sued for Violations of the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act (CIPA) prohibits companies from wiretapping and eavesdropping on the electronic communications of customers. The statute also specifically requires website operators to conspicuously warn visitors if their conversations are being recorded or if any third parties are eavesdropping on them.

The CIPA applies to conversations transmitted via a “cellular radio telephone” or a “landline telephone.” These categories have been found to include smartphones that enable web browsing, as well as desktop computers and laptop computers that utilize wi-fi. The plaintiff in this case accessed Arlo’s website using a smartphone.

Arlo Home Security System faces a civil suit for violating two sections of the California Invasion of Privacy Act:

  • Section 631
  • Section 632.7

§631 of the CIPA:

Section 631(a) of California’s Penal Code prohibits companies from using any machine, instrument, or contrivance to wiretap a conversation. The statute also forbids companies from reading the contents of any message or communication without the consent of all parties to the communication.

Section 631 applies not just to telephone conversations, but also to internet communications. This means that Arlo’s wiretapping of website chat communications would constitute a clear violation of the CIPA.

Additionally, Arlo allegedly embedded software on its website for the purpose of recording and eavesdropping on customer communications, which is also prohibited because this type of session recording software qualifies as a “machine, instrument, or contrivance” as defined by the statute.

§632.7 of the CIPA:

Arlo has also been accused of violating Section 632.7 of California’s Penal Code by intercepting and intentionally recording customer communications transmitted via telephone. The plaintiff in this case accessed Arlo’s website and used the chat feature with a smartphone, which qualifies as a sophisticated “cellular radio telephone” as defined by the law. Since the statute prohibits companies from recording telephony communications without the consent of all parties, Arlo’s actions would constitute a violation of Section 632.7.

According to the complaint, Arlo’s actions demonstrate that the company is more interested in profiting from its users’ personal information than it is in protecting users’ privacy rights.

Arlo Allegedly Surveils Customers

Arlo allegedly also allows ADA, a third-party company, to eavesdrop on customer conversations. ADA allegedly collects transcripts of these conversations and uses them for financial gain in unregulated dark data markets without any limitations. Additionally, ADA may be exposing Arlo customer data in international data transfers, which could involve foreign countries with different data protection laws.

Arlo allegedly pays substantial sums of money to ADA to embed code into the website chat feature. This is how ADA is able to allegedly intercept the chat communications in real time. The third-party company then eavesdrops on those conversations and stores transcripts. Website visitors have no way of knowing that this is being done. In fact, the complaint alleges that no one who uses the chatbox feature on the Arlo.com website is informed that they are being subjected to unlawful surveillance.

Do You Use Arlo for Home Security? Call the California Consumer Protection Attorneys at Tauler Smith LLP

Anyone within California who uses Arlo and believes they have been unlawfully collecting data may be eligible to file an invasion of privacy lawsuit to recover injunctive relief and statutory damages under the California Invasion of Privacy Act (CIPA) or other consumer protection laws.

The California consumer fraud lawyers at Tauler Smith LLP are representing plaintiffs in a class action lawsuit against Arlo Home Security System. For more information, call 310-590-3927 or send us an email.

Goodyear Tires Wiretapping Lawsuit

Goodyear Tires Wiretapping Lawsuit to Proceed

Goodyear Tires Wiretapping Lawsuit

In a highly anticipated ruling, a federal judge in California recently denied Goodyear’s motion to dismiss wiretapping claims based on their use of third-party chat applications hosted on their website. This ruling allows the Goodyear Tires wiretapping lawsuit to proceed. The complaint alleges that when users visit www.goodyear.com/ and use the website chat feature, they share personal data in communications that are unlawfully recorded and transcribed. The plaintiff alleged that Goodyear was allowing a third-party company to intercept, eavesdrop, and store transcripts of the conversations, which is prohibited by the California Invasion of Privacy Act (CIPA).

Do you live in California? Did you use a chat feature on a commercial website? You may be eligible to file a civil suit for invasion of privacy and get financial compensation. Contact us now.

CIPA Claim: Judge Denies Motion to Dismiss Goodyear Wiretapping Lawsuit

The California Central District Court recently issued a ruling in a case involving allegations that Goodyear Tires violated the California Invasion of Privacy Act (CIPA) by wiretapping user chats on the company’s website. The federal court agreed with the plaintiff that the chat feature violated the CIPA, ruling that the plaintiff contends that Goodyear used a third-party service to “intercept in real time” website visitors’ chat conversations. The court added that the allegation that user messages were unlawfully intercepted “is to be taken as true at this stage of the case.”

In her CIPA claim, the plaintiff alleged that visitors to the Goodyear Tires website share “sensitive personal information” when they use the chat conversation. Significantly, the court ruled that the plaintiff pled sufficient facts for a claim under § 631(a) of the CIPA by showing that chat communications were intercepted, and those communications plausibly contained “more than mere record information” such as her name and address.

Wiretapping of Smartphone Communications

The California Central District Court also addressed the fact that the plaintiff accessed the Goodyear Tires website on her smartphone, which is considered a cellular phone with web capabilities. The federal court noted the precedent set by other courts that have applied § 632.7 of the CIPA to internet-based communications, ruling that the plaintiff has sufficiently alleged that users of Goodyear’s chat feature have a reasonable expectation of privacy because they share highly sensitive personal data.

California Has the Strongest Data Privacy Laws in the Country

California’s consumer protection laws include the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). The CIPA requires companies to get permission before recording any online chats, while the CCPA gives customers the right to prevent companies from sharing their personal data and the CPRA bolsters those digital privacy protections. California’s data privacy laws go even further by placing the onus on companies to make efforts to warn customers if their phone conversations or online chats are being monitored or recorded. In fact, California has some of the strongest such laws in the country. This may be why Goodyear’s terms of use include a forum selection clause requiring claims to be filed in another state: Ohio.

Goodyear Website Terms of Use

The Goodyear Tires website has a “Terms of Use and Privacy Policy” hyperlink at the bottom of the homepage. Site visitors can only see this link by scrolling all the way down on the website. When a user clicks on this link, they are directed to a “Terms, Conditions & Privacy Policy” page that includes another link for Terms of Use. There is no option for the user to click a button acknowledging that they have read the terms of use. Buried deep on this page is a section on “Applicable Laws,” which includes a forum selection clause stating that anyone who uses the Goodyear website automatically consents to litigating any legal disputes in an Ohio courtroom.

Goodyear Forum Selection Clause

In a recent lawsuit filed in California by Los Angeles false advertising attorney Robert Tauler against Goodyear, the tire company attempted to get the case moved to a jurisdiction with less stringent consumer protection laws. Goodyear specifically requested that the venue be changed from the U.S. District Court for the Central District of California to the District Court for the Northern District of Ohio.

Goodyear Tires argued that the plaintiff already agreed to having any legal proceedings handled in Ohio because she used the Goodyear website and automatically consented to the forum selection clause contained in the website’s “Terms of Use.” Robert Tauler responded on behalf of the plaintiff and persuasively argued that it was not possible for the plaintiff to legally consent to the forum selection clause because there was neither actual nor constructive notice of the “Terms of Use.”

The California federal trial court hearing the case ultimately rejected Goodyear’s motion to change venue, which means that the case will be adjudicated in the California Central District Court and decided under California’s very strong invasion of privacy and consumer protection laws. The court gave several reasons for ruling in favor of the consumer-plaintiff and against Goodyear, including contract formation laws which require mutual assent in order for a contract to be binding on both parties.

Are Internet Contracts Legally Enforceable?

The Ninth Circuit Court of Appeals previously identified two categories of internet contracts like the Goodyear terms of use:

  1. Clickwrap Agreements: Site visitors must check a box to confirm that they agree with the website’s terms and conditions of use.
  2. Browsewrap Agreements: Site visitors are able to click on a hyperlink that will take them to a page with the website’s terms and conditions of use.

An important aspect of browsewrap agreements is that it is possible for a site visitor to continue using a website without knowing that the agreement even exists. That’s because browsewrap agreements like the one on the Goodyear Tires website do not require site visitors to take any affirmative action. This creates a legal issue for internet contracts that rely on browsewrap agreements since users might not have an opportunity to assent to the terms of use. Courts have held that such a contract can only be valid if the website user had either actual or constructive notice of the terms and conditions.

Goodyear Browsewrap Agreement

The Goodyear browsewrap agreement does not qualify as a valid, legally binding internet contract because the website terms of use are inconspicuous: the hyperlink can only be seen when the user scrolls to the bottom of the page, and the text does not stand out against the background colors. This does not provide the user with sufficient notice. In Wilson v. Huuuge, Inc., the Ninth Circuit Court of Appeals held that courts should not enforce a similar smartphone app agreement “where the terms are buried at the bottom of the page or tucked away in obscure corners of the website.”

Additionally, there is nothing on the Goodyear Tires website that requires the consumer to click a button, check a box, or take any other action that would unambiguously convey their assent to the terms of use. This also means that site visitors are not provided with constructive notice of the website terms of use which they are supposedly agreeing to abide by.

Class Action Lawsuit Against Goodyear Tires for Violating California’s Wiretapping Law

When you visit a website, you have an expectation that your personal data will be protected and that any conversations you have on the website will remain confidential. The Los Angeles consumer protection attorneys at Tauler Smith LLP help clients file CIPA claims both individually and in class action lawsuits against companies that violate California’s data privacy laws. For example, our attorneys have represented individuals whose data was compromised due to illegal wiretapping and eavesdropping, including chat conversations on company websites.

The CIPA is a criminal statute that subjects companies to criminal penalties, including jail time and substantial fines. Victims can also bring civil lawsuits to recover statutory damages of $5,000 for each illegally recorded conversation. In some cases, it may be possible to recover treble damages, meaning that plaintiffs are eligible for up to three (3) times the total economic damages caused by the invasion of privacy.

Contact the California Consumer Protection Attorneys at Tauler Smith LLP Today

Did you use the chat feature on the Goodyear Tires website? Did you use a chat feature on any other commercial website? If so, your personal data may have been unlawfully recorded without your consent and in violation of both state and federal wiretapping laws. The California consumer protection lawyers at Tauler Smith LLP can help you. Call 310-590-3927 or send an email to learn more and find out if you are eligible to file a CIPA claim.

California Invasion of Privacy Act

California Invasion of Privacy Act (CIPA)

California Invasion of Privacy Act

It is quite common these days for businesses to monitor and record phone calls with customers, whether it’s to ensure that orders are accurate, to review employee interactions, or for some other reason. At the same time, new technologies have made it easier than ever to eavesdrop on private communications. Unfortunately, this has resulted in some companies going too far by invading the privacy of customers. The California Invasion of Privacy Act (CIPA) is a state law that makes it illegal for businesses to wiretap consumer communications and record you without your consent. Businesses that violate the CIPA may be subject to both criminal and civil penalties, including a lawsuit filed by any consumers whose conversations were wiretapped or recorded without permission.

To learn more about the California Invasion of Privacy Act, keep reading this blog.

What Is California’s Invasion of Privacy Law?

California has the nation’s strongest consumer protection laws, including the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the California Consumers Legal Remedies Act, and the California Unfair Competition Law (UCL). The CCPA was enacted in 2018 to become the nation’s first state privacy law, and it strengthened protections for customer data collected by businesses online. The CIPA has a longer history, having been passed by the California State Legislature in 1967 for the purpose of more broadly protecting the privacy rights of all state residents, including consumers. Under the CIPA, it is illegal for companies to wiretap or record conversations unless all participants have consented to the recording. This applies to telephone conversations and online communications.

Cell Phones

Although the wiretapping law was initially intended to cover calls on landline phones, the use of cellular phones has been addressed by the statute. Cal. Pen. Code sections 632.5 and 632.6 specifically prohibit the use of a recording device when a call involves a cellular phone, whether it’s two cell phones or one cell phone and one landline phone.

Websites & Session Replay Software

In addition to recording phone conversations, a lot of companies also keep records of their interactions and communications with customers who visit a company website. This becomes problematic – and possibly illegal – when the company uses session replay software to capture visitor interactions with their website. That’s because the use of this type of tracking software may constitute an unlawful intercept of the communication, as defined by California’s wiretap law.

Session replay software allows website operators to monitor how a user interacts with the website. The tool then reproduces a video recording that shows the user’s interactions, including what they typed, where they scrolled, whether they highlighted text, and how long they stayed on certain pages. When companies employ this software, the very fact that a machine is being used to intercept customer communications constitutes a violation of the CIPA.

California Penal Code Section 631: Wiretapping

California Penal Code Section 631 forbids anyone from illegally wiretapping a conversation. The law specifically prohibits the following:

  • Using a machine to connect to a phone line.
  • Trying to read a phone message without the consent of all the parties participating in the conversation.
  • Using any information obtained through a wiretapped conversation.
  • Conspiring with another person to commit a wiretapping offense.

Some states allow a call to be recorded when just one participant is aware of the wiretap and consents to it, even if the person recording the call is the one providing consent. But California is a two-party consent state, which means that everyone involved in the call or chat must agree to it being recorded. If just one party does not provide consent, then recording the conversation constitutes a violation of the CIPA and can result in both criminal and civil penalties.

Out-of-State Businesses

Even if the person who called you or chatted with you was not located in California, you can still bring a lawsuit under the Invasion of Privacy Act as long as you were in the state at the time of the call or chat. That’s because out-of-state businesses must still comply with California laws when communicating with someone who is in the state.

California Penal Code Section 632: Eavesdropping

Section 632 of the California Penal Code addresses the crime of eavesdropping. Many times, a wiretapping case also involves eavesdropping offenses where the offending party both taps a phone line and listens in on the conversation. The main difference between the two is that eavesdropping does not necessarily involve the tapping of a phone line.

The statute defines “eavesdropping” as the use of a hidden electronic device to listen to a confidential communication. Significantly, the law is not limited to phone conversations. When someone intentionally eavesdrops on an in-person conversation, they may be subject to criminal charges and a civil suit for damages. The types of electronic devices that are often used to illegally eavesdrop include telephones, video cameras, surveillance cameras, microphones, and computers. If the device was concealed from one of the parties, it may constitute a violation of California’s eavesdropping laws.

Can You Sue for Invasion of Privacy in California?

Although the California Invasion of Privacy Act is technically a criminal statute, Cal. Pen. Code §637.2 gives victims of wiretapping and eavesdropping the ability to bring a civil suit against the person or company that illegally recorded the conversation. If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages. Additionally, §638.51 gives consumers the ability to file a lawsuit against companies that use trap & trace devices to illegally monitor website visits without consent.

If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages.

How to Prove Invasion of Privacy Under the CIPA

To win your CIPA claim, you will need to prove that the conversation was illegally recorded in the first place. In some cases, this will be obvious because the business will reveal that they are monitoring and recording the call or chat. In other cases, consumers may learn about illegal wiretapping during the discovery process when the defendant is forced to turn over company records.

The other elements of a CIPA claim that you will need to establish at trial include:

  • The defendant intentionally used an electronic device to listen in on and/or record the conversation.
  • You had an expectation that the conversation would not be recorded.
  • You or at least one other person on the call did not consent to having the conversation recorded.
  • You suffered some kind of harm or injury as a result of your privacy rights being violated by the defendant.

The use of a cellular phone can change the burden of proof needed to win a CIPA claim. That’s because courts will typically use a strict liability standard when at least one of the participants on the call was using a cell phone. This means that the context and circumstances of the call won’t matter; the court will automatically presume that there was an expectation of privacy. Additionally, strict liability will apply to the defendant even when they did not realize that the other person on the call was using a cell phone.

What Is the Penalty for Invasion of Privacy?

The criminal penalties for violating the California Invasion of Privacy Act (CIPA) include possible jail time and significant fines. Businesses that violate the CIPA may also be exposed to civil penalties when a consumer files a lawsuit in state court.

Criminal Penalties

The CIPA gives criminal prosecutors wide latitude to charge an offense as either a misdemeanor or a felony, depending on the facts of the case. If a CIPA violation is charged as a misdemeanor, the defendant could be sentenced to one year in jail and ordered to pay up to $2,500 in statutory fines for each violation. If the violation is charged as a felony, the possible jail time could increase to three years. Additionally, anyone convicted of a second wiretapping offense could face more substantial fines.

Civil Penalties

The CIPA lists statutory penalties that may be imposed against companies or individuals who violate the statute. The court can order the defendant to pay $5,000 in statutory damages for each illegally recorded conversation, or three (3) times the actual economic damages you suffered because of the privacy breach. The judge in your case will have the option to choose whichever amount is greater: the statutory damages or the actual damages.

Depending on the circumstances of your case, you might also be able to file a right of publicity lawsuit. That’s because right of publicity claims and invasion of privacy claims often overlap, especially when a business attempts to profit from someone else’s image or likeness without consent.

California Invasion of Privacy Statute of Limitations

It is very important that you take immediate action and speak with a qualified consumer protection attorney as soon as you suspect that a company may have violated your privacy during a communication. That’s because the California Invasion of Privacy Act (CIPA) requires plaintiffs to file a civil suit within one (1) year of the date on which the conversation happened. Failure to bring your case before one year has passed could result in your lawsuit being dismissed.

The statute of limitations period typically begins when the plaintiff knew about the defendant’s illegal wiretapping. But what happens when the plaintiff did not learn about the invasion of privacy violation until later? In these cases, the court usually applies a reasonable person standard, which means that the court will attempt to determine the point at which a reasonable person standing in the shoes of the plaintiff would have known about the unlawful act by the defendant. In other words, should the plaintiff have discovered the privacy violation before the statute of limitations expired?

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If a company invaded your privacy by secretly recording a conversation without your permission, you may be eligible to file a civil suit to recover statutory damages. The first step you should take is to speak with an experienced Los Angeles consumer protection attorney at Tauler Smith LLP. We can help you decide how to best proceed with your case.

Call 310-590-3927 or email us today.