Posts

Electronic Communications Privacy Act

Electronic Communications Privacy Act (ECPA)

/in /by

Electronic Communications Privacy Act

The Electronic Communications Privacy Act (ECPA) is a federal law enacted in the mid-1980s just as cell phones, the internet, and other digital technologies were becoming prevalent throughout the United States. Many Americans began to use email, prompting lawmakers to put stringent privacy protections in place for those types of communications. Today, data privacy concerns remain a major concern in industries where customer records shared online typically involve sensitive material, including the financial and healthcare industries. The need for strong internet privacy protections like those provided by the ECPA and by California’s privacy laws is greater than ever as more and more third-party companies and data brokers use website data to profile users and create targeted advertising strategies. An ECPA lawsuit is often the best way for consumers to protect their data and hold companies liable for digital privacy breaches.

Legislative History of the Electronic Communications Privacy Act (ECPA)

The U.S. Congress passed the Electronic Communications Privacy Act (ECPA) in 1986 for the purpose of:

  1. Expanding the scope of the prohibition against government wiretaps from just telephone calls to also include computer transmissions.
  2. Adding new prohibitions against access to stored electronic communications.
  3. Adding provisions addressing the tracing of telephone calls via pen registers and trap & trace devices.

The ECPA amended the Omnibus Crime Control and Safe Streets Act of 1968, which was intended to limit government access to private electronic communications. The older law explicitly dealt with telephone calls, while the ECPA extended those privacy protections to more modern forms of electronic communication like the internet.

Since its passage, the ECPA has been amended by several other laws, including the USA PATRIOT Act (increasing government surveillance authority in the wake of 9/11) and the FISA Amendments Act (allowing for government surveillance of non-U.S. citizens who pose terrorism threats).

What Is the Electronic Communications Privacy Act?

The Electronic Communications Privacy Act (ECPA) protects privacy rights in electronic communications, with “electronic communications” defined broadly to include telephone calls, emails, text messages, social media posts, and website communications.

The statute consists of three provisions:

  • Title I: The Federal Wiretap Act
  • Title II: The Stored Communications Act (SCA)
  • Title III: The Pen Register Act

Title I: Federal Wiretap Act

Title I of the ECPA is known as the Federal Wiretap Act, which protects certain electronic communications against interception via wiretapping while in transit. The statute specifically prohibits the interception, use, or disclosure of real-time electronic communications without the consent of at least one of the parties involved.

Importantly, the Federal Wiretap Act only applies to electronic data that is intercepted in real time as it is being transmitted. In other words, Title I protects against live surveillance.

Title II: Stored Communications Act

Title II of the ECPA is the Stored Communications Act (SCA), which protects data held in electronic storage by third-party service providers. (E.g., emails stored on computer servers or files on a cloud drive.)

When a person, company, or other entity gains access to stored electronic data such as emails on a server, it may constitute a Title II privacy violation. For example, employers cannot access and then read employees’ personal emails without notice, consent, or a court order.

Title III: Pen Register Act

Title III of the ECPA is also known as the Pen Register Act. This part of the statute prohibits the use of pen registers and trap & trace devices to capture and record dialing, routing, addressing, and signaling information – unless a court order has been issued to allow for the recording of the information. Title III created clear restrictions on how and when anyone can use a pen register or trap and trace device to trace telephone and other communications.

While Title I protects the content of electronic communications, Title III places limits on metadata about electronic communications. This matters because metadata – such as cell phone traffic, call logs, and IP addresses – can still reveal highly sensitive information about a communication and raise privacy concerns.

Employee Privacy Rights Protected Under the ECPA

The Electronic Communications Privacy Act (ECPA) enhanced the protections for employee privacy rights that already existed under the Omnibus Crime Control and Safe Streets Act, which placed restrictions on employers who monitor employee phone calls. The ECPA added workplace privacy protections for electronic communications and cell phone communications by prohibiting employers from secretly monitoring their employees’ personal emails or phone calls without consent.

However, there has been some criticism of the ECPA for making it too easy for employers to monitor employee communications in the workplace. Courts have found that employers simply need to provide notice to the employee via an employment contract that their work emails will be monitored, and then the employer can access all electronic communications. Another avenue for employers to monitor worker emails under the ECPA is to have a supervisor report that the worker’s activity is suspicious and their actions are not in the best interest of the company; again, this would allow the employer to monitor the employee’s emails.

ECPA Lawsuits: Companies Can Be Sued for Secretly Collecting Personal Data Online

Consumer privacy litigation, particularly in the category of data privacy, has been on the rise in recent years, with millions of consumers learning that their personal information was secretly collected online and then shared with unscrupulous data brokers. That’s why the Electronic Communications Privacy Act (ECPA) has become a vital tool in the fight to protect consumers against invasions of privacy on the internet.

The ECPA explicitly prohibits different entities – government, companies, individuals – from intercepting a person’s online data without consent. The federal statute may serve as the basis for liability in a civil suit or class action when the unlawful interception affected interstate commerce. In other words, when the sender of the communication is located in one state and the party intercepting the communication is located in another state, the victim of an invasion of privacy may bring an ECPA lawsuit in federal court.

Exceptions to ECPA Liability

There are several exceptions to ECPA liability that allow law enforcement agencies, private companies, and other entities to legally intercept electronic communications in certain contexts:

  • Consent: Since the ECPA is a single-consent law, it is legal under the statute to intercept a communication as long as at least one party has consented to the interception.
  • Service Providers: A telecoms company or internet service provider may be allowed to access an electronic communication if doing so is in the normal course of their business and necessary to manage their service. (E.g., email providers may scan users’ messages for spam.)
  • Law Enforcement: Police and other law enforcement agencies can intercept electronic communications after obtaining a court order, warrant, or subpoena. They may also be allowed to access data in an emergency situation.
  • Employers: Employers may be allowed to monitor employee communications in the workplace if it is for a legitimate business purpose and the employee has been informed of the monitoring in advance.

What Are the Penalties for Violations of the ECPA?

Violators of the Electronic Communications Privacy Act (ECPA) are subject to both criminal and civil penalties.

Criminal Penalties

A criminal conviction under the federal data privacy law can result in fines of $250,000 for individuals and $500,000 for organizations. Moreover, these fines can be imposed for each ECPA violation. Beyond that, extreme cases may result in the offending party being sentenced to up to five (5) years in prison.

Civil Damages

Victims of an ECPA violation may bring a civil suit and pursue statutory damages: up to $1,000 for each violation or the actual damages, whichever amount is greater. Additionally, it may be possible to recover punitive damages in certain cases, as well as compensation for legal fees.

Class Action Lawsuits

Many ECPA claims are filed as class action lawsuits, with hundreds or even thousands of plaintiffs affected by the same unlawful data collection practices of the defendant. These class actions often result in multi-million-dollar settlements or similarly high damages awards at trial.

Call the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

The Los Angeles consumer protection attorneys at Tauler Smith LLP represent plaintiffs in both federal and California state courtrooms. We know what it takes to win an ECPA lawsuit because we’ve helped countless clients secure favorable outcomes to their data privacy cases.

Call 310-590-3927 or send an email to schedule a free consultation.

Federal Wiretap Act

What Is the Federal Wiretap Act?

/in /by

Federal Wiretap Act

The explosion of e-commerce websites, internet marketing, and AI technology has raised serious concerns about the privacy of consumers online. Increasingly, courts in California and elsewhere are relying on the Federal Wiretap Act to ensure that consumers’ sensitive personal information remains confidential. What is the Federal Wiretap Act? The federal data privacy law broadly protects consumer data by placing clear limits on how the government and private businesses can go about collecting information about website visitors. The law also gives individuals a private right of action to sue in federal court, which has led to a rise in class action consumer privacy lawsuits. Consumers who visited websites that unlawfully intercepted their personal data may be eligible to join one of these class actions and receive financial compensation.

To learn more about the Federal Wiretap Act, keep reading this blog.

The Federal Wiretap Act Protects Consumer Data Privacy

The Federal Wiretap Act is contained in Title I of the Electronic Communications Privacy Act (ECPA) and codified at 18 U.S.C. § 2510. The wiretapping law was passed by the U.S. Congress in 1986, with the primary intent of the statute being to extend previously enacted restrictions on government wiretaps of telephone calls to other types of electronic data transmissions by computer.

As a federal statute, the wiretap law applies to interstate or international communications. For example, a consumer may bring a Federal Wiretap Act claim when they use the internet from a California IP address to visit a website operated in another state.

Federal Wiretap Law Prohibits the Interception of Personal Communications Without Consent

The Federal Wiretap Act prohibits law enforcement agencies, businesses, and individuals from intercepting a person’s communications without their consent. The law explicitly prohibits the interception, use, or disclosure of a communication. The key term that is often disputed in civil proceedings is “intercept,” which the statute defines as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”

One of the most common ways that a company violates the Federal Wiretap Act is by using online trackers to spy on website visitors and collect data. The personal information unlawfully collected by companies on their websites is often extremely sensitive in nature: it can include confidential medical data, financial information, and other highly personal information about website visitors.

The Federal Wiretap Act Protects Real-Time Communications

The Federal Wiretap Act’s digital privacy protections apply to wire communications, oral communications, and electronic communications. Importantly, the law protects these types of communications while they are in transit. This places a limitation on the law because plaintiffs must show that their information was intercepted and/or read in real time.

Courts will typically examine whether the online communication was collected before, during, or after it was sent. If a company read or learned the contents of a communication while it was in transit, then the action qualifies as an “interception” under the federal wiretap law and exposes the offending party to liability.

Plaintiffs in Federal Wiretap Act claims must be able to allege that their data was collected contemporaneously with the transmission of that data to a third-party’s server. For example, a plaintiff who provides personal medical information on a health website would need to show that the information was intercepted via tracking software as soon as it was input.

The Federal Wiretap Act Protects Internet Communications

Courts have interpreted the Federal Wiretap Act to apply to both internet communications and telephone communications. Although the wiretap law was originally meant to limit the ability of the government to intercept and monitor telephone calls, it is now basically settled law that these kinds of privacy statutes also protect online communications. For example, the federal wiretap law is understood to apply in many different contexts, including when companies embed trackers on their websites. This is significant because the internet era has witnessed the steady proliferation of website cookies, scripts, and pixels that track users’ activity and collect their personal information.

Email Communications

The question of whether the Federal Wiretap Act applies to email messages has been disputed in court. That’s because the statute protects electronic communications only while they are in transit, while practically all emails are put in temporary storage on the way to their final destination. However, courts have ruled that emails must be protected under the Electronic Communications Privacy Act (ECPA) because otherwise the added safeguards of the wiretap law would be meaningless.

Victims of Online Surveillance Have a Private Right of Action to Sue in Federal Court

Although the Federal Wiretap Act was initially passed as a criminal statute to limit government surveillance, the law does provide individuals with a private right of action in civil court.

The Federal Wiretap Act gives consumers the right to bring a civil suit and pursue monetary damages for data privacy breaches. When a company violates federal wiretap laws by unlawfully collecting the personal information of website visitors, the company may be subject to both criminal and civil penalties.

Are There Exceptions to Liability Under the Federal Wiretap Act?

The Federal Wiretap Act has a single-party consent exception to liability. When one of the parties to the communication consents to the interception, then the collection of data is lawful. For instance, if a company consents to the use of tracking code on its website to collect customer data, that could be enough for the one-party consent rule to initially preclude liability under the federal statute.

Crime-Tort Exception

However, even when the single-party consent exception applies, it is still possible for a plaintiff to successfully bring a Federal Wiretap Act claim if the crime-tort exception also applies. The crime-tort exception stipulates that a party may be liable under the wiretap law when they intercepted and/or shared customer data “for the purpose of committing any criminal or tortious act.”

California Invasion of Privacy Act (CIPA): State Law Protects Consumers Against Online Data Collection

The Federal Wiretap Act was actually a model for California’s main consumer privacy law: the California Invasion of Privacy Act (CIPA). The CIPA imposes even stronger data privacy protections than the Federal Wiretap Act, and this is particularly true with respect to consumer data. That’s why many California consumers choose to file invasion of privacy lawsuits under the CIPA. In fact, the CIPA is often the basis for class action lawsuits against companies that unlawfully collect and share consumer data online.

The Federal Wiretap Act can work in tandem with the CIPA and other California state privacy laws to create dual compliance obligations for companies that operate websites. Plaintiffs may file both CIPA claims and ECPA claims together, resulting in enhanced penalties for defendants and additional compensation for victims.

Two-Party Consent

One of the ways in which the California Invasion of Privacy Act (CIPA) is more robust than the Federal Wiretap Act is that the CIPA is a two-party consent law. This means that it is illegal for anyone to record a conversation without the consent of all parties to that conversation. This is true for many different types of conversations, including telephone calls, in-person conversations, and electronic or online communications.

CIPA Penalties & Damages

Like the federal wiretap law, California’s Invasion of Privacy Act (CIPA) imposes both criminal and civil penalties on offenders. The criminal penalties include fines of up to $10,000 for each violation, depending on the severity of the offense. The civil penalties include statutory damages of $5,000 per violation and actual damages for any financial losses suffered by the victim.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Did you visit a website that may have unlawfully collected and shared your personal information? Under federal law, you may be able to file a civil suit and get financial compensation. The California consumer protection lawyers at Tauler Smith LLP represent plaintiffs in both state and federal courts. Our legal team is highly skilled in consumer privacy litigation, and we have helped numerous clients win favorable settlements and verdicts in these cases.

Call 310-590-3927 or email us to find out how we can help you.

LiveRamp Consumer Privacy Class Action

Invasion of Privacy Lawsuit Against LiveRamp

/in /by

LiveRamp Consumer Privacy Class Action

LiveRamp, one of the largest data brokers in the world, was sued for invading the privacy of consumers – and now a federal court has ruled that the case can move forward. The invasion of privacy lawsuit against LiveRamp, Riganian v. LiveRamp Holdings, Inc., was filed as a class action in the U.S. District Court for the California Northern District. The plaintiffs are California consumers who accused LiveRamp of unlawfully collecting consumer information both online and offline and then selling that information to third parties for marketing purposes. These actions would constitute violations of both federal wiretap laws and California consumer privacy laws, so the stakes are extremely high for LiveRamp and other data brokers who allegedly collect and share consumer data without consent.

To learn more about the consumer privacy class action lawsuit against LiveRamp, keep reading this blog.

LiveRamp Accused of Collecting and Selling Consumer Data to Third Parties Without Consent

LiveRamp Holdings, Inc. (also known as LiveRamp, Inc.) is primarily a data onboarding company that provides other businesses with access to consumer data for marketing purposes. LiveRamp promotes itself as “the data collaboration platform of choice for the world’s most innovate companies.” Some of LiveRamp’s high-profile clients include Disney, CVS, Sam’s Club, L’Oreal, LinkedIn, Pinterest, KitchenAid, NBCUniversal, and McDonald’s.

LiveRamp is a registered “data broker” in California. Cal. Civ. Code § 1798.99.80 defines a data broker as “a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship.”

Riganian v. LiveRamp Holdings, Inc. was filed in the United States District Court, Northern District of California. The class action lawsuit alleges that LiveRamp has built its business around facilitating a “commercial surveillance ecosystem” that involves collecting detailed information about consumers’ identities and the places where they may be found online. The plaintiffs specifically allege that LiveRamp tracked, compiled, and analyzed vast quantities of their personal, online, and offline activities to build detailed “identity profiles” on them for sale to third parties. Alarmingly, all of this information was allegedly collected by LiveRamp even though the plaintiffs never directly interacted with the company.

How Does LiveRamp Collect Personal Information from U.S. Consumers?

According to the civil suit, LiveRamp’s data collection process involves three steps:

  1. LiveRamp collects and purchases massive amounts of personal information from countless sources both offline and online.
  2. LiveRamp synchronizes the aggregated data about a consumer into a single “identity profile,” with the consumer being slapped with a unique RampID profile that tracks them across online devices and even offline.
  3. LiveRamp operates a Data Marketplace ecosystem where advertisers and data brokers can buy and sell information compiled in the RampID Profiles.

The personal information that LiveRamp allegedly collects includes consumers’ names, addresses, phone numbers, digital identifies, and device identifiers.

Widespread Data Collection

The scope and scale of LiveRamp’s data collection business cannot be understated: the company allegedly maintains the largest and most accurate people-based identity graph in the world, with detailed personal information on 700 million consumers. According to LiveRamp, this includes the identities of more than 250 million consumers in the United States. Beyond that, LiveRamp claims that its access to partner websites allows the company to connect to over 92% of all U.S. consumer time spent online.

Moreover, LiveRamp’s surveillance is pervasive, tracking users over time even as they move to different residences or change names due to marriage or divorce.

LiveRamp’s Data Collection Sources

LiveRamp is able to acquire so much data about massive amounts of Americans through both its own surveillance technologies and partnerships with hundreds of third parties.

The LiveRamp data collection sources include:

  • Internet “cookies” that are placed on users’ devices to track their web browsing activity.
  • Tracking pixels that automatically capture users’ website browsing history.
  • JavaScript code that allows LiveRamp to detect users’ personal information through “event listeners.”
  • AbiliTec system that constructs user IDs from hundreds of sources containing identifiers such as names, phone numbers, postal addresses, Social Security numbers, and driver’s license records.

RampID Profiles

Once LiveRamp has identified consumers and their online behavior, it builds a unique “RampID” profile for each individual. These profiles are maintained and updated in real time as users visit different websites, apps, and even physical stores. This means that LiveRamp maintains “highly detailed, continuously updated dossiers on hundreds of millions of people.”

LiveRamp’s Data Marketplace

LiveRamp also operates a “Data Marketplace,” which is a central exchange where LiveRamp and its clients sell or share access to the personal information of hundreds of millions of U.S. consumers. LiveRamp uses an “Attribute Enrichment” feature that allegedly allows any of the company’s third-party clients to provide an individual’s name, address, or email and get related “segment” information about the person, including health conditions, financial status, and religious affiliations.

The U.S. District Court observed that much of the data available in LiveRamp’s Data Marketplace can be described as “sensitive,” including information about health conditions, financial vulnerability, religious affiliation, and sexual orientation. The class action complaint states that LiveRamp’s clients are able to buy and sell groups of consumer IDs associated with “people with cancer, union members, Muslims, Jewish people, African Americans, poor people, payday loan prospects, online gamblers, and unemployed individuals who were seen at clinics and hospitals.” LiveRamp also allegedly targets women who are pregnant so that the company can sell their data on the marketplace.

Lawsuit: LiveRamp Collects Personal Data of Hundreds of Millions of Consumers Without Consent

According to the digital privacy lawsuit, none of the hundreds of millions of people who LiveRamp profiles ever have the opportunity to meaningfully consent to this pervasive surveillance. That’s because it is simply not possible to anticipate the ways in which LiveRamp compiles their personal information and shares it with third parties. Moreover, it is impossible for consumers to know in advance which third parties their personal information will be shared with, nor what those third parties will do with that information.

Federal Court: Invasion of Privacy Lawsuit Against LiveRamp May Proceed

One of the plaintiffs in the class action suit alleged that LiveRamp collected her personal information when she interacted with the CVS pharmacy website. Another plaintiff alleged that LiveRamp tracked her activity on healthline.com, CVS.com, Health.usnews.com, Patient.info, ABCnews.go.com, and Showtime.com. The personal information allegedly intercepted by LiveRamp included the precise pages visited, articles read, products viewed, and searches queried.

The plaintiffs in the class action asserted multiple claims for relief under both privacy and wiretap theories:

  • Invasion of Privacy under the California Constitution.
  • Violation of the Federal Wiretap Act.
  • Violations of the California Invasion of Privacy Act (CIPA).

LiveRamp filed a motion to dismiss, seeking to get the suit thrown out before trial. However, the U.S. District Court ruled against the motion to dismiss, meaning that the case can proceed.

Class Action: LiveRamp Violated the California Constitution by Tracking Consumers Online

The elements of an invasion of privacy claim under the California Constitution are:

  1. The Plaintiff has a reasonable expectation of privacy.
  2. The Defendant intruded upon the Plaintiff’s privacy, and the intrusion was highly offensive.

The U.S. District Court for the California Northern District said that it found “unpersuasive” LiveRamp’s contention that the company publicly discloses its data collection practices. The court pointed to the fact that the plaintiffs were not aware of LiveRamp’s conduct at all. This means that any supposed disclosures by LiveRamp would have no effect on consumers’ reasonable expectations of privacy when they visit websites.

The court also stated that LiveRamp’s alleged tracking of user activity across thousands of websites would be sufficient for a claim that LiveRamp unlawfully intruded into the privacy of consumers. The court noted the plaintiffs’ allegation that LiveRamp compiled consumer data from websites and then sold that data to third parties without the consumers’ knowledge or consent. Since this data was often “sensitive” in nature, consumers would have a reasonable expectation of privacy in the information.

The federal court ruled that the plaintiff adequately alleged that LiveRamp gained unwanted access to consumer data in violation of both the California Constitution and social norms.

Court: LiveRamp May Have Violated the Federal Wiretap Act

The Federal Wiretap Act, contained in the Electronic Communications Privacy Act (ECPA), is codified at 18 U.S.C.§ 2511. The federal statute provides for civil penalties against anyone who “intentionally intercepts or endeavors to intercept any wire, oral, or electronic communication.”

In its pre-trial motion to dismiss, LiveRamp argued that the Federal Wiretap Act claim should be thrown out because LiveRamp’s tracking pixel only operates on the websites of clients who have consented to it. Since the federal law is a one-party consent statute, this would ordinarily be the end of the case. However, there is an exception to the single-party consent rule – the “crime-tort exception” – which stipulates that even with consent, it is still a violation of the wiretap law if the defendant intercepted communications for the purpose of committing a criminal or tortious act.

The U.S. District Court agreed with the plaintiffs, stating that the crime-tort exception would apply if LiveRamp commercially exploited unlawfully obtained information from consumers. The court further said that “if Plaintiffs ultimately prove that LiveRamp unlawfully intercepted, packaged, and sold personal information without consent at scale, that conduct will not be excused on the grounds that LiveRamp acted in pursuit of profit.”

The court concluded its analysis by stating that the plaintiffs in the class action will be allowed to move forward with their Federal Wiretap Act claim against LiveRamp.

California Invasion of Privacy Act Claims Against LiveRamp

The plaintiffs in the class action against LiveRamp also asserted claims based on violations of § 631(a) and § 638.51 of the California Invasion of Privacy Act (CIPA).

California’s strong consumer protection laws include the CIPA, which prohibits businesses from wiretapping customers’ communications without consent. Violations of the statute could subject offenders to both criminal and civil penalties.

CIPA § 631(a) – Real-Time Interception

Section 631(a) of the CIPA allows a consumer to recover damages when a company “willfully and without consent of all parties to a communication, attempts to read or learn the contents of the communication while it is in transit.”

The court found that the plaintiffs plausibly alleged that LiveRamp violated the CIPA by reading the personal information the data broker intercepts on websites while that information is in transit. The court noted the allegation that LiveRamp engaged in both the real-time interception of consumer data and the contemporaneous reading of that data. That’s because LiveRamp’s “event listeners” intercept communications while they are in transit, and LiveRamp’s “identity graph” then connects the data into an identity profile that is updated in real time.

CIPA § 638.51 – Pen Register Violation

Section 638.51 of the California Invasion of Privacy Act (CIPA) prohibits companies from using a “pen register” without a court order. The class action alleges that LiveRamp violated the CIPA by using code, scripts, and trackers to record identifying information on users’ devices, including IP addresses and electronic device identification numbers.

In its motion to dismiss, LiveRamp tried to argue that only telephones – not websites – qualify as pen registers under the statute. The court disagreed strongly with this argument.

The CIPA defines a pen register broadly as “a device or process that records dialing, routing, addressing, or signaling information transmitted by an instrument.” The court noted that this definition does not mention telephones at all. By contrast, other sections of the CIPA do mention telephones. This means that the drafters of the statute clearly intended for pen registers to include more than just telephones.

Additionally, federal courts have established clear precedent that pen registers include telephones and other data collection tools, such as internet browser trackers and computer software that identifies consumers through “fingerprinting.”

Once again, the California North District Court agreed with the plaintiffs. The court’s ruling means that the class action against LiveRamp survived the motion to dismiss and can now proceed.

Call the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Do you believe that your personal information was unlawfully collected online? The Los Angeles consumer protection attorneys at Tauler Smith LLP can help you file a civil suit for financial compensation. Our experienced legal team represents plaintiffs in both federal and California state courts.

Call 310-590-3927 or send an email to discuss your possible legal claim.

Rack Room Shoes Wiretap Lawsuit

Did Rack Room Shoes Violate Federal Wiretap Law?

/in /by

Rack Room Shoes Wiretap Lawsuit

A federal court in California recently issued a key ruling in an important, potentially precedent-setting case, and court observers and legal experts are now asking: Did Rack Room Shoes violate federal wiretap law? The pre-trial ruling, issued by the U.S. District Court for the California Northern District, might have implications for the future of consumer privacy laws nationwide. The case, Smith v. Rack Room Shoes, Inc., could also result in severe consequences for a number of companies, including Meta, Attentive, and Rack Room Shoes. That’s because the companies have been accused of collaborating to collect and share the personal data of online customers in violation of the Federal Wiretap Act.

To find out about this important consumer privacy case and what it could mean for consumer privacy litigants, keep reading.

Rack Room Shoes, Meta, and Attentive Named in Federal Wiretap Lawsuit

Rack Room Shoes, Inc. is a national footwear chain that operates under both the Rack Room Shoes brand and the Off Broadway Shoe Warehouse brand. The chain sells shoes for men, woman, and children both online and in brick-and-mortar stores throughout the United States.

Meta Platforms, Inc. is a global technology company best known for owning and operating major social media platforms such as Facebook, Instagram, and WhatsApp. Meta is one of the largest public companies in the world, with its subsidiary Facebook reporting more than three (3) billion users. The tech company has previously been accused of collecting users’ biometric data without consent.

Attentive is a prominent mobile messaging & email platform. The company provides personalized SMS and email marketing to e-commerce brands that want to automate communications with customers. Attentive markets itself as an AI-powered platform that uses advanced artificial intelligence to capture, store, and activate users’ data.

Smith v. Rack Room Shoes, Inc. is being heard in the United States District Court, Northern District of California. All three companies – Rack Room Shoes, Meta, and Attentive – were named in the digital privacy claim, even though only Rack Room Shoes was named as a Defendant.

Rack Room Shoes Accused of Intercepting Customer Communications Online

Rack Room Shoes has been accused of permitting tech giants Meta, Attentive, and other companies to intercept the communications of visitors to the Rack Room Shoes e-commerce store. This unauthorized surveillance was allegedly done via trackers that Rack Room Shoes embedded on its website.

Perhaps most concerning for California consumers is the allegation that Rack Room Shoes essentially spied on website visitors and then collected their personal information without the users’ knowledge or consent.

Embedded Website Tracking Code

According to the class action suit, Rack Room Shoes embedded the code of third-party companies Meta and Attentive on its website. This code allegedly intercepts the personally identifiable communications of anyone who visits the website, and then the code directs the person’s browser to send a message to Meta or Attentive. Rack Room Shoes allegedly incorporates the data into consumer profiles provided by Meta, Attentive, and other third-party data brokers. These consumer profiles are used by Rack Room Shoes to guide its targeted advertisements. Significantly, these actions would be contrary to commitments in the Rack Room Shoes website privacy policy.

Meta, Attentive, and Data Broker Companies Accused of Collecting and Sharing Customer Data

Meta and Attentive are referenced throughout the class action complaint against Rack Room Shoes. That’s because it is Meta and Attentive tracking code and “scripts” that are allegedly utilized by the Rack Room Shoes website to collect consumer information such as customers’ names, email addresses, phone numbers, and even their online shopping behavior.

Meta Pixel Code

According to the lawsuit, one of the website tracking codes embedded on the Rack Room Shoes site is known as Meta Pixel. This code will allegedly track a site visitor’s communications and then secretly send messages to Meta with the visitor’s personal information, including:

  • The visitor’s search queries.
  • The name of any webpage visited.
  • The name of any button clicked by the site user.
  • Items placed in the user’s online cart.
  • Hashed values corresponding to the visitor’s name, address, phone number, and email.

Additionally, if the person who visits the Rack Room Shoes website happens to have a Facebook profile, the embedded Meta Pixel code will also allegedly send messages containing the person’s Facebook ID.

Attentive Tag Code

Another tracking tool allegedly embedded on the Rack Room Shoes website is known as Attentive Tag. This code allegedly tracks user activity on the site and sends messages to Attentive containing the user’s personal data, including:

  • The full URL string visited.
  • Any products purchased.
  • The user’s unencrypted phone number and email.

Data Broker Companies

The lawsuit against Rack Room Shoes also alleges that the popular shoe chain has similar “data collection” and “data sharing” arrangements with several other third-party companies beyond Meta and Attentive, including data brokers trying to sell personal information obtained from intercepted communications online.

Lawsuit: Rack Room Shoes Violated the Federal Wiretap Act

The plaintiffs filed a class action lawsuit against Rack Room Shoes in the United States District Court for the Northern District of California. The complaint specifically alleges that Rack Room Shoes “knowingly uses intercepted communications” for website visitors for the company’s own commercial purposes, including to “run targeted advertisements.” These actions would constitute serious violations of the Federal Wiretap Act.

The plaintiffs asked the federal court for equitable relief because they suffered harm from the unlawful collection and sharing of their data. The complaint provides support for the contention that their personally identifiable browsing activity has significant financial worth. That’s because this is an era in which browser history data and other personal information obtained online can be extremely valuable to data brokers and other entities that are looking to profit through personalized marketing.

Court Denies Motion to Dismiss: Federal Wiretap Suit Against Rack Room Shoes Can Move Forward

The Rack Room Shoes litigation has already seen multiple pre-trial rulings because the Defendant filed two motions to dismiss the privacy claims.

First Motion to Dismiss

The first motion to dismiss was denied because the federal court found that the plaintiffs “adequately alleged that Rack Room’s privacy policy failed to disclose that a third party may collect, store, and analyze a visitor’s browsing and purchase history in a way that is personally identifiable or that a third party could use that data for its own commercial purposes.” Therefore, said the court, the data collection was plausibly done without consent of website visitors.

Additionally, the court found that the plaintiffs stated valid claims for violations of California consumer privacy laws, including invasion of privacy under both the California Constitution and the California Invasion of Privacy Act (CIPA).

Second Motion to Dismiss

The U.S. District Court heard arguments from both sides before ruling against the Defendant’s motion to dismiss with respect to alleged violations of two statutes: the California Comprehensive Computer Data and Access Fraud Act (CDAFA) and the Federal Wiretap Act.

Although the court granted the motion to dismiss with respect to the California Unfair Competition Law (UCL) and the Consumers Legal Remedies Act (CLRA), the pre-trial ruling was still a major win for the plaintiffs because it means the class action against Rack Room Shoes can proceed on the two most significant claims: alleged violations of California’s computer data fraud law and the federal wiretap law.

Court: Rack Room Shoes May Have Violated the CDAFA

The California Comprehensive Computer Data and Access Fraud Act (CDAFA) is a state law that provides broad protection against the unauthorized use or taking of a person’s data online. As set forth by Cal. Penal Code § 502(c)(2), a person who “knowingly accesses and without permission takes, copies, or makes use of any data from a computer” violates the statute. Section 502(e)(1) further states that any “owner of a computer who suffers damage or loss by reason of a violation of the CDAFA may bring a civil action against the violator.”

In its order declaring that the wiretapping lawsuit against Rack Room Shoes may proceed, the court noted that the plaintiffs had sufficiently alleged that they suffered economic injury because Rack Room Shoes caused Meta, Attentive, and data broker companies to unjustly profit from the personal information and online activity of website visitors.

The court also noted the plaintiffs’ allegation that Rack Room Shoes used customer profiles that integrated the customers’ personally identifiable browsing history, and this allowed the company to run targeted marketing campaigns. (Moreover, Rack Room Shoes told customers in its website Privacy Policy that it would not collect this type of information.)

CDAFA Damages

The class action lawsuit against Rack Room Shoes seeks damages through disgorgement, which is specifically allowed under the CDAFA. Disgorgement is a civil remedy that requires a wrongdoer to give up any profits earned from illegal actions.

The California federal court found that the plaintiffs in the class action plausibly pleaded that they suffered the type of compensable damages that may be recovered in a CDAFA claim. The court noted that online consumers have a stake in any profits derived unjustly from their personal data. The court concluded its discussion of CDAFA damages by stating that the plaintiffs were damaged simply by not having received a share of the allegedly unjust profits generated from their data, regardless of whether there was any direct financial harm. As support for this point, the court quoted the California State Legislature’s discussion of the statutory purpose of the CDAFA: “The legislature found that the protection of lawfully created computer data is vital to the protection of the privacy of individuals.”

Court: Plausible Allegation That Rack Room Shoes Violated the Federal Wiretap Act

The Federal Wiretap Act is part of the Electronic Communications Privacy Act (ECPA). The statute, codified at 18 U.S.C.§ 2511, creates both criminal and civil liability for anyone who intentionally intercepts any wire or electronic communication, as well as for anyone who intentionally uses content knowing that the information was obtained through interception. Anyone whose wire or electronic communication is intercepted, disclosed, or intentionally used in violation of the Federal Wiretap Act may be eligible to file a civil action and recover damages from the person or entity who committed the offense.

The statute defines “intercept” as “the acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” In its pre-trial ruling against the motion to dismiss, the U.S. District Court found that the plaintiffs “plausibly alleged that Rack Room intentionally used intercepted communications in violation of the Federal Wiretap Act.”

Exceptions to Federal Wiretap Act

The Federal Wiretap Act does provide a limited exemption from liability – known as the “party exception” – when the person who intercepted the communication was a party to the communication. However, the limitation on this exception – known as the “crime-tort exception” – is that it does not apply when the interception was “for the purpose of committing any criminal or tortious act.”

In this case, Rack Room Shoes was both a party to the communications and consented to the interception. As such, the party exception to the wiretap law would seemingly be triggered.

However, the court found that the crime-tort exception also applies here, which means that the alleged interception of customer data is still unlawful. In its pre-trial ruling, the court stated that the plaintiffs adequately alleged that Rack Room Shoes “played an active role in the use of embedded code to intercept customers’ electronic communications” because the company customized and deployed the code. Moreover, the court noted that these data collection practices were not clearly disclosed in the company’s privacy policy. As such, said the court, Rack Room Shoes’ alleged tortious purpose in intercepting website visitors’ communications is enough to satisfy the crime-tort exception and expose Rack Room Shoes to liability under the Federal Wiretap Act.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

The Los Angeles consumer protection lawyers at Tauler Smith LLP represent plaintiffs in invasion of privacy cases, including California CIPA claims and federal wiretapping lawsuits. If you believe that your personal information was collected online without your consent, you may be eligible to bring a claim for monetary compensation.

Call 310-590-3927 or email us to learn more.

Website Wiretapping & CIPA

California Invasion of Privacy Act & Website Wiretapping

/in /by

Website Wiretapping & CIPA

It is important for consumers who interact with businesses online to have a solid understanding of the California Invasion of Privacy Act (CIPA) and website wiretapping. When you have a conversation with someone on the phone or via the computer, there is usually a reasonable expectation that the conversation will remain between the two parties. But what happens when what you believed to be a private conversation was actually being wiretapped, surveilled, and/or recorded by the other party? If this happens in the context of a business transaction, sales call, or online chat, your information could be sold to other companies that profit from the data. This has become a very serious problem in the internet era when personal data can be transmitted and circulated at a rapid pace. It’s one reason that California consumer privacy laws like the CIPA have become so important as tools to protect consumers against unethical business practices.

To learn more about the consumer protections against website wiretapping afforded by the California Invasion of Privacy Act, keep reading this blog.

What Is Website Wiretapping?

Wiretapping is a term used to describe the act of connecting a listening or recording device to a telephone. Website wiretapping occurs when the chat communications on a website are unlawfully recorded, transcribed, or surveilled without permission. These days, wiretapping technology is commonly used to secretly record conversations on websites that were supposed to remain private. Some of the reasons that people might illegally wiretap a website chat include gaining information about a business competitor, learning the details of an opponent’s lawsuit, or acquiring valuable data about a customer that can be sold to others.

Illegal wiretaps are not just against the law; they can also cause significant harm to victims. That’s why both federal privacy statutes and California privacy laws allow individuals to file civil lawsuits against anyone who records their online conversation without consent.

California’s Law on Website Wiretapping: Section 631 of the CIPA

California has a number of very strong consumer protection laws that prohibit companies from jeopardizing the digital privacy and security of customers. Any company that does business in California needs to be completely transparent in their data collection practices, which includes obtaining proper consent from customers and website visitors before any personal information is shared online.

For example, California courts have held that it is a violation of California’s Invasion of Privacy Act (CIPA) for companies to wiretap user chats and other communications on websites. It is specifically a violation of § 631(a) of the CIPA when the intercepted communications contain what might be considered more sensitive than “record information” such as the user’s name, address, email, etc.

Additionally, Section 631 of the CIPA gives consumers a legal right to know when their phone conversation is being recorded, or when their online chat conversation is being monitored and transcribed. That is why a lot of companies provide automated warnings at the beginning of calls to alert customers to the possibility that the call may be monitored or recorded, and privacy policies on websites that disclose the monitoring of website chat communications with session recording technology.

Wiretapping on Websites:

Customers have a reasonable expectation of privacy when they visit a company’s website and use the chat feature. Their privacy rights are violated when a company wiretaps the online conversations, and they are further violated when that company allows third-party entities to eavesdrop on the chat conversations.

In recent years, many companies doing business online have been accused of breaching the privacy of individuals who visit their websites. When those websites are accessible to customers in California, the companies may be violating California’s very robust consumer privacy laws. Companies violate the California Invasion of Privacy Act (CIPA) by illegally wiretapping the conversations of website visitors.

Winning a CIPA Claim for Illegal Wiretapping

The simple fact is that a lot of businesses fail to provide clear warnings about the nature of phone conversations, online chats, or other communications with customers. When a business secretly monitors or records a conversation, the customer whose privacy rights were violated by the illegal wiretapping may be able to take legal action by filing a CIPA claim.

One element of a successful CIPA claim that the plaintiff will need to prove is that they had a reasonable expectation of privacy. Generally, the content and circumstances of the conversation can be used to determine whether such an expectation existed. This is where the court will examine a number of case-specific factors, including:

  • The identity of the person who initiated the conversation.
  • The purpose of the communication.
  • The duration of the conversation.
  • Whether there were prior conversations between the parties.
  • The type of information that was communicated.
  • Whether the party recording the conversation provided a warning.

Section 632(c) of the CIPA clarifies that when the parties to a communication reasonably expect to be overheard or recorded, it does not qualify as a “confidential communication” under the law.

Civil Remedies Available to Consumers Under the CIPA

As mentioned above, the CIPA includes both civil and criminal penalties for companies that violate the statute by unlawfully accessing, maintaining, or sharing customer data. For consumers who have been victimized, the civil penalties can be a valuable tool to get some sort of justice. The CIPA allows consumers to file civil lawsuits in California state court to recover damages of up to $5,000 for each invasion of privacy violation. Additionally, in some cases, the court may order the defendant to pay treble damages that total three (3) times the economic harm suffered by the consumer.

Criminal Penalties for Wiretapping in California

Violations of the wiretapping law can also result in criminal penalties. On the criminal side, the CIPA gives courts the ability to impose penalties such as monetary fines and even jail time. A person charged with a crime for monitoring and recording a private communication could be sentenced to up to three (3) years in the county jail.

The decision about whether to bring criminal charges against a business or individual for breaching your privacy rights by recording a conversation will ultimately be made by prosecutors and other law enforcement authorities. If charges are filed against the defendant, the case will be heard in criminal court. A knowledgeable attorney can help victims start this process, as well as helping victims decide whether to file a civil lawsuit to recover money damages either before or after resolution of the criminal case.

Other Data Privacy Laws in California

Data privacy has been a major concern of California lawmakers for a while now, which is why the state has tended to lead the way with this kind of legislation. In fact, the California Invasion of Privacy Act (CIPA) is just one of the state’s extremely strong consumer fraud laws with a focus on data privacy. The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) are two other laws that explicitly protect customers against companies that overreach when it comes to sharing personal data. In fact, both the CCPA and the CPRA require companies doing business in the state to give customers the right to opt out of the sharing of their data.

Recently, plaintiffs have been relying on § 638.51 of the CIPA to file class actions against companies that use pen registers or trap and trace devices to acquire data from website visitors without permission.

Additionally, consumers whose data was secretly collected and/or shared with third parties may be able to file a Federal Wiretap Act claim in federal court. Moreover, both federal and state claims can be filed at the same time because the relevant statutes work in tandem.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP to File a Website Wiretapping Claim

Too often, companies doing business online choose to deliberately disregard the privacy concerns of customers who use their websites. Instead, these companies prioritize financial gains over consumer privacy and personal well-being. If you visited one of these websites and shared any information via a chat feature, you may be able to get statutory damages under the wiretapping provision of the CIPA.

The Los Angeles consumer protection lawyers at Tauler Smith LLP can help you file a website wiretapping claim. Call 310-590-3927 or email us to learn more.

California Invasion of Privacy Act

California Invasion of Privacy Act (CIPA)

/in /by

California Invasion of Privacy Act

It is quite common these days for businesses to monitor and record phone calls with customers, whether it’s to ensure that orders are accurate, to review employee interactions, or for some other reason. At the same time, new technologies have made it easier than ever to eavesdrop on private communications. Unfortunately, this has resulted in some companies going too far by invading the privacy of customers. The California Invasion of Privacy Act (CIPA) is a state law that makes it illegal for businesses to wiretap consumer communications and record you without your consent. Businesses that violate the CIPA may be subject to both criminal and civil penalties, including a lawsuit filed by any consumers whose conversations were wiretapped or recorded without permission.

To learn more about the California Invasion of Privacy Act, keep reading this blog.

What Is California’s Invasion of Privacy Law?

California has the nation’s strongest consumer protection laws, including the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the California Consumers Legal Remedies Act, and the California Unfair Competition Law (UCL). The CCPA was enacted in 2018 to become the nation’s first state privacy law, and it strengthened protections for customer data collected by businesses online. The CIPA has a longer history, having been passed by the California State Legislature in 1967 for the purpose of more broadly protecting the privacy rights of all state residents, including consumers. Under the CIPA, it is illegal for companies to wiretap or record conversations unless all participants have consented to the recording. This applies to telephone conversations and online communications.

Cell Phones

Although the wiretapping law was initially intended to cover calls on landline phones, the use of cellular phones has been addressed by the statute. Cal. Pen. Code sections 632.5 and 632.6 specifically prohibit the use of a recording device when a call involves a cellular phone, whether it’s two cell phones or one cell phone and one landline phone.

Websites & Session Replay Software

In addition to recording phone conversations, a lot of companies also keep records of their interactions and communications with customers who visit a company website. This becomes problematic – and possibly illegal – when the company uses session replay software to capture visitor interactions with their website. That’s because the use of this type of tracking software may constitute an unlawful intercept of the communication, as defined by California’s wiretap law.

Session replay software allows website operators to monitor how a user interacts with the website. The tool then reproduces a video recording that shows the user’s interactions, including what they typed, where they scrolled, whether they highlighted text, and how long they stayed on certain pages. When companies employ this software, the very fact that a machine is being used to intercept customer communications constitutes a violation of the CIPA.

California Penal Code Section 631: Wiretapping

California Penal Code Section 631 forbids anyone from illegally wiretapping a conversation. The law specifically prohibits the following:

  • Using a machine to connect to a phone line.
  • Trying to read a phone message without the consent of all the parties participating in the conversation.
  • Using any information obtained through a wiretapped conversation.
  • Conspiring with another person to commit a wiretapping offense.

Some states allow a call to be recorded when just one participant is aware of the wiretap and consents to it, even if the person recording the call is the one providing consent. But California is a two-party consent state, which means that everyone involved in the call or chat must agree to it being recorded. If just one party does not provide consent, then recording the conversation constitutes a violation of the CIPA and can result in both criminal and civil penalties.

Out-of-State Businesses

Even if the person who called you or chatted with you was not located in California, you can still bring a lawsuit under the Invasion of Privacy Act as long as you were in the state at the time of the call or chat. That’s because out-of-state businesses must still comply with California laws when communicating with someone who is in the state.

Additionally, if the defendant was located outside California when they unlawfully recorded your personal information, you may be able to bring a Federal Wiretap Act claim as well. That’s because the federal privacy statute becomes the basis for a civil suit when the privacy breach affects interstate commerce.

California Penal Code Section 632: Eavesdropping

Section 632 of the California Penal Code addresses the crime of eavesdropping. Many times, a wiretapping case also involves eavesdropping offenses where the offending party both taps a phone line and listens in on the conversation. The main difference between the two is that eavesdropping does not necessarily involve the tapping of a phone line.

The statute defines “eavesdropping” as the use of a hidden electronic device to listen to a confidential communication. Significantly, the law is not limited to phone conversations. When someone intentionally eavesdrops on an in-person conversation, they may be subject to criminal charges and a civil suit for damages. The types of electronic devices that are often used to illegally eavesdrop include telephones, video cameras, surveillance cameras, microphones, and computers. If the device was concealed from one of the parties, it may constitute a violation of California’s eavesdropping laws.

Can You Sue for Invasion of Privacy in California?

Although the California Invasion of Privacy Act is technically a criminal statute, Cal. Pen. Code §637.2 gives victims of wiretapping and eavesdropping the ability to bring a civil suit against the person or company that illegally recorded the conversation. If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages. Additionally, §638.51 gives consumers the ability to file a lawsuit against companies that use trap & trace devices to illegally monitor website visits without consent.

If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages.

How to Prove Invasion of Privacy Under the CIPA

To win your CIPA claim, you will need to prove that the conversation was illegally recorded in the first place. In some cases, this will be obvious because the business will reveal that they are monitoring and recording the call or chat. In other cases, consumers may learn about illegal wiretapping during the discovery process when the defendant is forced to turn over company records.

The other elements of a CIPA claim that you will need to establish at trial include:

  • The defendant intentionally used an electronic device to listen in on and/or record the conversation.
  • You had an expectation that the conversation would not be recorded.
  • You or at least one other person on the call did not consent to having the conversation recorded.
  • You suffered some kind of harm or injury as a result of your privacy rights being violated by the defendant.

The use of a cellular phone can change the burden of proof needed to win a CIPA claim. That’s because courts will typically use a strict liability standard when at least one of the participants on the call was using a cell phone. This means that the context and circumstances of the call won’t matter; the court will automatically presume that there was an expectation of privacy. Additionally, strict liability will apply to the defendant even when they did not realize that the other person on the call was using a cell phone.

What Is the Penalty for Invasion of Privacy?

The criminal penalties for violating the California Invasion of Privacy Act (CIPA) include possible jail time and significant fines. Businesses that violate the CIPA may also be exposed to civil penalties when a consumer files a lawsuit in state court.

Criminal Penalties

The CIPA gives criminal prosecutors wide latitude to charge an offense as either a misdemeanor or a felony, depending on the facts of the case. If a CIPA violation is charged as a misdemeanor, the defendant could be sentenced to one year in jail and ordered to pay up to $2,500 in statutory fines for each violation. If the violation is charged as a felony, the possible jail time could increase to three years. Additionally, anyone convicted of a second wiretapping offense could face more substantial fines.

Civil Penalties

The CIPA lists statutory penalties that may be imposed against companies or individuals who violate the statute. The court can order the defendant to pay $5,000 in statutory damages for each illegally recorded conversation, or three (3) times the actual economic damages you suffered because of the privacy breach. The judge in your case will have the option to choose whichever amount is greater: the statutory damages or the actual damages.

Depending on the circumstances of your case, you might also be able to file a right of publicity lawsuit. That’s because right of publicity claims and invasion of privacy claims often overlap, especially when a business attempts to profit from someone else’s image or likeness without consent.

California Invasion of Privacy Statute of Limitations

It is very important that you take immediate action and speak with a qualified consumer protection attorney as soon as you suspect that a company may have violated your privacy during a communication. That’s because the California Invasion of Privacy Act (CIPA) requires plaintiffs to file a civil suit within one (1) year of the date on which the conversation happened. Failure to bring your case before one year has passed could result in your lawsuit being dismissed.

The statute of limitations period typically begins when the plaintiff knew about the defendant’s illegal wiretapping. But what happens when the plaintiff did not learn about the invasion of privacy violation until later? In these cases, the court usually applies a reasonable person standard, which means that the court will attempt to determine the point at which a reasonable person standing in the shoes of the plaintiff would have known about the unlawful act by the defendant. In other words, should the plaintiff have discovered the privacy violation before the statute of limitations expired?

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If a company invaded your privacy by secretly recording a conversation without your permission, you may be eligible to file a civil suit to recover statutory damages. The first step you should take is to speak with an experienced Los Angeles consumer protection attorney at Tauler Smith LLP. We can help you decide how to best proceed with your case.

Call 310-590-3927 or email us today.