invasion of privacy Archives - Tauler Smith LLP Los Angeles Trial Attorneys

Posts

Trap & Trace Claim Against Rad Power Bikes

May 29, 2025/in Consumer Protection /by taulersmith

Tauler Smith LLP secured a major courtroom win in a California trap & trace claim against Rad Power Bikes. The plaintiff, a California consumer, filed a class action lawsuit alleging that the e-bike company utilized TikTok tracking code on its website to deanonymize users by trapping and tracing their personal information. The digital privacy case is being heard in the U.S. District Court for the Central District of California, which recently ruled on a pre-trial motion filed by the Defendant. The federal court denied the motion to dismiss, which means that the case could move forward to trial. Significantly, the court found that the plaintiff “plausibly alleged” that the TikTok software embedded on the Rad Power Bikes website can qualify as a trap and trace device under the California Invasion of Privacy Act (CIPA).

To learn more about the invasion of privacy lawsuit against Rad Power Bikes, keep reading this blog.

Rad Power Bikes Accused of Using TikTok Software to Collect Personal Data from Website Visitors

Rad Power Bikes Inc. is an electric bicycle company that operates in the United States. The company sells e-bikes that typically use rechargeable batteries to generate power and travel at higher speeds than normal bicycles. Rad Power Bikes sells its bicycles and related accessories primarily at retail showrooms and on the company’s website at radpowerbikes.com.

According to the civil suit in the California Central District Court, the TikTok software on the Rad Power Bikes website instantly collects visitors’ personal data, including device information, browser information, and geographic location. This information is then sent back to TikTok, which allegedly matches the new data to existing data that the social media app already has on hundreds of millions of individual users. The result is that TikTok is able to identify individual users who visit the Rad Power Bikes site.

Lawsuit: Rad Power Bikes Violated Trap & Trace Law in California Invasion of Privacy Act (CIPA)

The plaintiff in the CIPA class action suit is a California consumer who visited the Rad Power Bikes website. The lawsuit alleges that the website embedded advertising-related TikTok software to deanonymize and identify visitors for marketing and surveillance purposes. This was allegedly done for the benefit of both Rad Power Bikes and social media company TikTok.

According to the complaint, the TikTok software on radpowerbikes.com “gathers device and browser information, geographic information, referral tracking, and URL tracking by running code of scripts to send user details to TikTok.” Moreover, this unauthorized collection of visitors’ personal data allegedly occurs as soon as a visitor accesses the website; visitors do not have an opportunity to consent to the gathering of their data.

TikTok “Fingerprinting”

TikTok allegedly benefits from the collection of user information on the Rad Power Bikes site by comparing the data to its own massive database. This allows TikTok to “fingerprint” and identify website visitors. Since TikTok is currently owned by the communist Chinese government, this kind of data breach could pose significant security risks to American citizens.

CIPA Lawsuit

The legal basis for the lawsuit against Rad Power Bikes is the California Trap and Trace Law, which is codified as Cal. Penal Code § 638.51 in the California Invasion of Privacy Act (CIPA).

The plaintiff in the Rad Power Bikes lawsuit is seeking several types of damages: declaratory relief, statutory damages, and attorney’s fees. Additionally, the plaintiff is seeking to certify the lawsuit as a class action applicable to anyone in California who visited the Rad Power Bikes website.

Court Denies Motion to Dismiss, Allows Trap and Trace Lawsuit Against Rad Power Bikes to Proceed

Rad Power Bikes filed a motion to dismiss before trial. The U.S. district court issued a ruling and denied the motion, which means that the consumer protection case may now go to trial.

The Defendant made three arguments in support of its motion to dismiss the case during the pre-trial stage:

The Defendant argued that the plaintiff in the class action lacked personal jurisdiction.
The Defendant argued that the plaintiff lacked standing to sue.
The Defendant argued that California’s invasion of privacy statute only applies to the interception of telephone calls, not websites.

The court rejected all of these arguments, finding in favor of the plaintiff.

Personal Jurisdiction

Personal jurisdiction is a legal term that means the court has authority to hear a case involving a party with a sufficient connection to the state where the court is located. In this case, the lawsuit was filed in a federal court located in California. That means the plaintiff must show that the Defendant, Rad Power Bikes, does business in California.

In the plaintiff’s response to the motion to dismiss, he alleged that Rad Power Bikes purposefully directed its activities to California “by regularly engaging with California residents through its website and its retail stores.” Moreover, argued the plaintiff, the e-bike company also shared website visitors’ data with TikTok in California.

In its ruling on the motion to dismiss, the court found that Rad Power Bikes did, in fact, intentionally direct its activities to California by allegedly gathering personal information from California visitors to the company’s website. Additionally, the court noted that the electric bike company has a “substantial presence” in the state with four retail stores. Beyond that, Rad Power Bikes has also contracted with TikTok to send user data to California. Therefore, said the court, there are more than enough contacts between Rad Power Bikes and California to establish personal jurisdiction in the state.

Standing to Sue

The court also found that the plaintiff in the case has Article III standing to sue. That’s because the plaintiff adequately alleged an injury caused by the use of TikTok software on the Rad Power Bikes website.

Article III standing is a constitutional requirement that only individuals who have suffered an injury in fact – or a particularized injury – may bring a case in federal court.

Under the California Invasion of Privacy Act (CIPA), it is illegal for a person or business to use devices to capture “dialing, routing, addressing, or signaling information from a wire or electronic communication.” In the lawsuit against Rad Power Bikes, the plaintiff alleged that his statutory privacy rights were infringed – and that this constituted a clear violation of the CIPA. In rejecting the motion to dismiss, the U.S. district court concluded that a violation of privacy rights protected by California law “is sufficient injury for standing purposes.”

CIPA Applies to Websites

The last argument made by the Defendant in its motion to dismiss was that the California Trap and Trace Law does not apply to websites. The court strongly rejected this argument. That’s because the Trap & Trace Law, contained in the California Invasion of Privacy Act (CIPA), applies to any device that records or captures information from a wire or electronic communication. While the Defendant wants the law to apply solely to communications via telephone lines, numerous courts have found that the statute applies to website communications.

With respect to the application of California’s digital privacy laws to websites, Rad Power Bikes also made a sweepingly broad argument that the CIPA claim should be dismissed because it “effectively seeks to criminalize the Internet.” The Defendant’s contention is that most websites use tools like the TikTok software, so a finding in favor of the consumer-plaintiff would have severe implications for all consumer-facing websites. The court rejected this argument on its face. Moreover, the court noted that any questions about the scope of the CIPA should be addressed to the California Legislature, which enacted the consumer privacy law in the first place.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Are you a California resident? Did you visit the Rad Power Bikes website? Then you might be eligible to join a consumer class action lawsuit to recover damages for violations of the California Invasion of Privacy Act (CIPA). The Los Angeles consumer protection attorneys at Tauler Smith LLP have extensive experience representing plaintiffs in trap & trace claims and invasion of privacy lawsuits in both federal and state courts.

Call 310-590-3927 or email us today to discuss your legal options.

Trap and Trace Class Action Against HoMedics

May 28, 2025/in Consumer Protection /by taulersmith

A federal court in California recently ruled on a trap and trace class action against HoMedics and FKA Distributing Co. – and the ruling was fantastic news for the consumer protection attorneys at Tauler Smith LLP. The plaintiff in the case is a California resident who visited the HoMedics website. According to the legal complaint, the website utilized TikTok software to unlawfully collect personal information from the plaintiff and other consumers who visited the site. Now the court has issued a pre-trial ruling in favor of the plaintiff to deny the Defendant’s motion to dismiss.

For more information about the TikTok trap & trace complaint against HoMedics, and to find out if you might be eligible to join the class action, keep reading.

Lawsuit: HoMedics Used TikTok Software to Collect Personal Data of Website Visitors

FKA Distributing Co., or FKA Brands, is a personal care product company. FKA Distributing sells its products across the U.S. and globally in major department stores, specialty stores, and drugstores. Some of the main FKA brands include HoMedics, House of Marley, Revamp Professional, Obus Forme, Ellia, JAM Audio, HMDX Audio, and Sol Republic. FKA primarily does business as HoMedics, which specializes in products related to health and wellness.

HoMedics sells a number of personal care items for the medical and spa industries, including hot/cold compression wraps, dental appliances, magnetic therapy products, electronic back and body massagers, humidifiers, air purifiers, and water purification systems. HoMedics also sells therapeutic bedding products: pillows, mattresses, and protective bedding. Additionally, HoMedics makes products for Sharper Image and Stanley Black & Decker. Many of these products are sold on the Homedics.com website.

Digital Privacy Lawsuit Against HoMedics

The plaintiff alleged that when she visited the Defendant’s website, Homedics.com, her personal data was unlawfully collected with TikTok-created deanonymization software. According to the complaint, the TikTok software instantly gathered data about the plaintiff as soon as she visited the website, including her geographic location and other personal identifying information.

The purpose of this data collection was allegedly to match it with TikTok’s existing data, which could then be used to identify individual visitors. This has legal implications because the collection of a website visitor’s personal data without consent is a direct violation of California’s Trap and Trace Law. That law is codified in Cal. Penal Code § 638.51.

Class Action Lawsuit Against HoMedics in California Central District Court

The plaintiff, a California resident, filed a class action against FKA Distributing Co. on behalf of all persons living in California whose identifying information was sent to TikTok through the use of the HoMedics website. The lawsuit was initiated in the Los Angeles Superior Court and was later removed to a federal court: the United States District Court for the Central District of California.

The class action alleged that FKA Distributing violated California’s Trap and Trace Law. When the case was moved to federal court, FKA Distributing filed a motion to dismiss. That motion was rejected by the court, which means that the claim may now move forward.

HoMedics Accused of Violating the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act, also known as the CIPA, is codified in Cal. Penal Code § 630. The law imposes both civil and criminal penalties against offenders who engage in electronic interception, recording, or eavesdropping on private communications.

Section 638.51 of the statute prohibits the installation of a pen register or trap & trace device unless the party has obtained a court order to do so.

Under section 637.2 of the statute, a plaintiff can bring a private right of action for violations of the CIPA. This means that consumers can file a lawsuit and recover statutory damages if their personal data has been collected without consent.

Court: FKA Distributing and HoMedics May Have Violated California’s Trap & Trace Law

The first court order in the FKA Distributing TikTok complaint was issued in response to a motion to dismiss. The Defendant argued that the TikTok software allegedly used on the HoMedics website does not constitute a “trap and trace device” within the meaning of § 638.50(c). However, the court found the Defendant’s argument “unpersuasive,” stating that the TikTok software could plausibly constitute a “trap and trace device” and therefore could be a violation of the statute.

HoMedics TikTok Trap & Trace Software

The TikTok software allegedly utilized by the HoMedics website works by gathering the device information, browser information, and geographic information of site visitors, which then allows TikTok to identify individual users.

The California Invasion of Privacy Act (CIPA) defines a trap and trace device as any “device or process that captures the incoming electronic or other impulses” identifying the source of the communication. The federal court in this case noted that the statute’s reference to a “device or process” implies that it is the result of the information gathering that matters: the use of an AutoAdvanced Matching feature on the HoMedics website to identify the source of website visitors does fall within the scope of the Trap & Trace Law.

No Consumer Consent for Data Gathering

FKA Distributing Co. also argued that consent for the tracking of visitors’ data was granted by the Defendant, which was also a party to all communications on its website. The court rejected this absurd argument on its face since the person who needs to provide consent is clearly the website user whose personal data is being tracked by the website.

The Defendant attempted to argue that, by definition, a person cannot “intercept” communications to which they were already a party. But the court found that this narrow reading of the law only applies to allegations of wiretapping violations, not cases like this one that go beyond wiretapping and involve broader allegations of electronic interception.

No Automatic Consent for Data Collection

The court also rejected the Defendant’s argument that website visitors automatically consent to the data collection practices simply by visiting HoMedics.com.

The Defendant claimed that its website Privacy Policy provided notice of the site’s use of a trap and trace device, including a warning to site visitors that the Defendant may collect personal data like the user’s name, email, phone number, and postal address. But the court said that this was not sufficient to prove that a reasonable user reading the Privacy Policy would definitely understand it – or that it would necessarily involve the use of TikTok software to monitor and essentially spy on the user.

Federal Court Denies Dismissal of TikTok Trap & Trace Claim Against HoMedics

The California Central District Court recently issued a second court order in the digital privacy complaint against FKA Distributing Co. and HoMedics. FKA Distributing argued that the complaint should be dismissed for lack of personal jurisdiction, failure to allege a concrete injury, and failure to allege an actual violation of the Trap & Trace Law. The court rejected all of these arguments, finding them “unavailing.”

Personal Jurisdiction

The federal court quickly found that the Defendant waived personal jurisdiction when they failed to raise it as an issue in an earlier motion to dismiss the invasion of privacy complaint.

Consumers Harmed by HoMedics Privacy Violations

The court also found that the plaintiff adequately alleged concrete and particularized injury to her privacy rights. Specifically, the court said that the plaintiff provided the facts necessary for a trap & trace complaint, such as the number of times she visited the HoMedics website, exactly what information she provided on the site, what information the Defendant captured, and the fact that she was not aware of the Defendant’s tracking practices.

The plaintiff showed that she visited the HoMedics website in March 2024. The plaintiff also clearly alleged that the Defendant operates TikTok software on the website for the purpose of collecting users’ personal identifying information, including:

Device and browser types.
Geographic locations.
Referral URLs.

Moreover, the plaintiff alleged that the Defendant unlawfully collects this information from everyone who visits the website, and that this happens automatically as soon as anyone lands on the site.

TikTok Software Violates Consumer Privacy Interests

FKA Distributing Co. argued that the plaintiff failed to show that any private or personal identifying information had been collected by the Defendant’s website. The court rejected this argument as well. According to the court, the plaintiff alleges that the Defendant’s TikTok software “effectively de-anonymizes the website user” to collect tracking information. Additionally, this data collection allegedly happens regardless of whether the user has a TikTok account.

The court concluded that the plaintiff’s allegations are sufficient to establish a concrete injury from visiting HoMedics.com. This injury would be a direct harm to the plaintiff’s privacy interests because the compilation and collection of users’ personal data occurs without consent.

Did You Visit the HoMedics Website? Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If you visited the HoMedics website for any reason, it’s possible that your data was unlawfully collected and sent to TikTok. This could make you eligible to join a class action lawsuit to receive monetary compensation for the violation of your privacy rights. The legal team at Tauler Smith LLP represents plaintiffs in California trap & trace claims, consumer fraud complaints, and other types of consumer protection lawsuits. We can help you get justice.

Call 310-590-3927 or send an email to talk with one of our experienced California consumer protection attorneys today.

California Invasion of Privacy Act Lawsuit Against IHOP

December 12, 2024/in Consumer Protection /by taulersmith

The Los Angeles consumer protection lawyers at Tauler Smith LLP recently won a pre-trial demurrer hearing in a trap & trace complaint against IHOP. The California Invasion of Privacy Act lawsuit against IHOP was filed by a California consumer who alleged that the restaurant chain installed a trap and trace device on its website to unlawfully monitor website visitors without consent. IHOP argued that the case should be dismissed before trial, but the court overruled the Defendant’s demurrer and said that the case against IHOP can proceed.

To learn more about the lawsuit against IHOP, keep reading this blog.

Trap & Trace Lawsuit Against IHOP Heard in California Court

The Defendant in the recent digital privacy lawsuit is IHOP Restaurants, LLC. IHOP, or International House of Pancakes, is a popular pancake house restaurant chain with nearly 2,000 locations in the United States and internationally.

The civil suit against IHOP is being adjudicated in the Los Angeles County Superior Court and presided over by Judge Michael Small. A California consumer filed the lawsuit because IHOP allegedly installed a trap & trace device on their website to effectively spy on site visitors. This would constitute a clear violation of the California Invasion of Privacy Act (CIPA), which is codified in California Penal Code Section 638.51.

Cal. Penal Code § 638.51 is known as the “trap and trace” provision because it prohibits companies from utilizing trap & trace devices to collect data from consumers without permission. The statute explicitly states that a person or company “may not install or use a pen register or a trap and trace device without first obtaining a court order.”

TikTok Software

According to the legal complaint, IHOP’s website uses a trap & trace device created by TikTok to gather private information about site visitors without their consent. As soon as consumers access IHOP’s website, their personal information is allegedly collected via the TikTok software.

Demurrer Hearing

The Defendant filed a demurrer to dismiss the lawsuit, with an additional motion to strike a request for punitive damages.

The lawsuit against IHOP alleges that IHOP installed TikTok software on its website and that IHOP uses this software to “trap and trace” private information about consumers. The Los Angeles County Superior Court rejected IHOP’s demurrer and ruled that the allegations against IHOP are sufficient to state a cause of action for a violation of the CIPA.

Lawsuit: IHOP’s Website Software Is a Trap & Trace Device

What exactly is a trap & trace device? The California Invasion of Privacy Act (CIPA) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication.”

The precedent in these cases is clear: courts have repeatedly held that communications or chat features on websites do qualify as “electronic communications” for the purposes of the Trap & Trace Statute. In this case, the court also ruled that the TikTok software allegedly installed by IHOP on its website “falls within the ambit of the definition of a ‘trap and trace device’ in Section 638.50.” That’s because the TikTok software is a device that captures identifying information about visitors to the IHOP website.

Telephone Lines and Websites

In its demurrer, IHOP argued that the reach of the CIPA should be limited to devices that are capable of being physically attached to telephone lines, which relies on a definition of “trap and trace device” that would exclude the invasive TikTok software allegedly installed on the IHOP website.

The court rejected IHOP’s interpretation of the statute because the definition of “trap and trace devices” found in the CIPA is extremely broad: it encompasses more than just devices that capture an originating phone number, and therefore applies to more than just telephone lines.

TikTok Software = Trap & Trace Device

The L.A. County Superior Court went even further than many previous courts to rule that the California Legislature contemplated that the CIPA might cover “the development of new devices and techniques for the purpose of eavesdropping upon private communications.” The court added that the TikTok software allegedly utilized by IHOP is precisely such a “new technique” for capturing the confidential information of consumers without their consent.

IHOP Not Exempt from Liability for Utilizing Trap and Trace Devices

There are a few exceptions to the CIPA prohibition against the use of trap & trace devices. A company may utilize trap & trace devices if:

The device is being used to operate, maintain, and test a wire or electronic communication service.
The consent of the user has been obtained prior to use.

In its ruling on the demurrer, the L.A. County Superior Court found that neither of these exceptions applies to IHOP’s use of TikTok trap & trace software on the company website.

Court Rejects IHOP’s Arguments for Exemption

IHOP attempted to argue that it should be exempt from liability under Section 638.51(b)(5) as a “provider of electronic or wire communication services,” with the website being the service it provides. The court found this argument unpersuasive because IHOP failed to show how it might need the TikTok software to operate and maintain its website.

IHOP also tried to argue that it should be exempt from liability because the company has consented to the use of the trap & trace software installed on its website. The court quickly rejected this argument because the consent exception of the CIPA obviously applies to website visitors, not to the owners and operators of a website.

Private Right of Action Against IHOP for Violating the CIPA

In its demurrer, IHOP also argued that there is no private right of action under the California Invasion of Privacy Act (CIPA). If true, this would mean that consumers would not be able to file civil suits against companies that violate the CIPA. But the court rejected this argument because the CIPA specifically provides for statutory damages.

In fact, the CIPA allows victims to file suit against a company that violated the CIPA for either:

$5,000 per violation; or
Treble damages equaling three times the amount of actual damages sustained by the victim.

Significantly, the statute calls for plaintiffs who bring trap & trace complaints to be awarded whichever amount is greater.

Plaintiffs Eligible for Punitive Damages in California Invasion of Privacy Cases

Buried within IHOP’s demurrer was also a motion to strike the punitive damages part of the complaint and essentially deny any request for a punitive damages award at the conclusion of the trial.

Although the court granted the motion to strike, it also reiterated that the California Invasion of Privacy Act (CIPA) does allow for punitive damages to be awarded against a defendant. To receive punitive damages for a violation of the Trap and Trace Law, the plaintiff must prove that the defendant acted maliciously or fraudulently when using trap and trace software to collect customer information.

Contact an Experienced Los Angeles Consumer Protection Lawyer

Are you a California resident who visited the IHOP website? Did you visit any other websites operated by companies that might be using trap & trace devices to monitor users? If so, you may be eligible to file a lawsuit in a California court to receive monetary compensation. The Los Angeles consumer protection attorneys at Tauler Smith LLP represent plaintiffs in invasion of privacy claims, and we can help you.

Call 310-590-3927 or email us to schedule a free consultation and learn about your legal options.

Entravision Sued for Trap & Trace Violation

Entravision Sued for Violating California Trap & Trace Law

December 11, 2024/in Consumer Protection /by taulersmith

International media company Entravision was sued for violating the California Trap & Trace Law. The plaintiff in the lawsuit is a California consumer who alleged that her data was unlawfully collected when she visited the Entravision website. According to the complaint, Entravision uses TikTok software to record and gather personal data from every person who visits the website, which exposes this confidential information to the communist Chinese government.

The plaintiff is being represented by the Los Angeles consumer protection attorneys at Tauler Smith LLP. Entravision’s defense attorneys tried to get the lawsuit dismissed, but the L.A. County Superior Court overruled the Defendant’s demurrer motion. As a result, the invasion of privacy claim against Entravision may now be heard at trial.

Entravision Accused of Using TikTok Software to Collect Data from Website Visitors

Entravision Communications Corporation is a global media, marketing, and technology company. Entravision’s headquarters is located in Santa Monica, California, and the company owns several television and radio stations in many of the top Hispanic markets throughout the country. Entravision is also the largest affiliate group of Univision, with Univision owning television stations operated by Entravision.

The digital privacy lawsuit was filed against Entravision Communications Corporation in the Superior Court of California, County of Los Angeles. The judge in the case, the Honorable Elaine W. Mandel, recently presided over a pre-trial demurrer hearing.

The plaintiff, a California consumer, sued Entravision Communications for allegedly violating the California Trap and Trace Law. Entravision was accused of using TikTok software on its company website to unlawfully collect the personal data of website visitors. Moreover, the plaintiff alleged that Entravision utilized the trap and trace software with willful and conscious disregard of the privacy rights of site visitors.

Cal. Penal Code § 638.51: California Trap and Trace Law

The California Trap and Trace Law is codified in Cal. Penal Code Section 638.51, which is part of the California Invasion of Privacy Act (CIPA). The CIPA broadly applies to two types of technology commonly used on some websites: pen registers and trap & trace devices. These devices are often used to record information that identifies the source of an electronic communication, including online communications on websites.

In this case, Entravision is accused of using TikTok software to identify website users through browser information, geographic information, and URL tracking data. That personal information is then sent to TikTok. Moreover, all of this is allegedly done without the consent of website visitors.

Court Rejects Demurrer: Privacy Lawsuit Against Entravision Can Proceed

A demurrer tests the sufficiency of a complaint and ensures that courts do not waste time hearing a complaint that does not allege essential facts about the case. In this case, Entravision filed a demurrer and argued that the lawsuit against the media company should be dismissed during the pre-trial stage. The Los Angeles County Superior Court rejected the Defendant’s demurrer and ruled that the case should proceed.

Entravision made five (5) arguments in support of its demurrer motion, all of which were rejected by the court.

Failure to Allege Facts to Support Cause of Action

Entravision argued that the plaintiff’s complaint should be dismissed for failing to allege facts sufficient to constitute a cause of action. The court ruled that the plaintiff sufficiently showed that Entravision collects data from every visitor to its website. Along with the plaintiff’s evidence that she visited the website, this was enough to establish her claim for unlawful collection of private data.

Websites Are Not “Pen Registers”

Entravision argued that the plaintiff did not show that Entravision used a pen register as defined by Section 638.51 of the Cal. Penal Code. Specifically, the Defendant contended that only physical telephone lines qualify as “pen registers” under the statute.

The court rejected the Defendant’s argument and held that both federal and state law on trap & trace devices may apply to websites, not just telephones. The court pointed to the California Invasion of Privacy Act (CIPA), which does not limit the definition of either “pen register” or “trap and trace” device to physical devices attached to telephone lines. This broad interpretation of the statute means that the plaintiff in this case did not need to allege the use of a physical pen register device by Entravision.

Exemption from Liability

Entravision argued that it should be exempt from liability under the California Trap and Trace Law because the company is an electronic communications service provider. Cal. Penal Code § 638.51(b)(1) states that a provider of electronic or wire communication service is allowed to use a pen register or a trap and trace device to operate, maintain, and test its service.

The court rejected the Defendant’s argument because the question of whether Entravision is exempt under the law should be determined at trial, not during the pre-trial demurrer stage.

Not a Prohibited “Device” or “Process”

Entravision argued that the plaintiff failed to plead that the Defendant used a device or process prohibited by the California Trap and Trace Law.

The court rejected the Defendant’s argument because the TikTok software allegedly used by Entravision does qualify as a “process” that captures incoming electronic impulses to identify the source of an electronic communication on the company’s website. Moreover, since users are never informed that the Entravision website is collecting their private data and sharing it with the Chinese government, this would be considered a violation of the Trap & Trace Law.

Failure to Plead “Oppression, Fraud, or Malice”

Entravision argued that punitive damages in the case should be dismissed because the plaintiff failed to plead “oppression, fraud, or malice.”

The court rejected this argument because the plaintiff alleged that a reasonable jury might find the Defendant’s conduct so “vile or contemptible” that it justifies punitive damages. This aligned with the plaintiff’s contention that Entravision intentionally invaded consumers’ privacy without their knowledge or consent and that this conduct constituted “criminal activity.”

The court also held that punitive damages are not subject to demurrers.

Call the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Do you live in California? Did you visit the Entravision website for any reason? If so, it’s possible that your personal information was unlawfully collected. The Los Angeles consumer protection lawyers at Tauler Smith LLP represent individuals whose privacy has been invaded by California companies. Call 310-590-3927 or email us today.

Trap & Trace Lawsuit Against MSC Cruises

October 3, 2024/in Consumer Protection /by taulersmith

The California consumer protection lawyers at Tauler Smith LLP are representing a consumer who filed a trap & trace lawsuit against MSC Cruises. The cruise ship company has been accused of utilizing trap & trace technology on its website to collect customer information without permission. The Superior Court of Los Angeles County recently ruled on a demurrer filed by the Defendant in the case: the court overruled the demurrer, which means that the case against MSC Cruises could proceed to trial.

For additional information about the MSC Cruises trap and trace complaint, keep reading.

Lawsuit: MSC Cruises Violated the California Invasion of Privacy Act (CIPA)

MSC Cruises is the world’s largest privately held cruise company. The global cruise line operates a website that invites customers to “sail to over 250 of the world’s most sought-after travel destinations.” Site visitors can register and book cruises directly on the website.

The civil lawsuit filed against MSC Cruises in L.A. County Superior Court alleges that the cruise ship company violated the California Invasion of Privacy Act (CIPA) by utilizing trap and trace software on their website.

What Is the California Invasion of Privacy Act?

The California Invasion of Privacy Act (CIPA) is codified in Penal Code § 638.51, which states that “a person may not install or use a pen register or a trap and trace device without first obtaining a court order.”

Pen Registers

As set forth by the statute, a “pen register” is a device or process that records certain information transmitted by an instrument that also transmits a wire or electronic communication. This information includes dialing, routing, addressing, or signaling information. Importantly, a pen register does not record or decode the contents of a communication.

There are exceptions to California’s digital privacy law on pen registers. For example, the pen register prohibition in the CIPA does not apply to a device used for billing purposes, cost accounting, or other similar purposes that exist in the ordinary course of business.

Trap & Trace Devices

The California Invasion of Privacy Act (CIPA) defines a “trap and trace device” as “a device or process that captures incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

The last clause in the definition is what MSC Cruises focused on for one of its pre-trial arguments: the Defendant argued that the TikTok Software on its website only intercepts the content of communications, which would not fit the definition of a trap and trace device. However, the court found the opposite to be true: that the civil suit against MSC Cruises sufficiently alleged that the TikTok Software used on the company’s website collects data such as device, browser, and geographic information about site visitors. This is precisely the type of data which would show where users are located and thus violate the CIPA.

MSC Cruises Accused of Using TikTok Software on Its Website

Alarmingly, MSC Cruises is accused of collaborating with the Chinese government to use TikTok software to gather personal information about website visitors without their knowledge or consent. According to the complaint, MSC Cruises installed software created by TikTok on the company’s website. The TikTok Software was allegedly created for the purpose of identifying website visitors, collecting data about the visitors, and then matching the information with existing customer data that the social media platform already possessed.

The complaint alleges that the TikTok Software uses a de-anonymization process that runs codes or “scripts” on the MSC Cruises website to identify users and then send user details to TikTok. This includes data such as browser information, geographic information, referral tracking, and URL tracking.

The digital privacy complaint states that visitors of the MSC Cruises website do not consent to have their data collected and shared with TikTok. That’s because the TikTok Software allegedly starts working the moment a user lands on a website page. According to the trap & trace lawsuit, the software collects and shares the information “regardless of the cookie banner which appears on the site.” In other words, a site visitor does not have an opportunity to opt out of the collecting and sharing of their personal data because this occurs as soon as visitors land on a page or click on a page.

Pre-Trial Motion: Court Rules in Favor of Plaintiff in MSC Cruises Trap & Trace Lawsuit

The Plaintiff, a California consumer represented by Tauler Smith LLP, filed her CIPA complaint against MSC Cruises in Los Angeles County Superior Court. A short time later, the Defendant filed a demurrer with the court. Basically, this meant that the Defendant asked the court to dismiss the complaint. The court heard arguments from both sides, then ruled in favor of the Plaintiff.

Trap & Trace Software

MSC Cruises filed a demurrer with the L.A. County Superior Court on the grounds that the complaint failed to allege a violation of the California Invasion of Privacy Act (CIPA). Specifically, the Defendant argued that it had not utilized a “pen register” or a “trap and trace device” as defined by the statute because the CIPA only explicitly covers telephone-based communications, not website-based communications.

The court rejected the Defendant’s argument and found that the Plaintiff’s trap and trace complaint alleged facts sufficient for a violation of the CIPA. First, the court stated that the plain language of Section 638.51 does not limit the statute to telephone-based communications. Beyond that, the court noted that the Plaintiff did not need to provide a detailed description of the TikTok Software used by MSC Cruises at this stage of the legal proceedings; instead, all that is needed is facts alleging that the software installed on the cruise ship website captures user information which would reasonably lead to the source of the users’ communications with the website.

Consent to Trap & Trace Devices

In its demurrer filed with the court, MSC Cruises also argued that users of its website consented to the capture of their personal data through automated technologies simply by visiting the website. However, the court found that the Plaintiff’s complaint clearly alleged that the TikTok Software captured user data without users’ consent or knowledge. Moreover, this data capture occurred as soon as a user landed on the website – and without users submitting the information to the website voluntarily.

Call a Los Angeles Consumer Protection Attorney Today

Are you a California resident? Did you visit the MSC Cruises website to book a cruise vacation or for any other reason? If so, your personal data may have been compromised. The Los Angeles consumer protection lawyers at Tauler Smith LLP represent victims of consumer privacy violations, and we help them get financial compensation. Call 310-590-3927 or send an email to discuss your legal options.

CIPA Claim Against Taylor Farms

October 2, 2024/in Consumer Protection /by taulersmith

Tauler Smith LLP won an important pre-trial argument in a CIPA claim against Taylor Farms. The lawsuit, which was heard in the Los Angeles County Superior Court, stemmed from allegations that Taylor Farms violated the California Invasion of Privacy Act (CIPA) by using trap & trace software on the produce distribution company’s website to collect customer data without permission. The court ruled that the Plaintiff pled sufficient facts to support a reasonable inference that the Defendant violated the consumer protection statute. This was a major victory for the Los Angeles consumer protection attorneys at Tauler Smith.

Taylor Farms Accused of Using Tracking Software to Collect Customer Information Without Consent

Taylor Farms, which operates under the name Taylor Fresh Foods, Inc., is one of the leading producers of fruits and vegetables in the United States. The company distributes produce to numerous supermarket chains and restaurants, including Chipotle and McDonald’s.

The complaint against Taylor Farms alleged that the company’s website utilized tracking software created by TikTok to identify certain confidential user information, including device and browser information, geographic information, referral tracking, and URL tracking. The use of trap and trace software is a violation of the California Invasion of Privacy Act (CIPA), codified in Penal Code § 638.51. The CIPA has an express purpose to “protect the right of privacy” of California consumers. When a website operator utilizes a trap and trace device to track a site visitor’s information without consent, they have invaded the privacy of that individual.

Digital “Fingerprinting”

According to the lawsuit, the TikTok Software’s digital process is known as “fingerprinting.” This allows companies to gather user data by running code or “scripts” on their websites and then send user details to TikTok. The data is matched with information that the Chinese-owned social media company has already amassed about hundreds of millions of Americans.

What Is a “Trap and Trace Device”?

Section 638.51 of the California Invasion of Privacy Act (CIPA) stipulates that, under most circumstances, “a person may not install or use a pen register or a trap and trace device without first obtaining a court order.”

What is a trap and trace device? The statute defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

Trap & Trace Lawsuit Against Taylor Farms

Taylor Farms was sued for allegedly violating the California Invasion of Privacy Act (CIPA) by using trap & trace software on the company’s website. The lawsuit alleged that the site deployed TikTok Software to identify visitors by using electronic impulses generated from users’ devices. Without either visitors’ consent and or a court order to use the TikTok Software to track visitors of the website, this would be a violation of consumer privacy under the CIPA.

After the lawsuit was filed, Taylor Farms filed a formal objection in the form of a demurrer. The company argued that the original complaint failed to state a cause of action and should therefore be dismissed.

Court: Denied Demurrer in CIPA Complaint Against Taylor Fresh Foods

L.A. Superior Court Judge Daniel S. Murphy heard arguments and then issued a ruling denying the Taylor Farms demurrer. The ruling stated that the Plaintiff’s complaint alleged the two elements necessary to establish a violation of the CIPA:

The Defendant installed a prohibited pen register or trap & trace device.
The Defendant installed the trap & trace device without a court order.

Significantly, the court said that the allegations in the digital privacy complaint against Taylor Fresh Foods, Inc. “support a reasonable inference that Plaintiff had her information tracked without her consent, thus resulting in harm to her personal autonomy.” This outstanding pre-trial outcome represented yet another consumer protection court victory for the Tauler Smith law firm.

The California Invasion of Privacy Act Applies to Websites and Software

In a filing with the court, Taylor Farms argued that the California Invasion of Privacy Act (CIPA) only regulates physical trap & trace devices and therefore does not apply to IP addresses or “standard website data collection.” The court strongly rejected this argument.

In its ruling, the court said that the CIPA does not limit the definition of “pen register” or “trap and trace device” to physical devices attached to telephone lines. In fact, said the court, the statute’s definitions make no reference to a physical attachment. Moreover, a trap & trace device is broadly defined as applying to “electronic communications,” which the court noted “encompasses a range of transfers plainly not limited to telephone lines.”

Additionally, the court agreed with the Plaintiff’s cited case of Greenley v. Kochava, in which the U.S. District Court for the Southern District of California held that a software development kit installed in a third-party mobile application constituted a violation of the CIPA’s pen register prohibition. In that case, the court said that unlawful trap and trace technology can involve software that identifies consumers and gathers data through unique “fingerprinting.”

Section 638.51 Applies to Websites

In its demurrer filing, the Defendant also argued that the CIPA should not apply to websites because such an interpretation would subject every website to liability. Again, the court strongly rejected the Defendant’s argument. The court stated that the TikTok Software allegedly gathered unique location information and tracked user data that went well beyond the type of data which might be necessary for the proper functioning of a website.

In fact, the court said that the Defendant’s interpretation of the CIPA would lead to the “absurd result” of immunizing all websites from prosecution under the law. In other words, the CIPA would basically cease to exist because anyone who visited a website would automatically consent to the use of a trap and trace device and other tracking software.

Who Is the “User” of a Website in a Trap and Trace Claim?

The court also rejected an argument by the Defendant that Taylor Farms was the “user” of the TikTok Software allegedly installed on its website and therefore consented to the use of a pen register or trap & trace device. This argument would mean that no website visitor could ever bring a viable claim under the California Invasion of Privacy Act (CIPA) because every website operator necessarily consents to the use of the software on their own site. In other words, the CIPA “could never be violated.”

Again, the court found that it would be absurd to accept an interpretation of the CIPA which would mean every website operator could escape liability even when website user privacy is invaded.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited a company’s website, it’s possible that your data was shared with third parties like TikTok. The California consumer protection attorneys at Tauler Smith LLP represent plaintiffs in consumer privacy claims, and we can help you. Call 310-590-3927 or email us to schedule a free consultation.

Law.com Article on C2 Education Trap & Trace Lawsuit

August 4, 2024/in Press /by taulersmith

The Los Angeles consumer protection lawyers at Tauler Smith LLP recently filed a class action against C2 Education in U.S. District Court that accuses the tutoring company of collaborating with TikTok to collect consumer data. The case is getting significant press coverage: a Law.com article on the C2 Education trap & trace lawsuit explores the implications of the federal court’s pre-trial ruling, which denied a motion to dismiss the complaint and essentially said that software embedded on a website can violate the California Trap and Trace Law.

Read the Law.com article, “Federal Ruling ‘Sets Precedent’ for ‘Trap and Trace’ Software Class Actions in Calif.” And for more information about the class action lawsuit against C2 Education, keep reading this blog.

Federal Court: C2 Education May Have Used Trap & Trace Devices to Collect Consumer Information

A Law.com article on the C2 Education trap and trace lawsuit discusses the recent class action complaint filed against the tutoring company for allegedly using trap & trace devices to collect consumer data on its website without permission. The online article also highlights the important precedent that may have been set for trap and trace lawsuits in California:

A federal court delivered a landmark decision impacting “trap and trace” software cases in California, denying defendant C2 Educational Systems Inc. a motion to dismiss a class action alleging it violated the California Invasion of Privacy Act (CIPA) through its partnership with TikTok.

“These allegations demonstrate that Defendant, through the use of the TikTok Software, collected Plaintiff’s information, thereby constituting an invasion of privacy. And invasions of privacy are actionable injuries,” the ruling stated.

“I think it’s a big ruling because you have, in this instance…a federal court saying this is a claim that the federal courts recognize, which generally means that state courts will also recognize trap and trace claims,” said plaintiff’s attorney Robert Tauler.

C2 Education Accused of Collaborating with TikTok to Collect Information from Website Visitors

Los Angeles law firm Tauler Smith LLP filed a class action lawsuit against C2 Education because the online tutoring and test prep company is allegedly violating the California Invasion of Privacy Act (CIPA) through its partnership with TikTok. The Defendant subsequently filed a motion to dismiss the class action from the U.S. District Court for the Central District of California. After evaluating arguments from both sides, the court denied C2 Education’s motion to dismiss.

Assuming the case ultimately reaches trial, the Defendant will need to answer the allegations that they breached California’s Trap and Trace Law, codified as Cal. Penal Code § 638.51 of the CIPA. The Trap and Trace Law prohibits the use of pen registers and trap & trace devices that record dialing or routing information from website visitors. The lawsuit against C2 Education specifically alleges that the tutoring company installed TikTok software on its website to siphon user data and match it with TikTok’s much larger user database. This process, known as “fingerprinting,” gives companies the ability to identify personal information about otherwise anonymous website users.

Landmark Decision: U.S. District Court Sets Precedent for California Trap & Trace Claims

In its motion to dismiss the class action lawsuit, C2 Education argued that the Trap & Trace provision of the California Invasion of Privacy Act (CIPA) should only apply to physical devices attached to telephone lines, not to website software. The United States District Court for the Central District of California disagreed. The court highlighted § 638.50 of the CIPA, which broadly refers to “devices that record or capture information.” The court also cited Greenley v. Kochava, Inc., an earlier case finding that software “fingerprinting” falls squarely under the pen register definition outlined by the CIPA.

Legal experts have noted that the federal court’s pre-trial ruling in the C2 Education trap & trace case may have broadened the scope of the California Trap & Trace Law and, by extension, strengthened protections for consumers against digital privacy violations and fraud. In fact, the Law.com article on the case called it “a landmark decision.” Los Angeles consumer protection lawyer Robert Tauler, who is representing the plaintiff in the C2 Education class action, observed that this is “the first case effectively saying that software on a website can violate the Trap and Trace Law.”

Did You Visit the C2 Education Website? Contact the California Consumer Protection Attorneys at Tauler Smith LLP

Los Angeles law firm Tauler Smith LLP represents plaintiffs in cases involving invasion of privacy violations. Our California consumer protection lawyers have filed dozens of trap & trace claims on behalf of consumers, including a class action complaint against C2 Education. If you are a California resident who visited the C2 Education website, you may be eligible to join the class action lawsuit.

Call 310-590-3927 or email us today.

Judge Denies Motion to Dismiss Class Action Against C2 Education

July 30, 2024/in Consumer Protection /by taulersmith

Tauler Smith LLP recently filed a trap and trace lawsuit against C2 Education for violating the California Invasion of Privacy Act (CIPA), and now a federal court has ruled: a judge denied the motion to dismiss the class action against C2 Education. The complaint alleges that the leading provider of tutoring services nationwide has unlawfully installed “trap and trace” software on its website and allowed the social media app TikTok to collect private data from site visitors. The Defendant filed a motion to dismiss the lawsuit, but the court rejected all of the Defendant’s pre-trial arguments. This represents a major victory for the California consumer protection lawyers at Tauler Smith LLP.

For more information about the lawsuit against C2 Education for invasion of privacy, and to learn whether you might be eligible to join the class action, keep reading.

Tutoring Company C2 Education Sued for Invasion of Privacy

Tauler Smith LLP represents California consumers who have filed a class action complaint against C2 Educational Systems Inc., a company which markets itself as a leading provider of tutoring, test prep, and college admissions counseling services to K-12 students in California and throughout the United States. The company’s online tutoring programs can be accessed at the website www.c2educate.com. This website is at the heart of the lawsuit against C2 Education because of the company’s partnership with the controversial social media platform TikTok. According to the lawsuit, C2 Education allows TikTok to install a “trap and trace device” on the tutoring website landing page and to secretly collect personal data about consumers who visit the site.

What Are “Trap and Trace Devices”?

What are trap and trace devices? California consumer protection law defines these as devices or processes that record or capture “dialing, routing, addressing, or signaling information” from a “wire or electronic communication.” When a company embeds and uses a pen register or trap and trace device without first obtaining a court order, they are directly violating Section 638.51 of the Trap and Trace Law.

Lawsuit: C2 Education Violated California’s Trap and Trace Law

The California Trap and Trace Law is codified in California Penal Code § 638.51, a provision of the California Invasion of Privacy Act (CIPA). The lawsuit against C2 Education alleges that the tutoring company violated the Trap and Trace Law’s prohibition against the use of pen registers and trap & trace devices: TikTok software embedded on the C2 Education website is utilized to unlawfully collect site visitors’ information without either express or implied consent. Beyond that, site visitors are never informed that their data is being collected and shared with the Chinese government for “fingerprinting” and de-anonymization.

“Fingerprinting”

According to the legal complaint, the TikTok de-anonymization software installed on the C2 Education website uses a process known as “fingerprinting.” This allows the site to collect data from visitors, and the data is then matched with TikTok’s massive user database to uncover visitors’ identities. The personal data that TikTok allegedly collects from website visitors includes device and browser information, geographic information, referral tracking, and URL tracking.

“AutoAdvanced Matching”

The class action lawsuit also alleges that C2 Education enables TikTok’s “AutoAdvanced Matching” feature, which allows TikTok to run codes or “scripts” that capture data from online forms filled out by website users. This form data may include things like the user’s name, date of birth, and physical address.

Defendant Files Motion to Dismiss Class Action Complaint

The complaint against C2 Education was filed in the United States District Court for the Central District of California. The Defendant filed the motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6), which calls for a case to be dismissed when a plaintiff fails to state a claim upon which relief can be granted.

The Defendant argued that the complaint should be dismissed because:

Section 638.51 does not apply to website software.
The TikTok Software used by C2 Education merely collects information that is necessary for the basic operation and maintenance of the website.
Consent was given for use of the TikTok Software on the C2 Education website.
The TikTok Software only collects the “contents of a communication,” which is allowed under the statute.
Section 638.51 is a criminal statute and does not provide plaintiffs with a private right of action in civil court.

Federal Judge Denies Motion to Dismiss Trap & Trace Lawsuit Against C2 Education

U.S. District Judge R. Gary Klausner heard arguments from both sides and then issued a ruling denying the Defendant’s motion to dismiss. This means that the case against C2 Education could now proceed to trial. In fact, the court strongly rejected all of the Defendant’s arguments, and may have even set precedent for trap & trace class actions.

The court’s responses to the Defendant’s arguments are addressed below:

CIPA Applies to TikTok Software

C2 Education argued that the claim should be dismissed because California Penal Code § 638.52 uses language about “telephone lines,” not websites. Also, the statute indicates that a pen register or trap and trace device must be a physical device attached to a telephone line. Therefore, argued the Defendant, the TikTok Software embedded in the C2 Education website is not covered by the Trap and Trace Law because the software is not a physical device attached to a phone line. The U.S. District Court disagreed.

In rejecting the Defendant’s motion for dismissal, the court highlighted an important distinction between § 638.52 and § 638.50. Although Section 638.52 refers to trap & trace devices as physically attached to telephone lines, Section 638.50 does not include any such requirement: the statute refers broadly to “devices or processes” that capture information electronically. Additionally, other federal courts have interpreted the statute broadly by focusing on the result of the impermissible data collection and concluded that tracking software can constitute a pen register or trap & trace device under the law.

TikTok Software Collects Consumers’ Personal Data

C2 Education also argued that the complaint should be dismissed because the TikTok Software only records data needed for the operation and maintenance of the tutoring website. Since the Trap and Trace Law includes an exception for the use of pen registers and trap & trace devices to “operate and maintain” an electronic communication service, this kind of use would be allowed under the law. The district court rejected this argument.

In its ruling, the U.S. District Court noted that the plaintiff alleged that the TikTok Software is used by C2 Education to record more than just IP addresses. For example, the complaint alleges that the software also records browser and device data, form data, and other personal information about website visitors. The court found that this type of data collection is probably not necessary for the operation and maintenance of the website, so the statutory exception cited by the Defendant would not apply in this case.

Consumers Did Not Consent to Use of TikTok Software

Under § 638.51 of the Trap & Trace Law, companies are allowed to use pen registers and trap and trace devices if the website user has provided consent. C2 Education argued that the invasion of privacy lawsuit should be dismissed because the main “user” of the website was the Defendant, who consented to the use of tracking software. The court understandably rejected this argument because California law would seem to indicate that the only relevant user of a website is the site visitor, not the site operator – and the user in this instance did not consent to having their personal data collected by the TikTok software. As such, ruled the court, the lawsuit against C2 Education should survive summary judgment and possibly go to trial.

C2 Education Collects Personal Information from Consumers

The California Trap and Trace Law applies to websites that use pen registers or trap & trace devices to record “dialing, routing, addressing, or signaling information.” However, since the statute seemingly does not apply when the “contents of a communication” are recorded, the Defendant in this case argued that the data collected by the TikTok Software on the C2 Education website does not fall within the scope of the statute. Once again, the U.S. District Court rejected the Defendant’s argument.

The court found that the lawsuit clearly alleges that the TikTok Software used by C2 Education gathers “device and browser information, geographic information, and browsing history.” Moreover, the lawsuit describes multiple data points that the TikTok Software allegedly captures, which is sufficient to bring a claim under the Trap & Trace Law.

CIPA Allows Consumers to Sue for Digital Privacy Violations

The Trap and Trace Law is a part of the California Invasion of Privacy Act (CIPA), which is codified as Cal. Penal Code § 638.51. The Defendant argued that the civil lawsuit against C2 Education should be dismissed at the summary judgment phase because the CIPA is a criminal statute with criminal penalties and does not allow individual defendants to seek monetary remedies in a civil suit. The court rejected this argument because the CIPA explicitly confers a private right of action and allows individual consumers to bring lawsuits. The court specifically pointed to § 637.2, which has a broad and unambiguous endorsement of private rights of action for all CIPA violations.

U.S. District Court: C2 Education’s Use of TikTok Software May Have Violated California Consumer Privacy Laws

At the conclusion of its order rejecting the Defendant’s motion to dismiss, the U.S. District Court for the Central District of California stated that the allegations in the class action complaint “demonstrate that the Defendant, through use of the TikTok Software, collected site visitors’ information, thereby constituting an invasion of privacy.” Significantly, the plaintiffs may now have the opportunity to argue their case at trial – which represents another successful pre-trial outcome for the Tauler Smith litigation team.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited the C2 Education website for any reason, you may have been the victim of an unlawful invasion of privacy. Contact the Los Angeles consumer protection attorneys at Tauler Smith LLP to find out if you are eligible to join a class action lawsuit to receive financial compensation. Call 310-590-3927 or send an email.

Trap and Trace Class Action Against Skullcandy

July 8, 2024/in Consumer Protection /by taulersmith

California law firm Tauler Smith LLP has filed a trap and trace class action against Skullcandy. The civil suit, filed in Los Angeles County Superior Court, accuses the headphone technology company of unlawfully sharing customer data with TikTok for the purposes of fingerprinting and de-anonymization. The consumer fraud lawyers litigating the lawsuit have also accused Skullcandy of violating California consumer protection laws by failing to obtain consent from website visitors.

Are you a California resident who visited the Skullcandy website? If so, you might be eligible to join a class against lawsuit against Skullcandy. Contact Tauler Smith LLP for more information.

Skullcandy Headphone Company Accused of Using Trap & Trace Fingerprinting Software

Skullcandy is a company that sells technology products, including headphones, earphones, and Bluetooth speakers marketed to a “youth” demographic, with an emphasis on use during videogaming, snowboarding, and skateboarding. These products are primarily sold in brick-and-mortar retail stores and via the company’s online store.

The legal complaint against Skullcandy alleges that the company’s website installed sophisticated software to de-anonymize website traffic, allowing social media behemoth TikTok access to personal information about otherwise anonymous site visitors. The trap and trace software allegedly runs on virtually every page of Skullcandy’s website, meaning that anyone who visited the site may have unknowingly been the victim of a digital privacy violation. More specifically, the Skullcandy trap and trace software relies on electronic impulses generated from website visitors’ devices. This is allegedly done by Skullcandy in concert with the social media platform TikTok to identify site visitors and gain valuable information about Skullcandy’s target market.

What Is a Trap & Trace Device?

According to California consumer protection law, a trap and trace device is any type of device or process capable of capturing incoming electronic impulses to identify the originating number, dialing, routing, addressing, or signaling information. In other words, it’s a device that can trace the source of an electronic communication. When a company uses one of these devices to obtain customer data without authorization, the act could constitute a very serious violation of California’s Trap and Trace Law and subject the company to fines and other statutory penalties.

Lawsuit: Skullcandy Customer Data Unlawfully Shared with TikTok

According to the class action lawsuit filed in L.A. Superior Court, the Skullcandy website uses software created by TikTok for the express purpose of identifying site visitors. This is accomplished through a process known as “fingerprinting,” which collects extensive data about otherwise anonymous website visitors. The personal information is then matched with existing records that TikTok has already acquired about the millions of Americans who use the popular social media platform. At the same time, TikTok adds the data to their accumulated data about user behavior.

Skullcandy Accused of Violating the California Invasion of Privacy Act

The California Invasion of Privacy Act (CIPA) was enacted to curb the invasion of privacy resulting from use of certain technologies that pose “a serious threat to the free exercise of personal liberties.” The statute applies to the unlawful use of trap & trace software by companies doing business in California and imposes civil liability against businesses that use trap and trace software without first obtaining either direct permission from website visitors or legal permission from a judge via a court order.

According to the class action recently filed against Skullcandy in California court, the company’s trap and trace software begins to collect personal information the moment a user lands on the Skullcandy website. This is done despite the fact that the site features a “cookie banner” which ostensibly would prohibit Skullcandy from gathering customer data until the customer signs off on it. Instead, website visitor data has already been sent to TikTok before the visitor even has a chance to consent.

The personal information gathered by the TikTok trap & trace software includes the following:

Device and browser information.
Geographic information.
Referral tracking.
URL tracking.
Images of products the user is interested in.

You May Be Eligible to Join the California Trap & Trace Class Action Against Skullcandy

It is a major breach of trust, and violation of California consumer protection law, for a company to use trap and trace software to obtain a website visitor’s phone number or other identifying information. The class action lawsuit recently filed against Skullcandy alleges that the headphone company is collaborating with the Chinese government to obtain personal information from website visitors. Further, the lawsuit alleges that the company is doing this without informing site visitors.

A California resident who visited the Skullcandy website may be eligible to join the class action lawsuit and obtain monetary damages. That’s because California has tough consumer protection laws, and the statutory penalties for violations of Section 638.51 of the California Penal Code in particular are severe. Companies that unlawfully use a trap and trace device can be punished with a statutory penalty of $2,500 for each violation of the law.

Did You Visit the Skullcandy Website? Contact a Los Angeles Consumer Protection Lawyer

If you visited the Skullcandy website, it is possible that your confidential information was unlawfully collected and shared with third parties. The Los Angeles consumer protection attorneys at Tauler Smith LLP are representing plaintiffs in a class action against Skullcandy. Call 310-590-3927 or email us.

C2 Education Trap and Trace Class Action

Trap and Trace Class Action Against C2 Education

July 8, 2024/in Consumer Protection /by taulersmith

One of the country’s largest tutoring companies has been accused of invading the privacy of customers. The California consumer protection attorneys at Tauler Smith LLP recently filed a trap and trace class action against C2 Education for collaborating with TikTok, the popular but controversial social media platform, by installing a trap & trace device on its website as a means to collect data from consumers. According to the lawsuit, C2 Education has installed a code on their website that automatically sends user details to TikTok. Additionally, the TikTok de-anonymization software secretly installed on the tutoring website makes it possible for the educational services provider to identify site users by using electronic impulses generated from site visitors’ devices. All of these alleged acts constitute clear violations of California’s strong digital privacy laws, which is why the tutoring company now faces a consumer class action lawsuit in federal court.

For additional information about the class action filed against C2 Educational Systems Inc., keep reading this blog.

What Is the Legal Definition of a “Trap and Trace Device”?

The California Trap and Trace law is codified in Section 638.51 of the California Invasion of Privacy Act (CIPA), which specifically limits how companies can use trap & trace devices to gather information about website visitors. Section 638.50(c) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” As set forth by the statute, a company must first get a court order before installing a trap and trace device on a website.

Violations of § 638.50(c), or any other part of the California Invasion of Privacy Act (CIPA), could result in the offender being civilly liable for monetary damages.

Class Action Lawsuit: C2 Education Collected Personal Data of Website Visitors

C2 Education markets itself as the nation’s preeminent tutoring, test prep, and college admissions counseling provider. C2 Education provides online tutoring programs for K-12 students, including standardized test preparations, school subjects tutoring, college admission counseling, and education boot camps. The tutoring company serves more than 25,000 students across the country every year, with services offered both online at the C2 Education website and at brick-and-mortar locations throughout the United States, including California.

As part of its marketing regime, C2 Education has partnered with social media app TikTok to install sophisticated software on the tutoring website’s landing page. This software allegedly allows C2 Education to gain access to very personal information about consumers who happen to land on the site, including the individual’s location, source, and identity.

Is C2 Education Using TikTok to Unlawfully Share Customer Data?

The TikTok de-anonymization software allegedly used by C2 Education is designed for the sole purpose of identifying and capturing the source of incoming electronic impulses, which makes it possible to identify dialing, routing, addressing, and signaling information generated by users of the C2 Education website. Significantly, this software is deployed without consumers’ knowledge or consent.

According to the recent lawsuit filed in U.S. district court, visitors to the C2 Education website are not informed that the site is capturing their personal identifying information. The class action suit also alleges that site visitors are not informed that the company is collaborating with the Chinese government. That’s because C2 Education did not obtain consumers’ express or implied consent to be subject to data sharing with Chinese-owned TikTok for the purposes of fingerprinting and de-anonymization.

“Fingerprinting” Technology

The TikTok software allegedly used by C2 Education collects consumer data via a process known as “fingerprinting.” This means that the software gathers and stores as much data as it can about an otherwise anonymous visitor to the website and then matches it with data that TikTok has already acquired and accumulated about hundreds of millions of Americans who use the social media app.

“Advanced Matching” Technology

The TikTok software, which uses “AutoAdvanced Matching” technology, scans the C2 Education website by running code or “scripts.” When the site user provides personal information – such as name, date of birth, or mailing address – the details are sent simultaneously to TikTok so that the social media provider can isolate with certainty the individual to be targeted.

Tutoring Company Sued for Violating California’s Trap and Trace Law

The invasive TikTok software allegedly runs on every page of C2 Education’s website, making it impossible for site visitors to avoid having their data collected. This means that every time a user clicks on a page, the site instantly sends the communications to TikTok. The social media company then adds the data to their massive collection of user behavior and, in turn, assists C2 Education with targeted marketing while keeping a trove of information for itself. These disturbing acts prompted Los Angeles consumer protection law firm Tauler Smith LLP to file a class action lawsuit against C2 Education in the United States District Court for the Central District of California.

C2 Education’s alleged installation of the TikTok tracing software is a violation of California’s Trap and Trace Law, which is codified as California Penal Code Section 638.51. This is part of the California Invasion of Privacy Act (CIPA), which imposes civil liability and significant statutory penalties against companies that install trap and trace software without either user permission or a court order.

Statutory Penalties

The class action lawsuit against C2 Education seeks multiple forms of relief for plaintiffs, including the following:

A court order enjoining C2 Education from continuing its alleged unlawful conduct, as well as an order to disgorge any data already collected through use of the TikTok software.
Statutory damages provided by the CIPA, which may include fines of up to $2,500 for each violation of the statute.

C2 Education Case Sets Precedent for Trap & Trace Software Claims in California

The class action complaint against C2 Education may have already set a new legal precedent for trap & trace class actions in California. In a pre-trial ruling on a motion to dismiss the complaint, the U.S. District Court effectively said that software installed on a website can violate California’s Trap and Trace Law. Moreover, since this was a federal court ruling, it is likely that California state courts will also recognize trap & trace claims based on website privacy violations.

Did You Visit the C2 Education Website? Contact a California Consumer Protection Attorney Today

Did you visit the C2 Education website? If you filled out any online forms or provided any personal information to the tutoring company, you may be eligible to join a class action lawsuit to obtain monetary damages. The California consumer fraud attorneys at Tauler Smith LLP are representing plaintiffs who were victims of consumer privacy violations by C2 Education. To learn more, call 310-590-3927 or email us today.