Posts

Peachybbies Consumer Privacy Lawsuit

CIPA Claim Against Peachybbies Can Proceed

/in /by

Peachybbies Consumer Privacy Lawsuit

A California court recently ruled that a trap & trace CIPA claim against Peachybbies can proceed. The Plaintiff, a California consumer, alleged that Peachybbies violated the California Invasion of Privacy Act (CIPA) by installing TikTok Software on its website to track and intercept the personal information of website visitors without their consent. This data was then allegedly shared with TikTok, the Chinese-owned social media platform. While the Defendant attempted to get the case dismissed at an early stage, the Los Angeles County Superior Court has now ruled that the invasion of privacy lawsuit may move forward.

For more information about the ongoing trap and trace complaint against Peachybbies, keep reading this blog.

Peachybbies Accused of Wiretapping Violations of the California Invasion of Privacy Act (CIPA)

Peachybbies Slime, LLC is a popular online platform specializing in handcrafted, sensory-focused slime products marketed to both kids and adults. The company’s website is playfully called the Peachybbies Slime Shop, and visitors can purchase slime products directly from the site. Customers can make one-time purchases, or they can commit to subscription services through the site.

Invasion of Privacy Lawsuit

The Plaintiff, a California consumer, alleged that Peachybbies violated the California Invasion of Privacy Act (CIPA), codified in Cal. Penal Code Section 631. Specifically, the Plaintiff alleged that Peachybbies committed a wiretapping violation of the privacy statute by using TikTok software to track website visitors’ activity on the company’s online “Slime Shop.”

The civil suit against Peachybbies alleges that the company has partnered with TikTok to install sophisticated software on its website landing page. This software, created by TikTok, can be used to learn the location, source, and identity of consumers who happen to land on the Peachybbies website.

Digital “Fingerprinting” Violations

According to the lawsuit, the TikTok Software embedded on the Peachybbies website acts via a process known as “fingerprinting” to collect information from anonymous visitors. Once site visitors are unmasked and identified, their private information could be used for vague “marketing and surveillance reasons.”

Importantly, this personal information is collected the instant a visitor lands on the Peachybbies website, and this data collection continues as the user clicks through the website. This means that anyone who visits the Peachybbies website would have no opportunity to provide consent for the collection of their personal data, nor would they have a chance to consent to the sharing of their data with TikTok.

What Type of Personal Data Is Peachybbies Accused of Collecting from Website Visitors?

Peachybbies has been accused of using “fingerprinting” software to collect website visitors’ personal data. While Peachybbies tried to claim that they did not collect the usernames or passwords of website visitors, the Plaintiff emphasized that the Peachybbies website has embedded powerful fingerprinting software – the TikTok Software – on its website to immediately intercept electronic signals from site visitors’ devices. This private information could include:

  • Geographic information
  • Browser history
  • Images of the visitor
  • Age
  • Date of birth
  • Phone number
  • Physical address

The type of information allegedly collected by the Defendant goes far beyond basic information such as an IP address.

Moreover, once this private information is collected by the Defendant, it is then transmitted to TikTok’s servers without user consent: data collection that is far more extensive and intrusive than a mere IP address. After the personal information of site visitors is shared with TikTok, users can potentially be identified by cross-referencing TikTok’s vast database of information on hundreds of millions of Americans.

California Court Ruling: Peachybbies May Have Unlawfully Used a Trap & Trace Device to Monitor Consumers

The digital privacy lawsuit against Peachybbies is being adjudicated in the Superior Court of the State of California, County of Los Angeles. The Defendant filed a demurrer action seeking to get the trap & trace complaint dismissed for failure to state facts sufficient to state a cause of action. The Defendant made several arguments in support of its demurrer:

  1. There would be public policy concerns if every website was subject to the protections afforded by California’s consumer privacy laws.
  2. There is a conflict between two different privacy laws: the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA).
  3. The Plaintiff does not have standing to sue because she did not allege a specific injury.
  4. The CIPA does not apply to internet communications.

All of these arguments were rejected by the Los Angeles County Superior Court, which overruled the Defendant’s demurrer and ruled in favor of the Plaintiff. The court stated that, for pleading purposes, “the complaint sufficiently establishes the use of a trap and trace device” by Peachybbies.

This is another major courtroom victory for Tauler Smith LLP because it means that the online consumer privacy lawsuit against Peachybbies may now proceed.

Public Policy Supports California Invasion of Privacy Claim Against Peachybbies

In its demurrer motion, the Defendant attempted to argue that the California Invasion of Privacy Act (CIPA) was originally passed as a way to protect individuals against government surveillance. This would mean that the CIPA only applies to “peace officers” who intercept communications, not the parties to the communications themselves. According to the Defendant, any attempt to expand the reach of the Trap & Trace Law to protect consumers against unlawful monitoring and surveillance by businesses would be too sweeping and essentially impose civil liability on every website, especially online e-commerce stores.

In response, the Plaintiff reiterated that the TikTok Software embedded on the Peachybbies website collects data that goes well beyond the type of data required for the ordinary operation of a website.

The Superior Court of Los Angeles County agreed with the Plaintiff. The court declared that, at the pleading stage, “it may be inferred that the Plaintiff is asserting a legitimate privacy violation as opposed to challenging basic website functions.”

California Invasion of Privacy Act (CIPA) Applies to Alleged Consumer Privacy Violations by Peachybbies

The Defendant claimed that the use of TikTok Software by Peachybbies to monitor website visitors was done solely for the purpose of “tracking the effectiveness of their marketing efforts,” including optimizing advertising campaigns and understanding consumer behavior. Since these types of tracking technologies are regulated by the California Consumer Privacy Act (CCPA), argued the Defendant, consumers are already protected: the statute requires businesses to provide clear notice, disclose the categories of personal information collected, and offer consumers the right to opt out of the sharing of their personal data. It is this internet-specific privacy law, said the Defendant, that should apply in the case, not the more far-reaching California Invasion of Privacy Act (CIPA).

In response, the Plaintiff first noted that Peachybbies was distorting the statutory text of both the CIPA and the CCPA. According to the lawsuit, the TikTok Software collects personal data that goes much further than basic analytics because the code embedded on the Peachybbies website captures and transmits signals to TikTok’s servers for the purpose of user identification and behavioral profiling. In its ruling on the demurrer, the Los Angeles County Superior Court noted the Plaintiff’s allegation that “this level of data transmission is not necessary for basic website functionality.”

There Is No Conflict Between CIPA and CCPA Privacy Laws

With respect to any potential conflict between the CCPA and the CIPA, the court rejected the Defendant’s contention that the CCPA should apply in the case instead of the CIPA’s Trap and Trace Law. That’s because the CCPA regulates what companies do after information is collected, while the CIPA governs how such information is obtained in the first place. The two privacy laws actually work in tandem, and the CCPA certainly does not curtail or limit the application of the CIPA in this case.

Moreover, even if the statutes were in conflict, the law that affords the greatest protection for consumer privacy rights would be the controlling law. In this case, the CIPA provides the strongest privacy protection because the TikTok Software used by Peachybbies begins to collect personal data the moment a user lands on the site – and before the user has any chance to read or act on a privacy policy or opt-out.

Once again, the Superior Court of Los Angeles County agreed with the Plaintiff. In its ruling rejecting the Defendant’s demurrer, the court observed that the Defendant failed to cite a single case where a CIPA claim was dismissed for being in conflict with the CCPA.

Court: California Consumer Has Standing to Sue Peachybbies for Violating CIPA

The Defendant argued that the consumer privacy claim should be dismissed because the Plaintiff failed to allege a specific injury resulting from Peachybbies’ consumer data collection practices. According to the Defendant’s demurrer, even if the privacy of consumers is violated when they visit the Peachybbies website, the California consumer who filed this particular lawsuit did not show that her private data had been collected and that her privacy had been invaded.

In response, the Plaintiff noted that the California consumer bringing the lawsuit alleged a clear invasion of her privacy by Peachybbies, including support for her claim with specific facts such as the date of her website visit and the type of data unlawfully collected. These types of privacy invasions caused by surreptitious surveillance software have been recognized by courts as actionable injuries under both the CIPA and the California Constitution. Moreover, the Plaintiff observed that the TikTok Software utilized by Peachybbies collected personal data from every site visitor, including the Plaintiff.

The Los Angeles County Superior Court agreed with the Plaintiff. The court found that, for pleading purposes, “the complaint sufficiently establishes that the Plaintiff’s private data was collected, causing injury.”

Court Ruling: California’s Trap & Trace Law Applies to Websites

The Defendant also made a widely rejected argument that the California Invasion of Privacy Act (CIPA) defines “trap and trace devices” and “pen registers” in a way that excludes websites from the statute because the law only applies to telephone communications, not internet communications. According to the Defendant, pen registers are typically installed on landline telephones to track a subject’s outgoing calls, while trap & trace devices are typically installed on landline telephones to track a subject’s incoming calls. If the CIPA only applies to monitoring by telephones, then it would not apply to the use of TikTok Software to monitor website visitors, to collect their personal information, and to share that data with third parties.

In response, the Plaintiff showed that the Defendant was attempting to limit the scope of California’s consumer privacy laws, including the Trap and Trace Law, to outdated telephone surveillance tools. This would wrongly exclude modern, software-based tracking technologies like the TikTok Software embedded on the Peachybbies website.

Plain Language of CIPA Statute

The Defendant’s interpretation of the California Invasion of Privacy Act (CIPA) would contradict the plain language of the statute, which defines “electronic communication” broadly to include “any transfer of signs, signals, writings, images, sounds, data, or intelligence of any nature in whole or in part by a wire, radio, electromagnetic, photoelectric, or photo-optical system.” The TikTok Software used by the Peachybbies website is a very powerful fingerprinting process that instantly captures incoming electronic impulses and signals from site visitors’ devices as soon as the visitor lands on any page of the website, as well as anytime the visitor clicks on the website. This kind of data collection via electronic impulses clearly falls within the scope of the CIPA.

Legal Precedent

The Defendant’s interpretation of the CIPA would also disregard legal precedent and settled principles of statutory interpretation by numerous California courts. Nowhere in the Trap & Trace Law does it indicate that the statute is limited to telephone surveillance technology. In fact, the CIPA plainly applies to eavesdropping, which can take many forms due to advances in science and technology. California courts have routinely held that the privacy law applies to software because it explicitly references “wire or electronic communications.”

Public Policy

California’s Trap and Trace Law must be applied to evolving methods of digital surveillance in order to protect consumers against the unlawful monitoring of their internet communications, as well as the sharing of their personal data without consent. Any other interpretation of the law would open the floodgates for unscrupulous companies to use their websites to extract and exploit users’ personal information without consent.

In its pre-trial ruling against Peachybbies, the Los Angeles County Superior Court agreed with the Tauler Smith LLP attorneys representing the Plaintiff. The court noted the Defendant’s own definition of a “trap and trace device” references electronic communications that include the transfer of “signs” and “signals.” The court also highlighted the Plaintiff’s allegations that the TikTok Software utilized by Peachybbies collects extensive data that goes far beyond mere IP tracking or routine data collection and that is not needed for the ordinary operation of the website.

Call or Email the California Consumer Protection Lawyers at Tauler Smith LLP

When a website collects your personal information without consent, it is a well-established violation of California criminal and civil law. When your personal data is then shared with third parties, it is also a violation of California’s stringent consumer privacy laws. If you visited a website that tracked your user activity, you may be able to file a lawsuit to recover monetary damages. The Los Angeles consumer protection attorneys at Tauler Smith LLP represent plaintiffs in California invasion of privacy lawsuits, including trap and trace claims.

Call 310-590-3927 or send an email to learn about your legal options.

Trane Technologies Lawsuit

Trap & Trace Lawsuit Against Trane Technologies

/in /by

Trane Technologies Lawsuit

The California consumer protection lawyers at Tauler Smith LLP recently secured an important pre-trial win in a trap & trace lawsuit against Trane Technologies. The Plaintiff in the case is a California resident who filed a civil complaint against Trane Technologies, accusing the air conditioning & heating company of violating the Trap and Trace Law contained in the California Invasion of Privacy Act (CIPA). The Defendant filed a demurrer and attempted to get the case dismissed before trial. Now the Los Angeles County Superior Court has issued a ruling against the demurrer and in favor of the California consumer represented by Tauler Smith LLP.

For more information about the online consumer privacy lawsuit against Trane Technologies, keep reading.

Lawsuit: Trane Technologies Shared Website Visitors’ Personal Data with TikTok

Trane Technologies Company, LLC is an international air conditioning & heating distributor that specializes in climate-controlled technology geared toward reducing consumers’ carbon footprint. Their focus is on developing climate control solutions that involve heating, ventilation, air conditioning (HVAC), and refrigeration systems. Information about the products and services offered by Trane Technologies – including air conditioner units for both residential and commercial purposes – can be found on several websites operated by the company.

The Plaintiff in this case filed a civil suit in the Superior Court of California, County of Los Angeles. The lawsuit alleges that the personal information of website visitors was collected by Trane Technologies and then transmitted to social media platform TikTok, which is currently owned and operated by the Chinese government and has been deemed a serious natural security risk by the United States government.

How Does the TikTok Software Work?

According to the lawsuit filed in L.A. Superior Court, Trane Technologies has partnered with TikTok to embed sophisticated software on its landing page. This TikTok Software allegedly allows Trane Technologies to learn the location, source, and identity of consumers who happen to land on the company’s website.

So, how does it work? The TikTok Software allegedly deploys a de-anonymization process to identify site visitors by using electronic impulses generated from their computers, phones, or other electronic devices. More specifically, the TikTok Software utilized by Trane Technologies allegedly runs code or “scripts” on the company’s website to send user details to TikTok. This allows Trane Technologies to gather confidential information about website visitors, including their device and browser information, geographic information, referral tracking, and URL tracking.

Consumer Data Collection Without Consent

Trane Technologies has been accused of collecting consumer data from website visitors without consent. When the Plaintiff visited the Trane Technologies website, his personal identifying information was allegedly accessed via embedded TikTok Software without his consent. This would constitute a very serious violation of California’s Trap and Trace Law, which is codified in Cal. Penal Code § 638.51 of the California Invasion of Privacy Act (CIPA). The digital privacy law prohibits companies from intercepting information during a communication without the consent of the communicators.

Los Angeles Court Denies Demurrer: Invasion of Privacy Lawsuit Against Trane Technologies Can Proceed

Trane Technologies attempted to get the trap & trace claim dismissed before trial by filing a demurrer, challenging the Plaintiff’s complaint on the grounds that the complaint was purportedly insufficient. A demurrer is functionally similar to a “motion to dismiss.” In its demurrer filing, Trane Technologies argued that the Plaintiff’s lawsuit should be thrown out due to failure to state facts sufficient to constitute a cause of action under the California Trap and Trap Law.

Defendant Trane Technologies presented five (5) arguments to the court in support of its demurrer motion:

  1. The Trap & Trace Statute does not apply to website visits alone because visiting a website does not constitute a “communication” or a “trap and trace device” under the law.
  2. The Plaintiff consented to the collection of his personal information.
  3. The Plaintiff lacks standing to sue in this case because he failed to allege a specific, concrete injury suffered as a result of the invasion of privacy by Trane Technologies.
  4. The lawsuit fails to allege facts showing unlawful conduct in the state of California, and the California Invasion of Privacy Act (CIPA) does not apply outside the state.
  5. The Plaintiff’s unclear status as a TikTok user means that the lawsuit should be dismissed.

The court rejected all of the Defendant’s arguments and ruled against the demurrer action. According to the court, Section 638.51 of California’s Trap and Trace Law explicitly prohibits the use of both pen registers and trap and trace devices, which are defined as “devices or processes that record or capture dialing, routing, addressing, or signaling information from a wire or electronic communication.” The court further noted that in order to state a valid claim under § 638.51, the Plaintiff merely needs to allege that the Defendant installed and used either a pen register or a trap & trace device without first obtaining a court order to do so.

Website Communications Are Trap & Trace Devices

The Los Angeles Superior Court rejected the Defendant’s first argument and found that the Plaintiff sufficiently alleged that the TikTok Software utilized by Trane Technologies does, in fact, fall within the plain meaning of a “trap and trace” device as defined under Cal. Penal Code § 638.50.

Section 638.50(c) of the statute defines a “trap and trace device” as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

Further, § 629.51(a)(2) of the statute defines an “electronic communication” as “any transfer of signs, signals, writings, images, sounds, data, or intelligence of any nature in whole or in part by a wire, radio, electromagnetic, photoelectric, or photo-optical system.”

The court stated that the Plaintiff’s allegations that Trane Technologies unlawfully gathers site visitors’ personal information and sends the data to TikTok is sufficient to state a cause of action under the California Trap & Trace Law. As such, the trap & trace lawsuit can move forward.

No Consent for Data Collection by Trane Technologies

The court also rejected the Defendant’s second argument that Trane Technologies should be exempted from the California Invasion of Privacy Act (CIPA) because the Plaintiff somehow consented to the collection of his personal information.

In its ruling on the demurrer motion, the court noted the Defendant’s allegation that the Plaintiff is supposedly a professional litigant who seeks out websites that violate consumer privacy rights. The court said that, even if true, this would not mean that the Plaintiff consented to Trane Technologies’ use of a trap and trace device to collect consumers’ private information. The court also emphasized the Plaintiff’s allegation that the collection of users’ personal data begins automatically “the moment a user visits the website,” which would make it impossible for a site visitor to provide any kind of consent.

California Consumer Has Standing to Sue

The court rejected the Defendant’s third argument that the case should be dismissed because the Plaintiff failed to allege that he suffered any injury resulting from his visit to the Trane Technologies website. The court strongly disagreed with this argument because the lawsuit alleges that the TikTok Software used by Trane Technologies collects data from every visitor of the company’s website.

California’s Privacy Laws Apply to In-State Residents

The court quickly slapped down the Defendant’s fourth argument that the California Invasion of Privacy Act (CIPA) should not apply in this case because the Trane Technologies website is operated outside California. The court said that since the Plaintiff was located in California when he accessed the Defendant’s website, the wrongdoing occurred in California. This means that California’s privacy laws are applicable in the case.

TikTok Users Can File Trap & Trace Claims

Finally, the court rejected the Defendant’s convoluted argument that the Plaintiff’s possible status as a user of TikTok means that he already consented to the collection of his information by third parties. The Defendant suggested that if the Plaintiff was a TikTok user, then he affirmatively consented to the collection of his personal information; and if the Plaintiff was not a TikTok user, then he suffered no harm because the data transmitted by Trane Technologies to TikTok would be meaningless.

The court rejected the Defendant’s argument, stating that any consent the Plaintiff may or may not have provided to TikTok’s own platform would have to be determined at a later stage in the legal proceeding. At this point, declared the court, it is sufficient for the Plaintiff to have alleged that the privacy violation stems from Trane Technologies’ unilateral deployment of tracking code to capture and transmit user data without consent.

Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

California has some of the strongest consumer privacy laws in the country, providing state residents with vigorous protections against invasions of privacy. If you reside in California and you visited any website that collected your data without consent, you may be able to bring a lawsuit to recover substantial monetary damages.

The Los Angeles consumer protection lawyers at Tauler Smith LLP have extensive experience representing plaintiffs in these types of lawsuits. We have filed consumer privacy claims in both state and federal courts. Call 310-590-3927 or email us today.

Rad Power Bikes Lawsuit

Trap & Trace Claim Against Rad Power Bikes

/in /by

Rad Power Bikes Lawsuit

Tauler Smith LLP secured a major courtroom win in a California trap & trace claim against Rad Power Bikes. The plaintiff, a California consumer, filed a class action lawsuit alleging that the e-bike company utilized TikTok tracking code on its website to deanonymize users by trapping and tracing their personal information. The digital privacy case is being heard in the U.S. District Court for the Central District of California, which recently ruled on a pre-trial motion filed by the Defendant. The federal court denied the motion to dismiss, which means that the case could move forward to trial. Significantly, the court found that the plaintiff “plausibly alleged” that the TikTok software embedded on the Rad Power Bikes website can qualify as a trap and trace device under the California Invasion of Privacy Act (CIPA).

To learn more about the invasion of privacy lawsuit against Rad Power Bikes, keep reading this blog.

Rad Power Bikes Accused of Using TikTok Software to Collect Personal Data from Website Visitors

Rad Power Bikes Inc. is an electric bicycle company that operates in the United States. The company sells e-bikes that typically use rechargeable batteries to generate power and travel at higher speeds than normal bicycles. Rad Power Bikes sells its bicycles and related accessories primarily at retail showrooms and on the company’s website at radpowerbikes.com.

According to the civil suit in the California Central District Court, the TikTok software on the Rad Power Bikes website instantly collects visitors’ personal data, including device information, browser information, and geographic location. This information is then sent back to TikTok, which allegedly matches the new data to existing data that the social media app already has on hundreds of millions of individual users. The result is that TikTok is able to identify individual users who visit the Rad Power Bikes site.

Lawsuit: Rad Power Bikes Violated Trap & Trace Law in California Invasion of Privacy Act (CIPA)

The plaintiff in the CIPA class action suit is a California consumer who visited the Rad Power Bikes website. The lawsuit alleges that the website embedded advertising-related TikTok software to deanonymize and identify visitors for marketing and surveillance purposes. This was allegedly done for the benefit of both Rad Power Bikes and social media company TikTok.

According to the complaint, the TikTok software on radpowerbikes.com “gathers device and browser information, geographic information, referral tracking, and URL tracking by running code of scripts to send user details to TikTok.” Moreover, this unauthorized collection of visitors’ personal data allegedly occurs as soon as a visitor accesses the website; visitors do not have an opportunity to consent to the gathering of their data.

TikTok “Fingerprinting”

TikTok allegedly benefits from the collection of user information on the Rad Power Bikes site by comparing the data to its own massive database. This allows TikTok to “fingerprint” and identify website visitors. Since TikTok is currently owned by the communist Chinese government, this kind of data breach could pose significant security risks to American citizens.

CIPA Lawsuit

The legal basis for the lawsuit against Rad Power Bikes is the California Trap and Trace Law, which is codified as Cal. Penal Code § 638.51 in the California Invasion of Privacy Act (CIPA).

The plaintiff in the Rad Power Bikes lawsuit is seeking several types of damages: declaratory relief, statutory damages, and attorney’s fees. Additionally, the plaintiff is seeking to certify the lawsuit as a class action applicable to anyone in California who visited the Rad Power Bikes website.

Court Denies Motion to Dismiss, Allows Trap and Trace Lawsuit Against Rad Power Bikes to Proceed

Rad Power Bikes filed a motion to dismiss before trial. The U.S. district court issued a ruling and denied the motion, which means that the consumer protection case may now go to trial.

The Defendant made three arguments in support of its motion to dismiss the case during the pre-trial stage:

  1. The Defendant argued that the plaintiff in the class action lacked personal jurisdiction.
  2. The Defendant argued that the plaintiff lacked standing to sue.
  3. The Defendant argued that California’s invasion of privacy statute only applies to the interception of telephone calls, not websites.

The court rejected all of these arguments, finding in favor of the plaintiff.

Personal Jurisdiction

Personal jurisdiction is a legal term that means the court has authority to hear a case involving a party with a sufficient connection to the state where the court is located. In this case, the lawsuit was filed in a federal court located in California. That means the plaintiff must show that the Defendant, Rad Power Bikes, does business in California.

In the plaintiff’s response to the motion to dismiss, he alleged that Rad Power Bikes purposefully directed its activities to California “by regularly engaging with California residents through its website and its retail stores.” Moreover, argued the plaintiff, the e-bike company also shared website visitors’ data with TikTok in California.

In its ruling on the motion to dismiss, the court found that Rad Power Bikes did, in fact, intentionally direct its activities to California by allegedly gathering personal information from California visitors to the company’s website. Additionally, the court noted that the electric bike company has a “substantial presence” in the state with four retail stores. Beyond that, Rad Power Bikes has also contracted with TikTok to send user data to California. Therefore, said the court, there are more than enough contacts between Rad Power Bikes and California to establish personal jurisdiction in the state.

Standing to Sue

The court also found that the plaintiff in the case has Article III standing to sue. That’s because the plaintiff adequately alleged an injury caused by the use of TikTok software on the Rad Power Bikes website.

Article III standing is a constitutional requirement that only individuals who have suffered an injury in fact – or a particularized injury – may bring a case in federal court.

Under the California Invasion of Privacy Act (CIPA), it is illegal for a person or business to use devices to capture “dialing, routing, addressing, or signaling information from a wire or electronic communication.” In the lawsuit against Rad Power Bikes, the plaintiff alleged that his statutory privacy rights were infringed – and that this constituted a clear violation of the CIPA. In rejecting the motion to dismiss, the U.S. district court concluded that a violation of privacy rights protected by California law “is sufficient injury for standing purposes.”

CIPA Applies to Websites

The last argument made by the Defendant in its motion to dismiss was that the California Trap and Trace Law does not apply to websites. The court strongly rejected this argument. That’s because the Trap & Trace Law, contained in the California Invasion of Privacy Act (CIPA), applies to any device that records or captures information from a wire or electronic communication. While the Defendant wants the law to apply solely to communications via telephone lines, numerous courts have found that the statute applies to website communications.

With respect to the application of California’s digital privacy laws to websites, Rad Power Bikes also made a sweepingly broad argument that the CIPA claim should be dismissed because it “effectively seeks to criminalize the Internet.” The Defendant’s contention is that most websites use tools like the TikTok software, so a finding in favor of the consumer-plaintiff would have severe implications for all consumer-facing websites. The court rejected this argument on its face. Moreover, the court noted that any questions about the scope of the CIPA should be addressed to the California Legislature, which enacted the consumer privacy law in the first place.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

Are you a California resident? Did you visit the Rad Power Bikes website? Then you might be eligible to join a consumer class action lawsuit to recover damages for violations of the California Invasion of Privacy Act (CIPA). The Los Angeles consumer protection attorneys at Tauler Smith LLP have extensive experience representing plaintiffs in trap & trace claims and invasion of privacy lawsuits in both federal and state courts.

Call 310-590-3927 or email us today to discuss your legal options.

HoMedics Air Purifier

Trap and Trace Class Action Against HoMedics

/in /by

HoMedics Air Purifier

A federal court in California recently ruled on a trap and trace class action against HoMedics and FKA Distributing Co. – and the ruling was fantastic news for the consumer protection attorneys at Tauler Smith LLP. The plaintiff in the case is a California resident who visited the HoMedics website. According to the legal complaint, the website utilized TikTok software to unlawfully collect personal information from the plaintiff and other consumers who visited the site. Now the court has issued a pre-trial ruling in favor of the plaintiff to deny the Defendant’s motion to dismiss.

For more information about the TikTok trap & trace complaint against HoMedics, and to find out if you might be eligible to join the class action, keep reading.

Lawsuit: HoMedics Used TikTok Software to Collect Personal Data of Website Visitors

FKA Distributing Co., or FKA Brands, is a personal care product company. FKA Distributing sells its products across the U.S. and globally in major department stores, specialty stores, and drugstores. Some of the main FKA brands include HoMedics, House of Marley, Revamp Professional, Obus Forme, Ellia, JAM Audio, HMDX Audio, and Sol Republic. FKA primarily does business as HoMedics, which specializes in products related to health and wellness.

HoMedics sells a number of personal care items for the medical and spa industries, including hot/cold compression wraps, dental appliances, magnetic therapy products, electronic back and body massagers, humidifiers, air purifiers, and water purification systems. HoMedics also sells therapeutic bedding products: pillows, mattresses, and protective bedding. Additionally, HoMedics makes products for Sharper Image and Stanley Black & Decker. Many of these products are sold on the Homedics.com website.

Digital Privacy Lawsuit Against HoMedics

The plaintiff alleged that when she visited the Defendant’s website, Homedics.com, her personal data was unlawfully collected with TikTok-created deanonymization software. According to the complaint, the TikTok software instantly gathered data about the plaintiff as soon as she visited the website, including her geographic location and other personal identifying information.

The purpose of this data collection was allegedly to match it with TikTok’s existing data, which could then be used to identify individual visitors. This has legal implications because the collection of a website visitor’s personal data without consent is a direct violation of California’s Trap and Trace Law. That law is codified in Cal. Penal Code § 638.51.

Class Action Lawsuit Against HoMedics in California Central District Court

The plaintiff, a California resident, filed a class action against FKA Distributing Co. on behalf of all persons living in California whose identifying information was sent to TikTok through the use of the HoMedics website. The lawsuit was initiated in the Los Angeles Superior Court and was later removed to a federal court: the United States District Court for the Central District of California.

The class action alleged that FKA Distributing violated California’s Trap and Trace Law. When the case was moved to federal court, FKA Distributing filed a motion to dismiss. That motion was rejected by the court, which means that the claim may now move forward.

HoMedics Accused of Violating the California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act, also known as the CIPA, is codified in Cal. Penal Code § 630. The law imposes both civil and criminal penalties against offenders who engage in electronic interception, recording, or eavesdropping on private communications.

Section 638.51 of the statute prohibits the installation of a pen register or trap & trace device unless the party has obtained a court order to do so.

Under section 637.2 of the statute, a plaintiff can bring a private right of action for violations of the CIPA. This means that consumers can file a lawsuit and recover statutory damages if their personal data has been collected without consent.

Court: FKA Distributing and HoMedics May Have Violated California’s Trap & Trace Law

The first court order in the FKA Distributing TikTok complaint was issued in response to a motion to dismiss. The Defendant argued that the TikTok software allegedly used on the HoMedics website does not constitute a “trap and trace device” within the meaning of § 638.50(c). However, the court found the Defendant’s argument “unpersuasive,” stating that the TikTok software could plausibly constitute a “trap and trace device” and therefore could be a violation of the statute.

HoMedics TikTok Trap & Trace Software

The TikTok software allegedly utilized by the HoMedics website works by gathering the device information, browser information, and geographic information of site visitors, which then allows TikTok to identify individual users.

The California Invasion of Privacy Act (CIPA) defines a trap and trace device as any “device or process that captures the incoming electronic or other impulses” identifying the source of the communication. The federal court in this case noted that the statute’s reference to a “device or process” implies that it is the result of the information gathering that matters: the use of an AutoAdvanced Matching feature on the HoMedics website to identify the source of website visitors does fall within the scope of the Trap & Trace Law.

No Consumer Consent for Data Gathering

FKA Distributing Co. also argued that consent for the tracking of visitors’ data was granted by the Defendant, which was also a party to all communications on its website. The court rejected this absurd argument on its face since the person who needs to provide consent is clearly the website user whose personal data is being tracked by the website.

The Defendant attempted to argue that, by definition, a person cannot “intercept” communications to which they were already a party. But the court found that this narrow reading of the law only applies to allegations of wiretapping violations, not cases like this one that go beyond wiretapping and involve broader allegations of electronic interception.

No Automatic Consent for Data Collection

The court also rejected the Defendant’s argument that website visitors automatically consent to the data collection practices simply by visiting HoMedics.com.

The Defendant claimed that its website Privacy Policy provided notice of the site’s use of a trap and trace device, including a warning to site visitors that the Defendant may collect personal data like the user’s name, email, phone number, and postal address. But the court said that this was not sufficient to prove that a reasonable user reading the Privacy Policy would definitely understand it – or that it would necessarily involve the use of TikTok software to monitor and essentially spy on the user.

Federal Court Denies Dismissal of TikTok Trap & Trace Claim Against HoMedics

The California Central District Court recently issued a second court order in the digital privacy complaint against FKA Distributing Co. and HoMedics. FKA Distributing argued that the complaint should be dismissed for lack of personal jurisdiction, failure to allege a concrete injury, and failure to allege an actual violation of the Trap & Trace Law. The court rejected all of these arguments, finding them “unavailing.”

Personal Jurisdiction

The federal court quickly found that the Defendant waived personal jurisdiction when they failed to raise it as an issue in an earlier motion to dismiss the invasion of privacy complaint.

Consumers Harmed by HoMedics Privacy Violations

The court also found that the plaintiff adequately alleged concrete and particularized injury to her privacy rights. Specifically, the court said that the plaintiff provided the facts necessary for a trap & trace complaint, such as the number of times she visited the HoMedics website, exactly what information she provided on the site, what information the Defendant captured, and the fact that she was not aware of the Defendant’s tracking practices.

The plaintiff showed that she visited the HoMedics website in March 2024. The plaintiff also clearly alleged that the Defendant operates TikTok software on the website for the purpose of collecting users’ personal identifying information, including:

  1. Device and browser types.
  2. Geographic locations.
  3. Referral URLs.

Moreover, the plaintiff alleged that the Defendant unlawfully collects this information from everyone who visits the website, and that this happens automatically as soon as anyone lands on the site.

TikTok Software Violates Consumer Privacy Interests

FKA Distributing Co. argued that the plaintiff failed to show that any private or personal identifying information had been collected by the Defendant’s website. The court rejected this argument as well. According to the court, the plaintiff alleges that the Defendant’s TikTok software “effectively de-anonymizes the website user” to collect tracking information. Additionally, this data collection allegedly happens regardless of whether the user has a TikTok account.

The court concluded that the plaintiff’s allegations are sufficient to establish a concrete injury from visiting HoMedics.com. This injury would be a direct harm to the plaintiff’s privacy interests because the compilation and collection of users’ personal data occurs without consent.

Did You Visit the HoMedics Website? Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If you visited the HoMedics website for any reason, it’s possible that your data was unlawfully collected and sent to TikTok. This could make you eligible to join a class action lawsuit to receive monetary compensation for the violation of your privacy rights. The legal team at Tauler Smith LLP represents plaintiffs in California trap & trace claims, consumer fraud complaints, and other types of consumer protection lawsuits. We can help you get justice.

Call 310-590-3927 or send an email to talk with one of our experienced California consumer protection attorneys today.

IHOP Invasion of Privacy Lawsuit

California Invasion of Privacy Act Lawsuit Against IHOP

/in /by

IHOP Invasion of Privacy Lawsuit

The Los Angeles consumer protection lawyers at Tauler Smith LLP recently won a pre-trial demurrer hearing in a trap & trace complaint against IHOP. The California Invasion of Privacy Act lawsuit against IHOP was filed by a California consumer who alleged that the restaurant chain installed a trap and trace device on its website to unlawfully monitor website visitors without consent. IHOP argued that the case should be dismissed before trial, but the court overruled the Defendant’s demurrer and said that the case against IHOP can proceed.

To learn more about the lawsuit against IHOP, keep reading this blog.

Trap & Trace Lawsuit Against IHOP Heard in California Court

The Defendant in the recent digital privacy lawsuit is IHOP Restaurants, LLC. IHOP, or International House of Pancakes, is a popular pancake house restaurant chain with nearly 2,000 locations in the United States and internationally.

The civil suit against IHOP is being adjudicated in the Los Angeles County Superior Court and presided over by Judge Michael Small. A California consumer filed the lawsuit because IHOP allegedly installed a trap & trace device on their website to effectively spy on site visitors. This would constitute a clear violation of the California Invasion of Privacy Act (CIPA), which is codified in California Penal Code Section 638.51.

Cal. Penal Code § 638.51 is known as the “trap and trace” provision because it prohibits companies from utilizing trap & trace devices to collect data from consumers without permission. The statute explicitly states that a person or company “may not install or use a pen register or a trap and trace device without first obtaining a court order.”

TikTok Software

According to the legal complaint, IHOP’s website uses a trap & trace device created by TikTok to gather private information about site visitors without their consent. As soon as consumers access IHOP’s website, their personal information is allegedly collected via the TikTok software.

Demurrer Hearing

The Defendant filed a demurrer to dismiss the lawsuit, with an additional motion to strike a request for punitive damages.

The lawsuit against IHOP alleges that IHOP installed TikTok software on its website and that IHOP uses this software to “trap and trace” private information about consumers. The Los Angeles County Superior Court rejected IHOP’s demurrer and ruled that the allegations against IHOP are sufficient to state a cause of action for a violation of the CIPA.

Lawsuit: IHOP’s Website Software Is a Trap & Trace Device

What exactly is a trap & trace device? The California Invasion of Privacy Act (CIPA) defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication.”

The precedent in these cases is clear: courts have repeatedly held that communications or chat features on websites do qualify as “electronic communications” for the purposes of the Trap & Trace Statute. In this case, the court also ruled that the TikTok software allegedly installed by IHOP on its website “falls within the ambit of the definition of a ‘trap and trace device’ in Section 638.50.” That’s because the TikTok software is a device that captures identifying information about visitors to the IHOP website.

Telephone Lines and Websites

In its demurrer, IHOP argued that the reach of the CIPA should be limited to devices that are capable of being physically attached to telephone lines, which relies on a definition of “trap and trace device” that would exclude the invasive TikTok software allegedly installed on the IHOP website.

The court rejected IHOP’s interpretation of the statute because the definition of “trap and trace devices” found in the CIPA is extremely broad: it encompasses more than just devices that capture an originating phone number, and therefore applies to more than just telephone lines.

TikTok Software = Trap & Trace Device

The L.A. County Superior Court went even further than many previous courts to rule that the California Legislature contemplated that the CIPA might cover “the development of new devices and techniques for the purpose of eavesdropping upon private communications.” The court added that the TikTok software allegedly utilized by IHOP is precisely such a “new technique” for capturing the confidential information of consumers without their consent.

IHOP Not Exempt from Liability for Utilizing Trap and Trace Devices

There are a few exceptions to the CIPA prohibition against the use of trap & trace devices. A company may utilize trap & trace devices if:

  1. The device is being used to operate, maintain, and test a wire or electronic communication service.
  2. The consent of the user has been obtained prior to use.

In its ruling on the demurrer, the L.A. County Superior Court found that neither of these exceptions applies to IHOP’s use of TikTok trap & trace software on the company website.

Court Rejects IHOP’s Arguments for Exemption

IHOP attempted to argue that it should be exempt from liability under Section 638.51(b)(5) as a “provider of electronic or wire communication services,” with the website being the service it provides. The court found this argument unpersuasive because IHOP failed to show how it might need the TikTok software to operate and maintain its website.

IHOP also tried to argue that it should be exempt from liability because the company has consented to the use of the trap & trace software installed on its website. The court quickly rejected this argument because the consent exception of the CIPA obviously applies to website visitors, not to the owners and operators of a website.

Private Right of Action Against IHOP for Violating the CIPA

In its demurrer, IHOP also argued that there is no private right of action under the California Invasion of Privacy Act (CIPA). If true, this would mean that consumers would not be able to file civil suits against companies that violate the CIPA. But the court rejected this argument because the CIPA specifically provides for statutory damages.

In fact, the CIPA allows victims to file suit against a company that violated the CIPA for either:

  • $5,000 per violation; or
  • Treble damages equaling three times the amount of actual damages sustained by the victim.

Significantly, the statute calls for plaintiffs who bring trap & trace complaints to be awarded whichever amount is greater.

Plaintiffs Eligible for Punitive Damages in California Invasion of Privacy Cases

Buried within IHOP’s demurrer was also a motion to strike the punitive damages part of the complaint and essentially deny any request for a punitive damages award at the conclusion of the trial.

Although the court granted the motion to strike, it also reiterated that the California Invasion of Privacy Act (CIPA) does allow for punitive damages to be awarded against a defendant. To receive punitive damages for a violation of the Trap and Trace Law, the plaintiff must prove that the defendant acted maliciously or fraudulently when using trap and trace software to collect customer information.

Contact an Experienced Los Angeles Consumer Protection Lawyer

Are you a California resident who visited the IHOP website? Did you visit any other websites operated by companies that might be using trap & trace devices to monitor users? If so, you may be eligible to file a lawsuit in a California court to receive monetary compensation. The Los Angeles consumer protection attorneys at Tauler Smith LLP represent plaintiffs in invasion of privacy claims, and we can help you.

Call 310-590-3927 or email us to schedule a free consultation and learn about your legal options.

Entravision Sued for Trap & Trace Violation

Entravision Sued for Violating California Trap & Trace Law

/in /by

Entravision Sued for Trap & Trace Violation

International media company Entravision was sued for violating the California Trap & Trace Law. The plaintiff in the lawsuit is a California consumer who alleged that her data was unlawfully collected when she visited the Entravision website. According to the complaint, Entravision uses TikTok software to record and gather personal data from every person who visits the website, which exposes this confidential information to the communist Chinese government.

The plaintiff is being represented by the Los Angeles consumer protection attorneys at Tauler Smith LLP. Entravision’s defense attorneys tried to get the lawsuit dismissed, but the L.A. County Superior Court overruled the Defendant’s demurrer motion. As a result, the invasion of privacy claim against Entravision may now be heard at trial.

Entravision Accused of Using TikTok Software to Collect Data from Website Visitors

Entravision Communications Corporation is a global media, marketing, and technology company. Entravision’s headquarters is located in Santa Monica, California, and the company owns several television and radio stations in many of the top Hispanic markets throughout the country. Entravision is also the largest affiliate group of Univision, with Univision owning television stations operated by Entravision.

The digital privacy lawsuit was filed against Entravision Communications Corporation in the Superior Court of California, County of Los Angeles. The judge in the case, the Honorable Elaine W. Mandel, recently presided over a pre-trial demurrer hearing.

The plaintiff, a California consumer, sued Entravision Communications for allegedly violating the California Trap and Trace Law. Entravision was accused of using TikTok software on its company website to unlawfully collect the personal data of website visitors. Moreover, the plaintiff alleged that Entravision utilized the trap and trace software with willful and conscious disregard of the privacy rights of site visitors.

Cal. Penal Code § 638.51: California Trap and Trace Law

The California Trap and Trace Law is codified in Cal. Penal Code Section 638.51, which is part of the California Invasion of Privacy Act (CIPA). The CIPA broadly applies to two types of technology commonly used on some websites: pen registers and trap & trace devices. These devices are often used to record information that identifies the source of an electronic communication, including online communications on websites.

In this case, Entravision is accused of using TikTok software to identify website users through browser information, geographic information, and URL tracking data. That personal information is then sent to TikTok. Moreover, all of this is allegedly done without the consent of website visitors.

Court Rejects Demurrer: Privacy Lawsuit Against Entravision Can Proceed

A demurrer tests the sufficiency of a complaint and ensures that courts do not waste time hearing a complaint that does not allege essential facts about the case. In this case, Entravision filed a demurrer and argued that the lawsuit against the media company should be dismissed during the pre-trial stage. The Los Angeles County Superior Court rejected the Defendant’s demurrer and ruled that the case should proceed.

Entravision made five (5) arguments in support of its demurrer motion, all of which were rejected by the court.

  1. Failure to Allege Facts to Support Cause of Action

Entravision argued that the plaintiff’s complaint should be dismissed for failing to allege facts sufficient to constitute a cause of action. The court ruled that the plaintiff sufficiently showed that Entravision collects data from every visitor to its website. Along with the plaintiff’s evidence that she visited the website, this was enough to establish her claim for unlawful collection of private data.

  1. Websites Are Not “Pen Registers”

Entravision argued that the plaintiff did not show that Entravision used a pen register as defined by Section 638.51 of the Cal. Penal Code. Specifically, the Defendant contended that only physical telephone lines qualify as “pen registers” under the statute.

The court rejected the Defendant’s argument and held that both federal and state law on trap & trace devices may apply to websites, not just telephones. The court pointed to the California Invasion of Privacy Act (CIPA), which does not limit the definition of either “pen register” or “trap and trace” device to physical devices attached to telephone lines. This broad interpretation of the statute means that the plaintiff in this case did not need to allege the use of a physical pen register device by Entravision.

  1. Exemption from Liability

Entravision argued that it should be exempt from liability under the California Trap and Trace Law because the company is an electronic communications service provider. Cal. Penal Code § 638.51(b)(1) states that a provider of electronic or wire communication service is allowed to use a pen register or a trap and trace device to operate, maintain, and test its service.

The court rejected the Defendant’s argument because the question of whether Entravision is exempt under the law should be determined at trial, not during the pre-trial demurrer stage.

  1. Not a Prohibited “Device” or “Process”

Entravision argued that the plaintiff failed to plead that the Defendant used a device or process prohibited by the California Trap and Trace Law.

The court rejected the Defendant’s argument because the TikTok software allegedly used by Entravision does qualify as a “process” that captures incoming electronic impulses to identify the source of an electronic communication on the company’s website. Moreover, since users are never informed that the Entravision website is collecting their private data and sharing it with the Chinese government, this would be considered a violation of the Trap & Trace Law.

  1. Failure to Plead “Oppression, Fraud, or Malice”

Entravision argued that punitive damages in the case should be dismissed because the plaintiff failed to plead “oppression, fraud, or malice.”

The court rejected this argument because the plaintiff alleged that a reasonable jury might find the Defendant’s conduct so “vile or contemptible” that it justifies punitive damages. This aligned with the plaintiff’s contention that Entravision intentionally invaded consumers’ privacy without their knowledge or consent and that this conduct constituted “criminal activity.”

The court also held that punitive damages are not subject to demurrers.

Call the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP

Do you live in California? Did you visit the Entravision website for any reason? If so, it’s possible that your personal information was unlawfully collected. The Los Angeles consumer protection lawyers at Tauler Smith LLP represent individuals whose privacy has been invaded by California companies. Call 310-590-3927 or email us today.

MSC Cruises Trap & Trace Lawsuit

Trap & Trace Lawsuit Against MSC Cruises

/in /by

MSC Cruises Trap & Trace Lawsuit

The California consumer protection lawyers at Tauler Smith LLP are representing a consumer who filed a trap & trace lawsuit against MSC Cruises. The cruise ship company has been accused of utilizing trap & trace technology on its website to collect customer information without permission. The Superior Court of Los Angeles County recently ruled on a demurrer filed by the Defendant in the case: the court overruled the demurrer, which means that the case against MSC Cruises could proceed to trial.

For additional information about the MSC Cruises trap and trace complaint, keep reading.

Lawsuit: MSC Cruises Violated the California Invasion of Privacy Act (CIPA)

MSC Cruises is the world’s largest privately held cruise company. The global cruise line operates a website that invites customers to “sail to over 250 of the world’s most sought-after travel destinations.” Site visitors can register and book cruises directly on the website.

The civil lawsuit filed against MSC Cruises in L.A. County Superior Court alleges that the cruise ship company violated the California Invasion of Privacy Act (CIPA) by utilizing trap and trace software on their website.

What Is the California Invasion of Privacy Act?

The California Invasion of Privacy Act (CIPA) is codified in Penal Code § 638.51, which states that “a person may not install or use a pen register or a trap and trace device without first obtaining a court order.”

Pen Registers

As set forth by the statute, a “pen register” is a device or process that records certain information transmitted by an instrument that also transmits a wire or electronic communication. This information includes dialing, routing, addressing, or signaling information. Importantly, a pen register does not record or decode the contents of a communication.

There are exceptions to California’s digital privacy law on pen registers. For example, the pen register prohibition in the CIPA does not apply to a device used for billing purposes, cost accounting, or other similar purposes that exist in the ordinary course of business.

Trap & Trace Devices

The California Invasion of Privacy Act (CIPA) defines a “trap and trace device” as “a device or process that captures incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

The last clause in the definition is what MSC Cruises focused on for one of its pre-trial arguments: the Defendant argued that the TikTok Software on its website only intercepts the content of communications, which would not fit the definition of a trap and trace device. However, the court found the opposite to be true: that the civil suit against MSC Cruises sufficiently alleged that the TikTok Software used on the company’s website collects data such as device, browser, and geographic information about site visitors. This is precisely the type of data which would show where users are located and thus violate the CIPA.

MSC Cruises Accused of Using TikTok Software on Its Website

Alarmingly, MSC Cruises is accused of collaborating with the Chinese government to use TikTok software to gather personal information about website visitors without their knowledge or consent. According to the complaint, MSC Cruises installed software created by TikTok on the company’s website. The TikTok Software was allegedly created for the purpose of identifying website visitors, collecting data about the visitors, and then matching the information with existing customer data that the social media platform already possessed.

The complaint alleges that the TikTok Software uses a de-anonymization process that runs codes or “scripts” on the MSC Cruises website to identify users and then send user details to TikTok. This includes data such as browser information, geographic information, referral tracking, and URL tracking.

The digital privacy complaint states that visitors of the MSC Cruises website do not consent to have their data collected and shared with TikTok. That’s because the TikTok Software allegedly starts working the moment a user lands on a website page. According to the trap & trace lawsuit, the software collects and shares the information “regardless of the cookie banner which appears on the site.” In other words, a site visitor does not have an opportunity to opt out of the collecting and sharing of their personal data because this occurs as soon as visitors land on a page or click on a page.

Pre-Trial Motion: Court Rules in Favor of Plaintiff in MSC Cruises Trap & Trace Lawsuit

The Plaintiff, a California consumer represented by Tauler Smith LLP, filed her CIPA complaint against MSC Cruises in Los Angeles County Superior Court. A short time later, the Defendant filed a demurrer with the court. Basically, this meant that the Defendant asked the court to dismiss the complaint. The court heard arguments from both sides, then ruled in favor of the Plaintiff.

Trap & Trace Software

MSC Cruises filed a demurrer with the L.A. County Superior Court on the grounds that the complaint failed to allege a violation of the California Invasion of Privacy Act (CIPA). Specifically, the Defendant argued that it had not utilized a “pen register” or a “trap and trace device” as defined by the statute because the CIPA only explicitly covers telephone-based communications, not website-based communications.

The court rejected the Defendant’s argument and found that the Plaintiff’s trap and trace complaint alleged facts sufficient for a violation of the CIPA. First, the court stated that the plain language of Section 638.51 does not limit the statute to telephone-based communications. Beyond that, the court noted that the Plaintiff did not need to provide a detailed description of the TikTok Software used by MSC Cruises at this stage of the legal proceedings; instead, all that is needed is facts alleging that the software installed on the cruise ship website captures user information which would reasonably lead to the source of the users’ communications with the website.

Consent to Trap & Trace Devices

In its demurrer filed with the court, MSC Cruises also argued that users of its website consented to the capture of their personal data through automated technologies simply by visiting the website. However, the court found that the Plaintiff’s complaint clearly alleged that the TikTok Software captured user data without users’ consent or knowledge. Moreover, this data capture occurred as soon as a user landed on the website – and without users submitting the information to the website voluntarily.

Call a Los Angeles Consumer Protection Attorney Today

Are you a California resident? Did you visit the MSC Cruises website to book a cruise vacation or for any other reason? If so, your personal data may have been compromised. The Los Angeles consumer protection lawyers at Tauler Smith LLP represent victims of consumer privacy violations, and we help them get financial compensation. Call 310-590-3927 or send an email to discuss your legal options.

Taylor Farms CIPA Claim

CIPA Claim Against Taylor Farms

/in /by

Taylor Farms CIPA Claim

Tauler Smith LLP won an important pre-trial argument in a CIPA claim against Taylor Farms. The lawsuit, which was heard in the Los Angeles County Superior Court, stemmed from allegations that Taylor Farms violated the California Invasion of Privacy Act (CIPA) by using trap & trace software on the produce distribution company’s website to collect customer data without permission. The court ruled that the Plaintiff pled sufficient facts to support a reasonable inference that the Defendant violated the consumer protection statute. This was a major victory for the Los Angeles consumer protection attorneys at Tauler Smith.

Taylor Farms Accused of Using Tracking Software to Collect Customer Information Without Consent

Taylor Farms, which operates under the name Taylor Fresh Foods, Inc., is one of the leading producers of fruits and vegetables in the United States. The company distributes produce to numerous supermarket chains and restaurants, including Chipotle and McDonald’s.

The complaint against Taylor Farms alleged that the company’s website utilized tracking software created by TikTok to identify certain confidential user information, including device and browser information, geographic information, referral tracking, and URL tracking. The use of trap and trace software is a violation of the California Invasion of Privacy Act (CIPA), codified in Penal Code § 638.51. The CIPA has an express purpose to “protect the right of privacy” of California consumers. When a website operator utilizes a trap and trace device to track a site visitor’s information without consent, they have invaded the privacy of that individual.

Digital “Fingerprinting”

According to the lawsuit, the TikTok Software’s digital process is known as “fingerprinting.” This allows companies to gather user data by running code or “scripts” on their websites and then send user details to TikTok. The data is matched with information that the Chinese-owned social media company has already amassed about hundreds of millions of Americans.

What Is a “Trap and Trace Device”?

Section 638.51 of the California Invasion of Privacy Act (CIPA) stipulates that, under most circumstances, “a person may not install or use a pen register or a trap and trace device without first obtaining a court order.”

What is a trap and trace device? The statute defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

Trap & Trace Lawsuit Against Taylor Farms

Taylor Farms was sued for allegedly violating the California Invasion of Privacy Act (CIPA) by using trap & trace software on the company’s website. The lawsuit alleged that the site deployed TikTok Software to identify visitors by using electronic impulses generated from users’ devices. Without either visitors’ consent and or a court order to use the TikTok Software to track visitors of the website, this would be a violation of consumer privacy under the CIPA.

After the lawsuit was filed, Taylor Farms filed a formal objection in the form of a demurrer. The company argued that the original complaint failed to state a cause of action and should therefore be dismissed.

Court: Denied Demurrer in CIPA Complaint Against Taylor Fresh Foods

L.A. Superior Court Judge Daniel S. Murphy heard arguments and then issued a ruling denying the Taylor Farms demurrer. The ruling stated that the Plaintiff’s complaint alleged the two elements necessary to establish a violation of the CIPA:

  1. The Defendant installed a prohibited pen register or trap & trace device.
  2. The Defendant installed the trap & trace device without a court order.

Significantly, the court said that the allegations in the digital privacy complaint against Taylor Fresh Foods, Inc. “support a reasonable inference that Plaintiff had her information tracked without her consent, thus resulting in harm to her personal autonomy.” This outstanding pre-trial outcome represented yet another consumer protection court victory for the Tauler Smith law firm.

The California Invasion of Privacy Act Applies to Websites and Software

In a filing with the court, Taylor Farms argued that the California Invasion of Privacy Act (CIPA) only regulates physical trap & trace devices and therefore does not apply to IP addresses or “standard website data collection.” The court strongly rejected this argument.

In its ruling, the court said that the CIPA does not limit the definition of “pen register” or “trap and trace device” to physical devices attached to telephone lines. In fact, said the court, the statute’s definitions make no reference to a physical attachment. Moreover, a trap & trace device is broadly defined as applying to “electronic communications,” which the court noted “encompasses a range of transfers plainly not limited to telephone lines.”

Additionally, the court agreed with the Plaintiff’s cited case of Greenley v. Kochava, in which the U.S. District Court for the Southern District of California held that a software development kit installed in a third-party mobile application constituted a violation of the CIPA’s pen register prohibition. In that case, the court said that unlawful trap and trace technology can involve software that identifies consumers and gathers data through unique “fingerprinting.”

Section 638.51 Applies to Websites

In its demurrer filing, the Defendant also argued that the CIPA should not apply to websites because such an interpretation would subject every website to liability. Again, the court strongly rejected the Defendant’s argument. The court stated that the TikTok Software allegedly gathered unique location information and tracked user data that went well beyond the type of data which might be necessary for the proper functioning of a website.

In fact, the court said that the Defendant’s interpretation of the CIPA would lead to the “absurd result” of immunizing all websites from prosecution under the law. In other words, the CIPA would basically cease to exist because anyone who visited a website would automatically consent to the use of a trap and trace device and other tracking software.

Who Is the “User” of a Website in a Trap and Trace Claim?

The court also rejected an argument by the Defendant that Taylor Farms was the “user” of the TikTok Software allegedly installed on its website and therefore consented to the use of a pen register or trap & trace device. This argument would mean that no website visitor could ever bring a viable claim under the California Invasion of Privacy Act (CIPA) because every website operator necessarily consents to the use of the software on their own site. In other words, the CIPA “could never be violated.”

Again, the court found that it would be absurd to accept an interpretation of the CIPA which would mean every website operator could escape liability even when website user privacy is invaded.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited a company’s website, it’s possible that your data was shared with third parties like TikTok. The California consumer protection attorneys at Tauler Smith LLP represent plaintiffs in consumer privacy claims, and we can help you. Call 310-590-3927 or email us to schedule a free consultation.

Law.com Article on C2 Education Lawsuit

Law.com Article on C2 Education Trap & Trace Lawsuit

/in /by

Law.com Article on C2 Education Lawsuit

The Los Angeles consumer protection lawyers at Tauler Smith LLP recently filed a class action against C2 Education in U.S. District Court that accuses the tutoring company of collaborating with TikTok to collect consumer data. The case is getting significant press coverage: a Law.com article on the C2 Education trap & trace lawsuit explores the implications of the federal court’s pre-trial ruling, which denied a motion to dismiss the complaint and essentially said that software embedded on a website can violate the California Trap and Trace Law.

Read the Law.com article, “Federal Ruling ‘Sets Precedent’ for ‘Trap and Trace’ Software Class Actions in Calif.” And for more information about the class action lawsuit against C2 Education, keep reading this blog.

Federal Court: C2 Education May Have Used Trap & Trace Devices to Collect Consumer Information

A Law.com article on the C2 Education trap and trace lawsuit discusses the recent class action complaint filed against the tutoring company for allegedly using trap & trace devices to collect consumer data on its website without permission. The online article also highlights the important precedent that may have been set for trap and trace lawsuits in California:

A federal court delivered a landmark decision impacting “trap and trace” software cases in California, denying defendant C2 Educational Systems Inc. a motion to dismiss a class action alleging it violated the California Invasion of Privacy Act (CIPA) through its partnership with TikTok.

“These allegations demonstrate that Defendant, through the use of the TikTok Software, collected Plaintiff’s information, thereby constituting an invasion of privacy. And invasions of privacy are actionable injuries,” the ruling stated.

“I think it’s a big ruling because you have, in this instance…a federal court saying this is a claim that the federal courts recognize, which generally means that state courts will also recognize trap and trace claims,” said plaintiff’s attorney Robert Tauler.

C2 Education Accused of Collaborating with TikTok to Collect Information from Website Visitors

Los Angeles law firm Tauler Smith LLP filed a class action lawsuit against C2 Education because the online tutoring and test prep company is allegedly violating the California Invasion of Privacy Act (CIPA) through its partnership with TikTok. The Defendant subsequently filed a motion to dismiss the class action from the U.S. District Court for the Central District of California. After evaluating arguments from both sides, the court denied C2 Education’s motion to dismiss.

Assuming the case ultimately reaches trial, the Defendant will need to answer the allegations that they breached California’s Trap and Trace Law, codified as Cal. Penal Code § 638.51 of the CIPA. The Trap and Trace Law prohibits the use of pen registers and trap & trace devices that record dialing or routing information from website visitors. The lawsuit against C2 Education specifically alleges that the tutoring company installed TikTok software on its website to siphon user data and match it with TikTok’s much larger user database. This process, known as “fingerprinting,” gives companies the ability to identify personal information about otherwise anonymous website users.

Landmark Decision: U.S. District Court Sets Precedent for California Trap & Trace Claims

In its motion to dismiss the class action lawsuit, C2 Education argued that the Trap & Trace provision of the California Invasion of Privacy Act (CIPA) should only apply to physical devices attached to telephone lines, not to website software. The United States District Court for the Central District of California disagreed. The court highlighted § 638.50 of the CIPA, which broadly refers to “devices that record or capture information.” The court also cited Greenley v. Kochava, Inc., an earlier case finding that software “fingerprinting” falls squarely under the pen register definition outlined by the CIPA.

Legal experts have noted that the federal court’s pre-trial ruling in the C2 Education trap & trace case may have broadened the scope of the California Trap & Trace Law and, by extension, strengthened protections for consumers against digital privacy violations and fraud. In fact, the Law.com article on the case called it “a landmark decision.” Los Angeles consumer protection lawyer Robert Tauler, who is representing the plaintiff in the C2 Education class action, observed that this is “the first case effectively saying that software on a website can violate the Trap and Trace Law.”

Did You Visit the C2 Education Website? Contact the California Consumer Protection Attorneys at Tauler Smith LLP

Los Angeles law firm Tauler Smith LLP represents plaintiffs in cases involving invasion of privacy violations. Our California consumer protection lawyers have filed dozens of trap & trace claims on behalf of consumers, including a class action complaint against C2 Education. If you are a California resident who visited the C2 Education website, you may be eligible to join the class action lawsuit.

Call 310-590-3927 or email us today.

C2 Education Class Action Trial

Judge Denies Motion to Dismiss Class Action Against C2 Education

/in /by

C2 Education Class Action Trial

Tauler Smith LLP recently filed a trap and trace lawsuit against C2 Education for violating the California Invasion of Privacy Act (CIPA), and now a federal court has ruled: a judge denied the motion to dismiss the class action against C2 Education. The complaint alleges that the leading provider of tutoring services nationwide has unlawfully installed “trap and trace” software on its website and allowed the social media app TikTok to collect private data from site visitors. The Defendant filed a motion to dismiss the lawsuit, but the court rejected all of the Defendant’s pre-trial arguments. This represents a major victory for the California consumer protection lawyers at Tauler Smith LLP.

For more information about the lawsuit against C2 Education for invasion of privacy, and to learn whether you might be eligible to join the class action, keep reading.

Tutoring Company C2 Education Sued for Invasion of Privacy

Tauler Smith LLP represents California consumers who have filed a class action complaint against C2 Educational Systems Inc., a company which markets itself as a leading provider of tutoring, test prep, and college admissions counseling services to K-12 students in California and throughout the United States. The company’s online tutoring programs can be accessed at the website www.c2educate.com. This website is at the heart of the lawsuit against C2 Education because of the company’s partnership with the controversial social media platform TikTok. According to the lawsuit, C2 Education allows TikTok to install a “trap and trace device” on the tutoring website landing page and to secretly collect personal data about consumers who visit the site.

What Are “Trap and Trace Devices”?

What are trap and trace devices? California consumer protection law defines these as devices or processes that record or capture “dialing, routing, addressing, or signaling information” from a “wire or electronic communication.” When a company embeds and uses a pen register or trap and trace device without first obtaining a court order, they are directly violating Section 638.51 of the Trap and Trace Law.

Lawsuit: C2 Education Violated California’s Trap and Trace Law

The California Trap and Trace Law is codified in California Penal Code § 638.51, a provision of the California Invasion of Privacy Act (CIPA). The lawsuit against C2 Education alleges that the tutoring company violated the Trap and Trace Law’s prohibition against the use of pen registers and trap & trace devices: TikTok software embedded on the C2 Education website is utilized to unlawfully collect site visitors’ information without either express or implied consent. Beyond that, site visitors are never informed that their data is being collected and shared with the Chinese government for “fingerprinting” and de-anonymization.

“Fingerprinting”

According to the legal complaint, the TikTok de-anonymization software installed on the C2 Education website uses a process known as “fingerprinting.” This allows the site to collect data from visitors, and the data is then matched with TikTok’s massive user database to uncover visitors’ identities. The personal data that TikTok allegedly collects from website visitors includes device and browser information, geographic information, referral tracking, and URL tracking.

“AutoAdvanced Matching”

The class action lawsuit also alleges that C2 Education enables TikTok’s “AutoAdvanced Matching” feature, which allows TikTok to run codes or “scripts” that capture data from online forms filled out by website users. This form data may include things like the user’s name, date of birth, and physical address.

Defendant Files Motion to Dismiss Class Action Complaint

The complaint against C2 Education was filed in the United States District Court for the Central District of California. The Defendant filed the motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6), which calls for a case to be dismissed when a plaintiff fails to state a claim upon which relief can be granted.

The Defendant argued that the complaint should be dismissed because:

  1. Section 638.51 does not apply to website software.
  2. The TikTok Software used by C2 Education merely collects information that is necessary for the basic operation and maintenance of the website.
  3. Consent was given for use of the TikTok Software on the C2 Education website.
  4. The TikTok Software only collects the “contents of a communication,” which is allowed under the statute.
  5. Section 638.51 is a criminal statute and does not provide plaintiffs with a private right of action in civil court.

Federal Judge Denies Motion to Dismiss Trap & Trace Lawsuit Against C2 Education

U.S. District Judge R. Gary Klausner heard arguments from both sides and then issued a ruling denying the Defendant’s motion to dismiss. This means that the case against C2 Education could now proceed to trial. In fact, the court strongly rejected all of the Defendant’s arguments, and may have even set precedent for trap & trace class actions.

The court’s responses to the Defendant’s arguments are addressed below:

  1. CIPA Applies to TikTok Software

C2 Education argued that the claim should be dismissed because California Penal Code § 638.52 uses language about “telephone lines,” not websites. Also, the statute indicates that a pen register or trap and trace device must be a physical device attached to a telephone line. Therefore, argued the Defendant, the TikTok Software embedded in the C2 Education website is not covered by the Trap and Trace Law because the software is not a physical device attached to a phone line. The U.S. District Court disagreed.

In rejecting the Defendant’s motion for dismissal, the court highlighted an important distinction between § 638.52 and § 638.50. Although Section 638.52 refers to trap & trace devices as physically attached to telephone lines, Section 638.50 does not include any such requirement: the statute refers broadly to “devices or processes” that capture information electronically. Additionally, other federal courts have interpreted the statute broadly by focusing on the result of the impermissible data collection and concluded that tracking software can constitute a pen register or trap & trace device under the law.

  1. TikTok Software Collects Consumers’ Personal Data

C2 Education also argued that the complaint should be dismissed because the TikTok Software only records data needed for the operation and maintenance of the tutoring website. Since the Trap and Trace Law includes an exception for the use of pen registers and trap & trace devices to “operate and maintain” an electronic communication service, this kind of use would be allowed under the law. The district court rejected this argument.

In its ruling, the U.S. District Court noted that the plaintiff alleged that the TikTok Software is used by C2 Education to record more than just IP addresses. For example, the complaint alleges that the software also records browser and device data, form data, and other personal information about website visitors. The court found that this type of data collection is probably not necessary for the operation and maintenance of the website, so the statutory exception cited by the Defendant would not apply in this case.

  1. Consumers Did Not Consent to Use of TikTok Software

Under § 638.51 of the Trap & Trace Law, companies are allowed to use pen registers and trap and trace devices if the website user has provided consent. C2 Education argued that the invasion of privacy lawsuit should be dismissed because the main “user” of the website was the Defendant, who consented to the use of tracking software. The court understandably rejected this argument because California law would seem to indicate that the only relevant user of a website is the site visitor, not the site operator – and the user in this instance did not consent to having their personal data collected by the TikTok software. As such, ruled the court, the lawsuit against C2 Education should survive summary judgment and possibly go to trial.

  1. C2 Education Collects Personal Information from Consumers

The California Trap and Trace Law applies to websites that use pen registers or trap & trace devices to record “dialing, routing, addressing, or signaling information.” However, since the statute seemingly does not apply when the “contents of a communication” are recorded, the Defendant in this case argued that the data collected by the TikTok Software on the C2 Education website does not fall within the scope of the statute. Once again, the U.S. District Court rejected the Defendant’s argument.

The court found that the lawsuit clearly alleges that the TikTok Software used by C2 Education gathers “device and browser information, geographic information, and browsing history.” Moreover, the lawsuit describes multiple data points that the TikTok Software allegedly captures, which is sufficient to bring a claim under the Trap & Trace Law.

  1. CIPA Allows Consumers to Sue for Digital Privacy Violations

The Trap and Trace Law is a part of the California Invasion of Privacy Act (CIPA), which is codified as Cal. Penal Code § 638.51. The Defendant argued that the civil lawsuit against C2 Education should be dismissed at the summary judgment phase because the CIPA is a criminal statute with criminal penalties and does not allow individual defendants to seek monetary remedies in a civil suit. The court rejected this argument because the CIPA explicitly confers a private right of action and allows individual consumers to bring lawsuits. The court specifically pointed to § 637.2, which has a broad and unambiguous endorsement of private rights of action for all CIPA violations.

U.S. District Court: C2 Education’s Use of TikTok Software May Have Violated California Consumer Privacy Laws

At the conclusion of its order rejecting the Defendant’s motion to dismiss, the U.S. District Court for the Central District of California stated that the allegations in the class action complaint “demonstrate that the Defendant, through use of the TikTok Software, collected site visitors’ information, thereby constituting an invasion of privacy.” Significantly, the plaintiffs may now have the opportunity to argue their case at trial – which represents another successful pre-trial outcome for the Tauler Smith litigation team.

Contact the California Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited the C2 Education website for any reason, you may have been the victim of an unlawful invasion of privacy. Contact the Los Angeles consumer protection attorneys at Tauler Smith LLP to find out if you are eligible to join a class action lawsuit to receive financial compensation. Call 310-590-3927 or send an email.