Taylor Farms CIPA Claim

CIPA Claim Against Taylor Farms

Taylor Farms CIPA Claim

Tauler Smith LLP won an important pre-trial argument in a CIPA claim against Taylor Farms. The lawsuit, which was heard in the Los Angeles County Superior Court, stemmed from allegations that Taylor Farms violated the California Invasion of Privacy Act (CIPA) by using trap & trace software on the produce distribution company’s website to collect customer data without permission. The court ruled that the Plaintiff pled sufficient facts to support a reasonable inference that the Defendant violated the consumer protection statute. This was a major victory for the Los Angeles consumer protection attorneys at Tauler Smith.

Taylor Farms Accused of Using Tracking Software to Collect Customer Information Without Consent

Taylor Farms, which operates under the name Taylor Fresh Foods, Inc., is one of the leading producers of fruits and vegetables in the United States. The company distributes produce to numerous supermarket chains and restaurants, including Chipotle and McDonald’s.

The complaint against Taylor Farms alleged that the company’s website utilized tracking software created by TikTok to identify certain confidential user information, including device and browser information, geographic information, referral tracking, and URL tracking. The use of trap and trace software is a violation of the California Invasion of Privacy Act (CIPA), codified in Penal Code § 638.51. The CIPA has an express purpose to “protect the right of privacy” of California consumers. When a website operator utilizes a trap and trace device to track a site visitor’s information without consent, they have invaded the privacy of that individual.

Digital “Fingerprinting”

According to the lawsuit, the TikTok Software’s digital process is known as “fingerprinting.” This allows companies to gather user data by running code or “scripts” on their websites and then send user details to TikTok. The data is matched with information that the Chinese-owned social media company has already amassed about hundreds of millions of Americans.

What Is a “Trap and Trace Device”?

Section 638.51 of the California Invasion of Privacy Act (CIPA) stipulates that, under most circumstances, “a person may not install or use a pen register or a trap and trace device without first obtaining a court order.”

What is a trap and trace device? The statute defines a trap and trace device as “a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.”

Trap & Trace Lawsuit Against Taylor Farms

Taylor Farms was sued for allegedly violating the California Invasion of Privacy Act (CIPA) by using trap & trace software on the company’s website. The lawsuit alleged that the site deployed TikTok Software to identify visitors by using electronic impulses generated from users’ devices. Without either visitors’ consent and or a court order to use the TikTok Software to track visitors of the website, this would be a violation of consumer privacy under the CIPA.

After the lawsuit was filed, Taylor Farms filed a formal objection in the form of a demurrer. The company argued that the original complaint failed to state a cause of action and should therefore be dismissed.

Court: Denied Demurrer in CIPA Complaint Against Taylor Fresh Foods

L.A. Superior Court Judge Daniel S. Murphy heard arguments and then issued a ruling denying the Taylor Farms demurrer. The ruling stated that the Plaintiff’s complaint alleged the two elements necessary to establish a violation of the CIPA:

  1. The Defendant installed a prohibited pen register or trap & trace device.
  2. The Defendant installed the trap & trace device without a court order.

Significantly, the court said that the allegations in the digital privacy complaint against Taylor Fresh Foods, Inc. “support a reasonable inference that Plaintiff had her information tracked without her consent, thus resulting in harm to her personal autonomy.” This outstanding pre-trial outcome represented yet another consumer protection court victory for the Tauler Smith law firm.

The California Invasion of Privacy Act Applies to Websites and Software

In a filing with the court, Taylor Farms argued that the California Invasion of Privacy Act (CIPA) only regulates physical trap & trace devices and therefore does not apply to IP addresses or “standard website data collection.” The court strongly rejected this argument.

In its ruling, the court said that the CIPA does not limit the definition of “pen register” or “trap and trace device” to physical devices attached to telephone lines. In fact, said the court, the statute’s definitions make no reference to a physical attachment. Moreover, a trap & trace device is broadly defined as applying to “electronic communications,” which the court noted “encompasses a range of transfers plainly not limited to telephone lines.”

Additionally, the court agreed with the Plaintiff’s cited case of Greenley v. Kochava, in which the U.S. District Court for the Southern District of California held that a software development kit installed in a third-party mobile application constituted a violation of the CIPA’s pen register prohibition. In that case, the court said that unlawful trap and trace technology can involve software that identifies consumers and gathers data through unique “fingerprinting.”

Section 638.51 Applies to Websites

In its demurrer filing, the Defendant also argued that the CIPA should not apply to websites because such an interpretation would subject every website to liability. Again, the court strongly rejected the Defendant’s argument. The court stated that the TikTok Software allegedly gathered unique location information and tracked user data that went well beyond the type of data which might be necessary for the proper functioning of a website.

In fact, the court said that the Defendant’s interpretation of the CIPA would lead to the “absurd result” of immunizing all websites from prosecution under the law. In other words, the CIPA would basically cease to exist because anyone who visited a website would automatically consent to the use of a trap and trace device and other tracking software.

Who Is the “User” of a Website in a Trap and Trace Claim?

The court also rejected an argument by the Defendant that Taylor Farms was the “user” of the TikTok Software allegedly installed on its website and therefore consented to the use of a pen register or trap & trace device. This argument would mean that no website visitor could ever bring a viable claim under the California Invasion of Privacy Act (CIPA) because every website operator necessarily consents to the use of the software on their own site. In other words, the CIPA “could never be violated.”

Again, the court found that it would be absurd to accept an interpretation of the CIPA which would mean every website operator could escape liability even when website user privacy is invaded.

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If you are a California resident who visited a company’s website, it’s possible that your data was shared with third parties like TikTok. The California consumer protection attorneys at Tauler Smith LLP represent plaintiffs in consumer privacy claims, and we can help you. Call 310-590-3927 or email us to schedule a free consultation.