If there is any statute in America that is potentially set to overrun the TCPA for the title of “most dangerous business killer out there–it is probably the California Invasion of Privacy Act.
Long troubling businesses that record telephone calls, the CIPA provides a private right of action allowing up to $5,000.00 per violation when a call is recorded without consent.
More recently, however, a different section of CIPA has found fame–California’s anti-wiretapping provision (Cal. Penal Code Section 631(a)). That section offers a mere $2,500.00 per violation.
While it may seem odd that a statute from the 70s banning wiretapping–of all things–would have any impact in the modern world, it certainly does owing to a handful of recent rulings from federal courts in California. At a high level, these cases recognize that interactions taking place over the internet are communications of the sort that are subject to wiretapping protections. Yet many businesses record the goings ons on their websites in a manner that transcends typical data collection tactics a consumer might expect.
The recent example of Javier has been covered widely–although most thoroughly by TCPAWorld.com. There it was held that a company cannot deploy web session replay technology–product like Active Propsect’s TrustedForm–without first obtaining consent from a consumer to do so. (The fact that a consumer provided consent after recording began was of no consequence.)
For reasons I articulated in a blog a couple weeks after Javier, the application of the wiretap statute to web session replay technology doesn’t actually make much sense. And that is especially true in the context of consumer-friendly technology like Trusted Form. A fact even Jay Edelson had a tough time disputing:
Perhaps in response to the Czar’s analysis, the Plaintiff’s bar seems to be shifting tactics in recent CIPA filings (which the Troutman Firm monitors daily.) Instead of focusing continuously on web session recordings there is a noticeable shift toward claims that chat box communications are being wiretapped–monitored or recorded by third-parties, in real time, without consent.
The shift to a focus on chat box communications is interesting because such exchanges are more consistent with the sort of telephone conversation one equates with wiretapping. It is also more likely that such communications are being “interpreted” in real time as the statute prohibits.
As a reminder, the statute bans, without the consent of all parties to the communication, any attempt “to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable…” Internet communications have already been phone to constitute communication over a “cable” so third-party review of chat box communications may be a rounder peg than the web session replay cases to date.
And if this catches hold, it may mean that your business is facing a penalty of up to $2,500.00 per visitor if it is allowing third-parties to monitor or track chat box communications–even for perfectly valid purposes.
Concerned your business may not be properly tracking data or complying with CIPA’s complex–and shifting provisions? Feel free to reach out to the Czar for a free consultation. And as always if you’re facing a CIPA suit–whether web session replay, chat box, or otherwise–be sure to chat with your California-based Czar and the great team of complex privacy litigators here at Troutman Firm.
As always, we’ll keep an eye on these trends.