As an e-commerce business owner, you probably don’t spend a great deal of time thinking about wiretapping laws while operating your business. However, a recent wave of lawsuits in California have opened the door to expose online businesses to liability for recording live chat functionality with their customers. It remains to be seen whether these lawsuits will establish a viable cause of action, but they are certain to cause a headache. So what is happening, and how can you prevent your business from becoming targeted by these lawsuits?
While there are federal wiretapping laws primarily aimed at the recording of conversations and phone calls, states have also enacted their own wiretapping laws. State wiretapping and eavesdropping laws vary by state, with some states having a “one party consent” law and others having an “all party consent” law that requires all parties to consent to recording a conversation barring certain exceptions.
In California, the state wiretapping law is the California Invasion of Privacy Act (“CIPA”), which is an all party consent statute was enacted in 1967, far before e-commerce websites were even contemplated. CIPA makes it unlawful for any person to “willfully and without the consent of all parties to the communication, or in any unauthorized manner, read, or attempt to read, or to learn the contents or meaning of any message, reports, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state.” CIPA also provides for statutory damages of $5,000 per violation, which also negates the plaintiff’s need to prove actual damages as a result of a successful wiretapping claim.
While one would not expect CIPA to apply to websites on its surface, plaintiff firms in California have recently begun targeting websites that allow communications with their users. These firms have directed class action lawsuits at websites that use “session replay” software to record and visually play back users’ sessions on the website. While courts have mostly held that a website operator is not liable for wiretapping under CIPA because they are a party to the conversation, one court in California carved out an exception where a session replay service provider has simultaneous and real time access to the user’s communications without prior consent. In such a case, the California court held that the party exemption is no longer available to the website operator because there remained a viable theory that the website operator aided and abetted the direct violation of the software provider.
With that small carveout under CIPA, plaintiffs have begun to file class action lawsuits in California against customer facing websites that offer live chat functionality. In an attempt to avoid the party exemption, the plaintiffs have argued that website operators are aiding and abetting direct violations of the live chat vendor where the vendor has simultaneous and real time access to the live chat communications without the customer’s knowledge or consent. While it remains to be seen whether these claims will actually result in any liability to the websites, the intent behind these cases is that website operators will offer money to settle the case as opposed to spending a far greater amount defending the case.
So if you’re operating an e-commerce business with live chat functionality, what do you do to protect yourself from these class action lawsuits? First, you should learn about the live chat features on your website and determine whether the live chat service provider has simultaneous and real time access to your customers’ communications. Second, you should ensure that customers are disclosed of the live chat’s ability to record communications in a clear and conspicuous manner. A strong form of disclosure would include clear language in the website’s terms and conditions and an additional notice when a customer attempts to use the live chat feature.
While this recent trend is clearly a predatory litigation tactic that is vulnerable to many common sense defenses, plaintiff attorneys threatening these actions are gambling that smaller e-commerce operators will opt to pay a settlement instead of paying to present those defenses. Therefore, the current best practices to avoid their unwanted attention is to understand the role of your live chat solution’s access to customer communications and display clear disclosures that live chat logs may be monitored by the third-party service providing the live chat feature.