As we have blogged about in the past, federal district courts have seen a tidal wave of putative class actions by website users claiming violations of the California Invasion of Privacy Act (CIPA), Cal. Penal Code § 630, et seq.  These lawsuits focus on the alleged unlawful use of website tracking technologies, such as cookies, pixels, tags, and beacons, to collect and use personal information of people who visit these websites without their consent. The deluge of lawsuits has prompted courts to scrutinize CIPA claims more rigorously. As a recent example, in Smith v. Yeti Coolers, LLC, the Northern District of California dismissed with prejudice a putative class action challenging Yeti’s use of technology supplied by third-party payment processor, Adyen, to process customer purchases on its website. The lawsuit claimed that Adyen incorporated Yeti customers’ financial information into its fraud-prevention system, which it then marketed to merchants without customers’ consent. The plaintiff brought claims for violations of CIPA § 631 (anti-wiretapping) and § 632 (anti-eavesdropping) and for invasion of privacy under California’s Constitution. The court initially dismissed the complaint without prejudice because it did not “‘sufficiently allege [Yeti’s] knowledge of Adyen’s allegedly wrongful conduct or Defendant’s intent to assist Adyen in that conduct.’” The plaintiff’s Second Amended Complaint (SAC) fared no better. First, the court...

In Valenzuela v. The Kroger Co., the District Court for the Central District of California granted, for the third and last time, defendant’s motion to dismiss a class action lawsuit claiming that The Kroger Co. violated  section 631(a) of the California Invasion of Privacy Act (CIPA) by allowing third-party software (provided by Emplifi) to be embedded on its website to record consumers’ communications with the website’s chat function. The only issue before the court was whether the amended complaint plausibly alleged liability under prong four of CIPA 631(a)—“that Kroger aided and abetted Emplifi’s eavesdropping on Kroger’s website users’ chats.” In its previous ruling, the court held that merely using embedded software to archive communications, like with a tape recorder, would not give rise to a statutory violation.  Instead, to state a claim under prong four of CIPA 631(a) there must be plausible allegations explaining how Kroger knew that Emplifi engaged in conduct constituting a breach of duty, e.g. by sharing users’ data with third parties, or how Kroger itself engaged in conduct that constituted a breach of duty. Because prong four of CIPA 631(a) does not contain an explicit scienter requirement, the court applied California common law of aiding and abetting, under which aiding and abetting liability for an intentional tort can be imposed only...

In Lee v. Springer Nature America, Inc., Judge Lewis J. Liman in the Southern District of New York held that a longtime subscriber to Scientific American plausibly alleged, on behalf of a putative class, that the website violated the Video Privacy Protection Act of 1988 (VPPA) based on its use of website tracking technology. The plaintiff, a 10-year subscriber, filed a complaint alleging that Scientific American unlawfully installed a code known as “Meta Pixel” on its website. The Meta Pixel supposedly transmitted information to Meta (formerly known as Facebook) about the subscriber’s use of the site (including Facebook ID, URLs accessed, and titles of videos viewed) in exchange for Meta providing advertising capabilities to Scientific American. Scientific American moved to dismiss the complaint on two grounds: first, that the plaintiff lacked standing because he had not suffered an injury, and second, that the plaintiff did not plead the elements required to state a claim under the VPPA. Judge Liman rejected both arguments. Citing the Second Circuit’s recent decision in Salazar v. National Basketball Association, Judge Liman held that the plaintiff’s allegations that he was a subscriber to Scientific American, that Scientific American disclosed to Meta the plaintiff’s personal information (Facebook ID, URLs accessed, and titles of videos viewed), and that Meta used this information without...