2024
Online Wiretapping Claims: A Surging Menace
A flood of lawsuits and arbitration demands continues to drown companies that have installed the Meta pixel on their websites. If you haven’t been on the receiving end of these online wiretapping claims, count yourself lucky.
Either way, be forewarned that the risk of being subject to a wiretapping shakedown extends far beyond the Meta pixel. Any technology on your website that sends information to third parties creates risks. But there are steps you can take to reduce your risk profile, if not eliminate that risk altogether. This blog post is Part 1 of a multi-part series on the scourge of online wiretapping claims, including claims arising under the Video Privacy Protection Act.
Getting Smart About Online Wiretapping Claims
Yes, Virginia, Everyone Is a Wiretapper. Over 80,000,000 commercial websites cause visitors’ web browsers to send “secondary GET requests” directly to third parties for a wide variety of purposes, including analytics. These secondary GET requests play a crucial role in modern web pages, enhancing functionality, design, and user experience.
All of these communications are vulnerable to a claim that they constitute “interceptions” under the laws of California, Pennsylvania, and a number of other states that require two-party consent to avoid liability. Compounding the risk is that some courts have held that these two-party consent laws can apply to every website in the United States if the person browsing the website does so from a state with such a requirement. In short, no one is safe.
Same Old Song and Dance. The lawyers threatening and pursuing these claims tell the same story. Their clients surfed the Web unaware that information about their online browsing activity was being sent to third parties, even though websites, almost universally, depend on numerous communications with third parties for a wide variety of purposes. The latter is true even of the websites of the federal and state courts, as well as every other appendage of federal and state government, and, indeed, the websites of many of the law firms prosecuting these claims. You’d be wise if you didn’t allow yourself to believe that such ironies always make for strong defenses. In fact, they rarely do. Also, there are ethical landmines that face the lawyers asserting these claims, but, in real life and for reasons apart from their seriousness or merit, they tend to fade into irrelevance in the face of real life legal combat. If you want to get a glimpse into ethical issues, you can watch a recent panel discussion I moderated on the subject.
The Three Flavors of Wiretapping Threats
Companies in the crosshairs of can face three different kinds of threats, each one of which presents its own problems:
Class Action Lawsuits. If you haven’t been on the receiving end of a consumer class action lawsuit, many of the bad things you’ve heard are true. The downside risks can be enormous. Wiretapping claims typically provide fixed dollar penalties (usually in excess of $1,000) per violation, without the need for proving any real harm to anyone. And since the class is typically defined as every person visiting your website, and each third-party transmission can arguably constitute a separate violation, it’s not unheard of to see worst case scenarios that can reach into the billions of dollars for larger companies. To illustrate, 31% of websites receive 50,000 unique visitors a month. Without drilling down into the number of pages they visit and the number of transmissions that occur on each page, just one months’ worth of visitors can create the potential for liability in the tens of millions of dollars.
Yes, there are a range of litigation strategies to help improve your odds in court, but they are costly and uncertain, and going through the process of discovery in a class action is a one-sided affair (in case you didn’t guess, mostly on you) which I’ve described as a colonoscopy on steroids with legal and expert costs that would make a hospital blush. For example, you may be required to produce every email, text message, or other communication, internal and external, relating to the services that underlie the lawsuit. I recommend pausing for a moment to consider just that. All of this coupled with the potential of wide publicity about your travails is a recipe for sleepless nights or an early, involuntary retirement.
Individual Arbitration. If you’re fortunate to have an arbitration agreement in your online terms and are able to make it stick (which isn’t always a sure thing in wiretapping cases since you don’t need to be a purchaser to bring a claim), you can avoid a class action, but face the specter of waves and waves of individual arbitration demands.
The assertion of such individual demands is a relatively new phenomenon. Instead of seeking a class action home run, is designed to extract hit-and-run five-figure settlements over and over again from a long and growing list of companies. Since the expense to a company of one arbitration can be north of $5,000 just for the cost of an arbitrator, this approach has been, for some, a lucrative volume business.
Mass Arbitration. The King Kong of wiretapping assaults comes in the form of a nuclear-level threat from the larger plaintiffs’ firms (or a consortium of them). You’ll receive a communication that Firm A has lined up, say, 10,000 claimants and is prepared to move forward with 10,000 simultaneous arbitrations unless you pay a king’s ransom. Along with the demand will often come an oblique or even direct “heads up” that the cost you’ll be footing just for the arbitrator, even if you eventually win, will be north of $50,000,000 for 10,000 claims.
Some recent changes to the rules of the American Arbitration Association and JAMS, two leading arbitration organizations, have ameliorated these risks (and costs) somewhat, but more can (and should) be done in your online terms to provide lines of defense and negotiation leverage.
An Ounce of Prevention?
Stay tuned for Part 2, which will walk through some of the preventive measures you can take to lower your risk profile. In the meantime, if you want to dig a bit deeper into online privacy, and wiretapping claims in particular, we published a white paper on the subject with the sponsorship of NaviStone, a longstanding client of the firm. While I wouldn’t call it a beachside page-turner, you may find it interesting.