scrolling, swiping, hovering and typing) and create a recording of those interactions and inputs through session replay software. It also has attacked coding tools that create and store transcripts of conversations with users in a website’s chat feature. Plaintiffs generally allege that recording users’ interactions with a website and sending that recording to a third party for analysis without their consent is an illegal invasion of their privacy. Over the past year, these lawsuits met mixed results. During 2023, federal district courts in California ruled on the initial round of “chatbot” cases filed under the California Invasion of Privacy Act (CIPA) and several responded with skepticism. Courts granted motions to dismiss on various grounds finding, among other things, that the statutory provisions at issue do not apply to communications over the internet, see, e.g., Licea, et al. v. American Eagle Outfitters, Inc. , 2023 WL 2469630, at *5-6 (C.D. Cal. Mar. 7, 2023); a party cannot “eavesdrop” on its own conversation, see id. at *7-8; Licea, et al. v. Cinmar, LLC , 2023 WL 2415592, at *7-8 (C.D. Cal. Mar. 7, 2023); or that allegations that a defendant used the code embedded in a chat program to “harvest valuable data” were too vague and conclusory to state a claim. See , e.g., Cody, et al. v. Boscov’s, Inc. , 2023 WL 2338302, at *2 (C.D. Cal. Mar. 2, 2023). Other courts denied motions to dismiss similar claims. See, e.g., Valenzuela, et al. v. Nationwide Mutual Insurance Co. , 2023 WL 5266033, at *4-10 (C.D. Cal. Aug. 14, 2023); D’Angelo, et al. v. Penny OpCo, LLC, 2023 WL 7006793, at *2-4, *8-9 (S.D. Cal. Oct. 24, 2023). These rulings contribute to a patchwork quilt of decisions in this space. Given the stakes, we do not anticipate that this initial round of decisions will spell the death knell for suits attacking session replay or chatbot suits, many of which remain in the pipeline before various courts. Instead, we anticipate that plaintiffs will respond with additional creativity as they attempt to plead around these potential issues and identify new technologies at which to target their claims. The landscape of privacy litigation remains very much in flux. In the class actions to date, the plaintiffs’ bar primarily has alleged on behalf of employees and/or consumers that companies improperly collected their biometric data for a host of functions, such as to enhance their timekeeping systems, to promote their security, to increase employee productivity, to increase their sales, or to facilitate consumer transactions. The plaintiffs’ bar is also bringing novel BIPA class actions under evolving case theories, including lawsuits alleging surveillance claims, facial geometry scanning, voiceprint claims, and privacy violations for on-line “virtual try-on” claims. If successful in capitalizing on these claims, companies can expect the numbers of lawsuits alleging violations in these areas to increase in 2024.
5
© Duane Morris LLP 2024
Duane Morris Privacy Class Action Review – 2024
Made with FlippingBook - professional solution for displaying marketing and sales documents online