Data collection on corporate websites is a litigation risk

Businesses continue to be subjected to a steady stream of consumer class action lawsuits alleging improper collection or disclosure of information from their websites. A variety of laws and legal claims are used to support the suits. Some lawsuits assert violation of laws that are not particularly cutting edge, such as the Video Privacy Protection Act, or cite to non-disclosed use of more modern technology such as tracking pixels. In many of the lawsuits, both types of claims are asserted.  

A noteworthy example is a recent putative class action filed against MLB Advanced Media, a digital media arm of Major League Baseball. The suit, filed by several subscribers to the MLB.com website, alleges that MLB Advanced Media violated the VPPA by disclosing, without authorization, website visitors’ personally identifiable information in relation to videos viewed on the website.  The plaintiffs allege that the VPPA violations occurred due to use of Meta Pixel on the site. Through the use of Meta Pixel, the suit alleges, the website visitors’ information, including their Facebook IDs, was shared in violation of the VPPA. Other high-profile corporations have been targeted using this theory of liability to assert VPPA violations.

Another example is the current trend of lawsuits alleging illegal use of pen register or trap devices under the California Invasion of Privacy Act.  In essence, these suits claim that use of one or more modern third-party website analytics, session replay, chatbot, or similar tools violate older provisions in the CIPA aimed at wiretapping or eavesdropping, even though those provisions predate the technologies at issue. 

The immaturity of controlling case law in this area can create significant litigation risks for companies. Although it previously may have been viewed only as a “compliance” issue, the volume of class litigation means that companies should carefully review and assess their websites’ data collection, sharing, tools, functions, and data streams. 

The Constangy Cyber Team regularly counsels businesses of all sizes and industries on how to comply with the growing number of data privacy laws and regulations. If you would like additional information on how to prepare your organization, please contact us at cyber@constangy.com.

  • John  Babione
    Partner

    John is a member of the Constangy Cyber Team. He provides compliance advisory services to clients by proactively navigating the legal landscape of data privacy and security. John advises clients on a wide range of state, federal, and ...

  • Xuan  Zhou
    Attorney

    Xuan is a member of the Constangy Cyber Team and is affiliated with our San Diego, California office. Xuan has several years of litigation experience and works with our cyber litigation team to defend clients in class actions arising ...

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Subscribe

* indicates required
Back to Page