August 18, 2022

Volume XII, Number 230

Advertisement
Advertisement

August 18, 2022

Subscribe to Latest Legal News and Analysis

August 17, 2022

Subscribe to Latest Legal News and Analysis

August 16, 2022

Subscribe to Latest Legal News and Analysis

More California Invasion of Privacy Act Claims Expected Following Ninth Circuit Decision

In an unpublished decision issued May 31 by the US Court of Appeals for the Ninth Circuit, the Court interpreted the California Invasion of Privacy Act, CA Penal Code § 630 et seq. (CIPA), and ruled that the plaintiff had alleged a claim under Section 631(a) of the CIPA, reversing a district court holding that consent under Section 631(a) was valid even if given after the communication between a website and a website user had taken place. Javier v. Assurance IQ, LLC, DC No. 4:20-cv-02860-JSW. This ruling creates an additional compliance obligation for businesses that collect information from California users of the business's website prior to obtaining express prior consent.

The Court's Holding. Under the facts in issue, the Court considered whether a website operator that was gathering consumer insurance leads using a third party software product that recorded California users' interactions with such website required the potential customer's consent before providing any personal information (the flow of the website required the consumer to consent to the use of his/her information after completion of the online insurance questionnaire). The Court's opinion reversing the district court hinged on its interpretation of Section 631(a) of the CIPA, which provides in relevant part as follows:

Any person who, by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection, whether physically, electrically, acoustically, inductively, or otherwise, with any telegraph or telephone wire, line, cable, or instrument, including the wire, line, cable, or instrument of any internal telephonic communication system, or who willfully and without the consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state; or who uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained, or who aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the acts or things mentioned above in this section, is punishable by a fine not exceeding two thousand five hundred dollars ($2,500), or by imprisonment in the county jail not exceeding one year, or by imprisonment pursuant to subdivision (h) of Section 1170, or by both a fine and imprisonment in the county jail or pursuant to subdivision (h) of Section 1170 (emphasis added).

In reaching its decision, the Court held that "the California Supreme Court would interpret Section 631(a) to require the prior consent of all parties to a communication."[i] In so holding, the Court reversed the district court's decision to grant the defendant's motion to dismiss on this claim. Importantly, the Court found that the website in issue was "recording [the plaintiff's] information as he was providing it, . . . [and] therefore alleged sufficient facts to plausibly state a claim that, under Section 631(a), his communications . . . were recorded . . . without his valid express prior consent."

This holding's implications are significant with respect to website operator's collection of customer information in California. Although certain obligations already exist in California law with respect to the collection of consumer information,[ii] this ruling is certain to entice the plaintiffs' bar to allege violations of the CIPA in instances where a website operator does not obtain prior express consent from a website user before collecting information about such user.



ENDNOTES

[i] Emphasis added.

[ii] See, for example, CA Civil Code § 1798.83 and CA Civil Code § 1798.100 et seq.

©2022 Katten Muchin Rosenman LLPNational Law Review, Volume XII, Number 161
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Christina J. Grigorian, Banking legal Specialist, Katten Muchin Law firm
Special Counsel

Christina J. Grigorian counsels clients in all matters related to banks, bank holding companies, and state and foreign-licensed consumer and commercial lenders. Ms. Grigorian provides advice to the firm’s financial institution clients concerning structural and operational issues, including legislative developments impacting such operations, and has worked with companies and individuals in the establishment of de novo entities, including national banks, federal savings banks and state-chartered institutions, as well as state-licensed lenders. She has also counseled clients with respect to...

202-625-3541
Trisha Sircar Privacy, Data and Cybersecurity Attorney Katten Muchin Rosenman New York, NY
Partner

The value of data as an asset has increased substantially in today's global digital economy. In the high-stakes environment of global intellectual property and technology services, businesses, consumers and individuals need protection. With more than a decade of experience in helping to protect a wide range of businesses — including one of the world's largest insurance companies — Privacy, Data and Cybersecurity partner Trisha Sircar provides practical guidance and creative solutions regarding global privacy and data security risks and compliance issues.

Operating at the...

212.940.8532
Advertisement
Advertisement
Advertisement