Using Meta Pixel and similar tracking technologies has led to increased privacy lawsuits, as plaintiffs are invoking wiretapping laws to challenge data collection practices. This trend carries significant implications for website owners, as class-action lawsuits and private arbitration demands underscore the legal risks associated with technologies commonly used on websites. These technologies, which include session replay software and third-party chat features, are prevalent on many organizations’ sites. However, visitors to these websites are now claiming that when these technologies collect browsing data and share it with third parties—such as third-party vendors and social media companies, the organizations that use them are violating various state wiretap laws, particularly in states like Florida, Illinois, Pennsylvania, and most frequently, California.
Which Technologies Have Been Targeted?
Meta Pixel
Recently, one of the most popular topics related to wiretapping cases involves using the Meta Pixel tracking tool. The Meta Pixel is a free piece of code provided by Meta that organizations can implement on their websites to monitor user activity.
Chatbots
Chatbots are programs or software that automatically respond to messages sent via a website’s chat feature, emails, social media messages, or text messages.
Session Replay
Session replay technologies accurately reproduce a visitor’s interactions on a website or app as experienced by the visitor.
What’s the Problem
Meta Pixels have become a prominent target of scrutiny, so let’s use this technology as an example. Users have expressed concerns that their website activities were shared with Meta without their knowledge or consent. As a result, users allege that when organizations implement these Pixels, they violate the California Invasion of Privacy Act (CIPA) and other state privacy and consumer protection laws. In essence, they argue that organizations are acting as instigators or promoters of third-party wiretapping, as seen in the case of Meta.
What to Do to Reduce Risk?
Organizations have various defenses they can use to counter these claims. To reduce risks, website owners should take the following actions:
Assess Your Website Regularly
Regularly evaluate the tools you use on your websites. Are you utilizing Meta Pixels, chatbots, or session replay technology? Determining if the data collected complies with relevant data privacy laws is essential. Conducting these assessments frequently is crucial for identifying potential privacy risks and taking proactive measures to address them. Additionally, consider implementing a review process that includes discussions with your legal counsel before adding new tracking tools to your website.
Update Website Terms of Use and Privacy Policies
When it comes to online policies, I often advise the following: “Do what you say and say what you do.” Transparency is essential to ensure compliance with consumer and privacy laws. Your website’s terms of use and privacy policies should clearly disclose the types of tracking technologies used, the data collected, and how that data is utilized.
Obtain Consent; Provide Opt-Out Options
Depending on the technologies used, consent may need to be collected through banners, pop-up notices, and other methods. For instance, if your website includes chatbots, be sure to include a disclosure at the first prompt of the chat feature.
Additionally, consider giving users options to manage their privacy settings. This could include the ability to opt out of certain types of tracking, adjust cookie preferences, and access a dedicated link for questions and requests related to their privacy settings.
Addressing Dispute Procedures
Most dispute provisions typically include a prohibition against “class action” lawsuits. Historically, this approach has benefited organizations, based on the assumption that they would not face more than a handful of claims. However, there is a new trend emerging with wiretapping claims, where plaintiff attorneys are gathering aggrieved users “en masse” and overwhelming organizations with hundreds, and sometimes thousands, of demands for arbitration.
One significant issue is that organizations usually bear most, if not all, the fees associated with these arbitration proceedings. These costs can escalate quickly. For instance, in a case against TurboTax, a judge estimated that Intuit’s potential arbitration costs might reach at least $128 million—approximately $3,200 for each of the 40,000 clients represented by the law firm involved in mass arbitration.
The key takeaway is that organizations should reconsider their approach to dispute resolution. It would be prudent to include a “mass filing” requirement in their provisions. This would prevent multiple claims from being filed separately, thereby reducing the leverage of plaintiffs in these scenarios.
Review Third Party Agreements
Review your agreements with third-party technology providers to ensure that they have appropriate limitations on their access to and use of any personal information collected on your website.
Train Employees on Tracking Technologies and Data Privacy
Educate your team on the importance of data privacy and their role in safeguarding user information. Provide training on best practices for handling data, responding to user inquiries, and complying with privacy regulations.
Conclusion
Staying informed about evolving legal interpretations and court decisions in this area.
As privacy litigation continues to evolve, organizations must remain vigilant and adapt their practices to protect user privacy while navigating the complex legal landscape surrounding online tracking technologies.
