Are we about to have another summer of session replay software litigation? A unpublished ruling out yesterday from the Ninth Circuit Court of Appeals suggests so, at least insofar as claims under California law is concerned.
A short refresher: session replay software captures certain aspects of a user’s interactions on web applications (mouse movements, clicks, typing, etc.) along with underlying contextual user data to help website operators enhance users’ experiences. Accordingly, session replay software allows a website operator to recreate (or “replay”) a visitor’s journey on a web site or within a mobile application or web application. Rather than focusing on user activity after leaving a particular website, session replay software concerns how a user interacts with a specific website.
In 2021, plaintiffs lawyers filed dozens of putative class action litigations alleging that a website operator’s use of session replay software violates certain state wiretap acts—including those of California and Florida. This is because a minority of states have all-party consent wiretap laws (requiring all parties to a conversation or interaction to consent to a recording). Plaintiffs in these cases have alleged that because they did not affirmatively consent to the defendant’s use of the session replay software, the website operator has violated the applicable state’s wiretap law.
Although the district court had twice granted defendant’s motion to dismiss, yesterday the Ninth Circuit Court of Appeals reversed finding that plaintiff had sufficiently stated a claim under the California Invasion of Privacy Act (“CIPA”). Javier v. Assur. IQ, LLC, 2022 U.S. App. LEXIS 14951 (9th Cir. May 31, 2021). As an initial matter, the Ninth Circuit held that “[t]hough written in terms of wiretapping, Section 631(a) applies to Internet communications.” This was because the statute broadly imposes liability on anyone who “reads, or attempts to read, or to learn the contents” of a communication “without the consent of all parties to the communication.” (quoting Cal. Penal Code § 631(a)) (emphasis supplied).
The Court was left with the question of how the California Supreme Court “would interpret Section 631(a) to require prior consent.” Based on other rulings concerning the scope and application of CIPA, the Ninth Circuit held in this case that “the California Supreme Court would interpret Section 631(a) to require the “prior consent of all parties to a communication.” This was based on the Court’s examination of relevant precedent as well as the California Supreme Court’s prior directive that “all CIPA provisions are to be interpreted in light of the broad privacy-protecting statutory purposes of CIPA.”
For more on this, and whether this ruling leads to a resurgence of session replay software claims (at least in California state and federal court), stay tuned. CPW will be there to keep you in the loop.