Most businesses use tracking technologies on their websites, like Meta Pixel, Google Analytics, or LinkedIn Insight. These plugins help analyze visitor activity and facilitate advertising on social media sites and Internet browsers. However, businesses that use them are getting sued by California lawyers under an obscure law, the California Invasion of Privacy Act or CIPA.
CIPA is a wiretap statute intended to prevent interception of electronic communications, and requires consent for such interception. California lawyers are arguing that tracking technologies violate CIPA by intercepting electronic communications between a website and its visitors, such as clicks, page views, and keystrokes, and transmitting that data to the tracking technology provider. Even if the website operator cannot identify its visitors, the tracking provider can do so using data from a cookie that it previously had placed on the devices of your website visitors.
California lawyers are not suing the tracking technology providers, like Meta, Google and LinkedIn. Doing so would pick a fight with an enormous adversary, involve expensive litigation for them, and potentially result in a court ruling determining that CIPA does not apply. If that were to occur, it might put an end to this litany of lawsuits.
Instead, these lawyers find a California resident who has visited the website of a small or medium sized business, and assert a class-action claim against the business for aiding and abetting CIPA violations by the tracking technology providers. When doing so, they seek statutory damages of $5,000 per website visit by the name-plaintiff California resident, resulting in settlement demands in from $50,00 to $200,000, and ultimate settlements of 10-25% of the initial demand. For small to mid-sized businesses, settling a claim is far cheaper than litigating it, which was the outcome desired by the California lawyers asserting the claim in the first place.
What can businesses do to avoid being targeted?
- Audit the website to determine if tracking technologies are being used.
- Update the privacy policy to state that the website uses tracking technologies that forward information about visitors to third parties, such as Meta, Google or LinkedIn, and that those application providers will use that information to advertise to those individuals.
- Reset the cookie banner to require all website visitors the next time they visit the site to reject all, accept all, or select which cookies they permit on your site. Require website visitors when making the cookie selection to consent to the new version of the privacy policy discussed above, and log that consent for potential future use.
- Do not transmit information to tracking technology providers unless and until a website visitor has consented to such transfers via the cookie banner and new privacy policy.
- Honor privacy rights requests of website visitors, including their cookie selections and their right to limit how the business uses their personal information.
California lawyers are ruthless, targeting unaware and unprepared businesses with CIPA class-action claims designed to leverage moderate settlements to avoid expensive litigation. Take action now to ensure that your business does not become their next victim.