Over the course of about a week, the CPSC, an agency that rarely litigates, flexed its litigation muscles not once, but twice,  recently filing complaints against Amazon and Thyssenkrupp Access Corp., seeking to force both companies to conduct recalls. Both are administrative complaints.

Fulfilled by Amazon

The CPSC voted 3-1 to file its complaint against

Over the last few months, a wave of consumers have filed putative class action complaints against a long list of consumer-facing website owners/operators and their software providers alleging invasion of privacy rights under statutes focused on wiretapping and eavesdropping.

Our team has represented both website and software defendants in these cases.  However, this post is not intended to reflect on any specific claim, website, or software.  Rather, our goal is to provide an introduction to the general nature of the consumer claims and current landscape of these litigations.

This post summarizes (1) the “session replay” technology at issue in these claims; (2) arguments presented by the Complaints; (3) an overview of common defenses; and (4) where things stand.  With that context, we then provide our list of practical considerations for the use of session replay software.      

What is “Session Replay” Software? 

A significant branch of the Software-as-a-Service (Saas) industry has arisen to support website owners/operators in effectively maintaining and leveraging their consumer-facing websites.  These software products are generally scripts placed in the JavaScript of a given website to capture specific information related to a consumer’s interactions with a given page.  The software can capture consumer’s keystrokes and mouse movements to provide information on everything from broken links or error messages to support IT teams, create heat maps showing website usage, and/or capture consumer information for validating consent to be contacted or agreement to receive products and services.

Despite how these products are often described, the software does not actually record the consumer’s session in the way that a security camera in a brick-and-mortar store would capture a consumer’s movements. Rather it captures the consumer’s interactions with the website at regular intervals and allows those movements and data points to be laid over an existing image of the website so that owners/operators can review a recreation (or dramatization) of an individual consumer’s experience.          
Continue Reading Privacy Litigation Trend: The Latest on Session Replay Lawsuits, and Practical Considerations for Risk Mitigation

California became the first U.S. state with a comprehensive consumer privacy law when the California Consumer Privacy Act (“CCPA”) became operative on January 1, 2020. The CCPA provides for broad privacy rights for residents of California and imposes data protection obligations on companies doing business in California that meet certain criteria.  For further background on

January 1, 2020 was the effective date for the California Consumer Privacy Act (CCPA).  As we reported and summarized in our Q1 2020 CCPA Litigation Round-Up, private litigants wasted no time in filing consumer-related causes of action under the new law.

Here, we provide an update on material developments in that first wave of claims and report on additional private lawsuits commenced in the first half of the year.  We have further categorized the recently-filed cases based on those stemming from a data breach versus not.  In the latter category, the cases are further split based on the underlying alleged violations – last quarter, non-breach based claims related to the disclosures and opt-out mechanisms required by the CCPA as well as the scope of “personal information” covered by the CCPA.

1. Update on Cases Reported in Q1 2020

Continue Reading CCPA Litigation Round-Up: Q2 2020

The California Consumer Privacy Act (CCPA) took effect January 1, 2020.  While the California Attorney General’s enforcement authority is delayed until July 1, private litigants have already started to file direct claims under the CCPA as well as other consumer-related causes of actions predicated on alleged CCPA violations.  Notably, the California Attorney General takes the

The Republican-led FCC’s effort to get out of the business of regulating broadband providers’ consumer practices took a step forward on Monday.  In an appeal that has been proceeding in parallel with the FCC’s “Restoring Internet Freedom” reclassification proceeding, the U.S. Court of Appeals for the Ninth Circuit issued an opinion giving the Federal Trade

On Thursday, February 22, 2018, the Federal Communications Commission (FCC or Commission) published the Restoring Internet Freedom Order (the Order) in the Federal Register.

As we previously discussed, the Order effectively reverses the Commission’s 2015 Open Internet Order, reclassifying broadband Internet access service as a lightly regulated Title I “information service” and eliminating

On May 9, 2017, the U.S. Court of Appeals for the Ninth Circuit issued an order granting a Federal Trade Commission (FTC) request for rehearing en banc of the court’s earlier decision to dismiss an FTC case against AT&T Mobility over allegedly “unfair and deceptive” throttling practices in connection with wireless data services provided to

If you offer a mobile application that allows consumers to watch videos of any kind, and if you share that video-viewing information with an analytics firm, take careful note:  On April 29, in Yershov v. Gannett Satellite Information Network, Inc., No 15-1719, a panel of the First Circuit Court of Appeals that included retired