A Pennsylvania federal court recently granted a retailer's motion to dismiss claims that its use of "spy pixels" in its commercial e-mail constitutes illegal wiretapping. In Hartley v. Urban Outfitters, Inc., No. 2:23-cv-04891 (E.D. Pa. Jul. 17, 2024), Plaintiff alleged that Defendant employed "spy pixels," which, among other things, allegedly recorded where and when consumers opened and read Defendant's promotional e-mails. In response to Plaintiff's Complaint, Defendant filed a motion to dismiss alleging that Plaintiff lacked standing and failed to state a claim. The Court granted Defendant's motion to dismiss. We discuss this e-mail wiretapping decision in detail below.
Hartley v. Urban Outfitters, Inc.
Plaintiff Tomi Hartley, an Arizona State resident, filed a putative class action against defendant Urban Outfitters, Inc., in the United States District Court for the Eastern District of Pennsylvania alleging that Defendant violated the Arizona Telephone, Utility and Communication Service Records Act. In her Complaint, Plaintiff alleged that Defendant, without her consent, used "spy pixels" in its promotional e-mail to " wiretap" or collect her information. Generally speaking, the pixels at issue are code embedded in e-mail messages that collect certain information, including, among other things: (1) email open rates; (2) information about consumer operating systems; (3) user IP addresses; and (4) the location where the e-mail was opened. Here, Plaintiff alleged that Defendant employed such pixels to collect consumer data, including: (1) whether, when, where, and for how long an e-mail was opened; (2) consumer e-mail path data; (3) consumer e-mail viewing platforms; and (4) consumer operating systems. Notably, Plaintiff subscribed to Defendant's e-mail list, received Defendant's commercial e-mail for at least two years, and frequently opened these e-mails. In response to Plaintiff's allegations, Defendant moved to dismiss and alleged that Plaintiff: (1) lacked standing because she failed to allege a concrete injury; and (2) failed to state a claim.
In granting Defendant's motion to dismiss for lack of standing, the Court thoroughly analyzed the type of information Defendant collected through use of its pixel tracking and whether such information gave rise to a concrete injury. Collection of certain limited information, such as Plaintiff's name and e-mail address did not, the Court concluded, harm Plaintiff because she provided this information when she signed up to receive Defendant's promotional e-mails. Additionally, the Court determined that information such as device type, operating system, and e-mail viewing platform did not constitute information which gave rise to a reasonable expectation of privacy. However, in the Court's opinion, individualized data, such as whether, when, where, and for how long Plaintiff read Defendant's e-mails required a more challenging analysis. Although the Court was unable to find a case on point, it cited to In re BPS, 2023 WL 8458245 (W.D. Pa. 2023) ("BPS"). In BPS, a case from the Western District of Pennsylvania, the court evaluated the use of " session replay" technology, code which collects data about a website user's mouse clicks and movements, keystrokes, and the pages and content viewed. The court in BPS held that plaintiffs failed to allege that the type of information captured by "session replay" code constituted "private communications or personal information" such that it would amount to unauthorized wiretapping. The Court analogized the data collected here to the data at issue in BPS, and determined that data reflecting the dates and times at which Plaintiff opened Defendant's e-mails, and the length of time she spent reading them, do not rise to the level of a concrete injury such that it confers standing.
Are E-Mail Wiretap Lawsuits the Next Frontier For the Plaintiffs' Bar?
The use of certain technology (including pixel tracking and "session replay" software) to collect consumer preference and behavioral data continues to dominate the litigation landscape. Although this Court correctly dismissed the case against Urban Outfitters, courts continue to grapple with the application of state laws to this rapidly-evolving technological landscape. Given such uncertainty, businesses should anticipate that consumer tracking lawsuits will continue to be filed. As such, it is imperative that businesses re-evaluate: (1) their data collection practices; (2) the type of data they collect; and (3) how consent to use that data is obtained from consumers.
The attorneys at Klein Moynihan Turco have decades of experience with: (1) keeping clients compliant with federal and state consumer privacy laws; and (2) defending against novel privacy and deceptive marketing lawsuits.
If you need assistance with defending a lawsuit or updating your privacy practices and procedures, please email us at info@kleinmoynihan.com or call us at (212) 246-0900.
Similar Blog Posts:
California Court Holds That Website Recording Is NOT Wiretapping
Does The Use Of Chatbots Constitute Wiretapping?
Help! I Was Served With A CIPA Lawsuit
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.