Wiretap class actions: Third Circuit reinstates class claims asserted under Pennsylvania’s broad wiretap act

James Bogan III
Kilpatrick
Contact
LinkedIn
Facebook
X
Send
Embed

Kilpatrick

Takeaway: State wiretap acts have been around for a long time, and they can provide greater protection to victims of intercepted communications than the Federal Wiretap Act, 18 U.S.C. § 2510. These statutes generally predate the Internet and were not passed with the objective of regulating commercial entities’ use of electronic “cookies” or third-party marketing firms to collect and analyze customer data. But a recent decision by the Third Circuit, Popa v. Harriet Carter Gifts, Inc., --- F.4th ----, No. 21-2203, 2022 WL 3366425 (3d Cir. Aug. 16, 2022), shows how these state statutes can be used to target the electronic “interceptions” that facilitate web-based analytics.

Looking to buy a pet product, Ashley Popa viewed the website of Harriet Carter Gifts using her iPhone. She provided her email address in response to a prompt, and then proceeded to browse the website. Although she added a product to her check out cart, she exited the website without buying anything.

But as she clicked links and navigated through the site, she communicated with two separate entities: Harriet Carter (the entity she intended to communicate with), and NaviStone, a third-party marking firm that she did not know about. While her communications with the Harriet Carter site produced the expected viewing results, the messages to NaviStone detailed how she navigated through the website, generating data to identify customers who could be targeted in future promotional ads.

In 2019, Ms. Popa, seeking to represent herself and a putative class, sued Harriet Carter and NaviStone for violations of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (“WESCA”). She alleged that NaviStone violated WESCA by “intercepting” her electronic communications, and that Harriet Carter violated the statute by “procuring” NaviStone’s interception.

The district court granted summary judgment in favor of NaviStone on two grounds: (1) NaviStone did not “intercept” Ms. Popa’s communications, because NaviStone was a direct recipient of those communications; and (2) any such interception took place at NaviStone’s servers in the State of Virginia, beyond WESCA’s territorial reach.

Ms. Popa appealed and the Third Circuit reversed, rejecting both of the grounds articulated by the district court.

Under WESCA, “intercept” means the “[a]ural or other acquisition of the contents of any wire, electronic or oral communication through the use of any electronic, mechanical or other device.” 2022 WL 3366425, at *3 (quoting 18 Pa. C.S. § 5702) (emphasis added). This broad definition, said the panel, “reduces to acquiring certain communications using a device,” meaning a direct recipient could intercept a communication. Rejecting the defendants’ arguments, which were based on older, pre-WESCA amendment decisions in the law enforcement context, the panel concluded that “NaviStone and Harriet Carter cannot avoid liability merely by showing that Popa directly communicated with NaviStone’s servers.”

The panel likewise reversed the district court’s decision that the interception took place in the State of Virginia, when the re-routed communications ultimately made their way to NaviStone’s servers there. According to the panel, the location of the interception was Ms. Popa’s browser: “when the code—the rerouting device at issue—told Popa’s browser to send communications to NaviStone and those electronic signals were routed to NaviStone’s servers, an interception occurred.” Id. at *7. Although the parties assumed that Ms. Popa’s browser was located in Pennsylvania, there was scant record evidence to that effect. Accordingly, the panel remanded the issue to the district court “to determine anew whether there is a genuine issue of material fact about where the interception occurred.” Id.

The panel then examined the issue of consent, given that NaviStone and Harriet Carter both argued that Ms. Popa impliedly consented to NaviStone’s interception based on Harriet Carter’s privacy policy. But the district court “never addressed whether Harriet Carter posted a privacy policy and, if so, whether that policy sufficiently alerted Popa that her communications were being sent to a third-party company.” Id. at *8. The panel directed the district court to address that issue on remand.

Underscoring WESCA’s emphasis on the protection of privacy and its application to anyone who intercepts a communication using a device – unless all parties consent to the interception – the panel summarized its ruling as follows: “As we part with the District Court’s holding that NaviStone is exempt from liability because it was a direct party to Popa’s communications and that interception only occurred at the site of NaviStone’s servers in Virginia, we vacate the Court’s order granting summary judgment and remand for further consideration.” Id.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Kilpatrick | Attorney Advertising

Written by:

Kilpatrick
Kilpatrick
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Kilpatrick on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide