The surge in consumer privacy claims alleging that the use of third-party tracking technology on websites violates the California Invasion of Privacy Act (“CIPA”) is a topic with which our readers are very familiar. Now, the plaintiffs’ bar has transitioned to email just as marketers are pivoting from telemarketing back to the relatively safer haven of email marketing. In a recent decision, the Northern District of California dismissed claims against The Gap, Inc. (“The Gap”) in which a consumer alleged that The Gap violated CIPA by sending commercial email containing third-party “spy pixels.”
Commercial Email Tracking Technology Does Not Violate CIPA
In Ramos v. The Gap, Inc., Plaintiff alleged that The Gap violated CIPA by sending commercial email containing third-party software which captured consumer data, including consumer: (1) email addresses; (2) device types; (3) geolocation; (4) IP addresses; and (5) email open data. With this information, Plaintiff alleged that the third-party email tracking company creates a personal profile for each consumer, which allowed The Gap to send consumers personally-tailored email. Plaintiff alleged that the use of this third-party software in The Gap’s email violated CIPA’s wiretapping provisions.
In a thorough and well-reasoned decision, the Court granted The Gap’s Motion to Dismiss, finding that The Gap cannot be held directly liable for illegally wiretapping Plaintiff’s email because the CIPA Complaint did not contain any allegations “to support Plaintiff’s suggestion that Defendant [The Gap] somehow monitors the content of or Plaintiff’s engagement with emails in Plaintiff’s inbox other than those sent by Defendant [The Gap].” The Court then rejected Plaintiff’s argument that the first clause of CIPA’s wiretapping provision extends to Internet communications. By spurning this argument, the Court declined to follow the decision in Kauffman v. Papa John’s Int’l, Inc., a case in which a federal judge in the Southern District of California found that the first clause of CIPA’s wiretapping provision applied to Internet communications. Instead, the Court agreed with The Gap that the first clause only applied to wiretapping communications involving telephones and dismissed Plaintiff’s CIPA email claim.
The Court then addressed the two provisions of CIPA’s wiretapping statute which prohibit the unauthorized access to and use of the “contents” of any communications. To determine whether The Gap’s email violated CIPA, “courts must consider whether the intercepted information is information about a user’s communication, or the communication itself. Only the latter is protected under CIPA.” First, the Court determined that email open rates were not content protected under CIPA. In finding that email open rates are record information rather than content, the Court analogized “email open rates” to read receipts indicating that a consumer received and opened a message. Second, the Court found that Plaintiff failed to allege that the third-party software that The Gap used in its email actually read the contents of The Gap’s email. Again, the Court determined that email open rates and “click rates” were information about the email, not actual email content protected under CIPA. As to Plaintiff’s argument that URLs are email content protected under CIPA, the Court found this argument unavailing and in tension with the other allegations contained in the Complaint. In granting The Gap’s Motion to Dismiss, the Court stated “[e]ven when read in the light most favorable to Plaintiff, as the Court must do at this stage, the complaint simply offers no support for the conclusory statement that the software ‘reads with specificity’ Defendant’s [The Gap’s] emails.” Because the Court found that The Gap was not directly liable under CIPA, and that the information collected was not protected content, the Court concluded that The Gap was not indirectly liable under CIPA’s aiding and abetting provision.
CIPA and Email Marketing
While this decision is certainly a win for businesses that send consumers commercial email, companies must continue to proceed with caution when using third-party tracking technology in connection with commercial email campaigns. Although the Court found that Plaintiff failed to allege that the third-party software captured CIPA-protected content, it granted Plaintiff an opportunity to amend the Complaint, ruling that it was too early in the proceedings to say that Plaintiff cannot state a viable CIPA claim.
If your company uses third-party tracking software (in its email marketing campaigns or on its consumer-facing website), determining whether the tracking software captures CIPA-protected content in compliance with the law requires hiring experienced counsel.
[View source.]
