A website chatbot can lead to a wire-tapping lawsuit in California

A US District Court has ruled that a lawsuit filed against Old Navy, a San Francisco-based clothing retailer, can proceed after a customer accused the company of violating California’s Invasion of Privacy Act (CIPA) through the use of a chatbot feature on its e-commerce site. In August 2022, Miguel Licea filed a lawsuit alleging that the company “eavesdropped” on his private conversations without his knowledge or consent.

Old Navy sought to have the case dismissed entirely, but Judge Sunshine Sykes of the U.S. District Court for the Central District of California has allowed Licea’s CIPA Section 632.7 claim against the retailer to move ahead. This section imposes liability on anyone who “without the consent of all parties to a communication, intercepts or receives and intentionally records … a communication transmitted between two … telephones.” Old Navy argued that Licea “cannot allege that both parties were using a qualifying telephone device to conduct the customer chats,” but Judge Sykes ruled that smartphones are included in the definition of cellular phones and thus fall under the scope of Section 632.7.

However, the court dismissed Licea’s Section 631(a) claim, which prohibits “intentional wiretapping,” including in the context of internet communications. Judge Sykes stated that Licea had sufficiently pled facts to allege that his communications with Old Navy’s chatbot “were intercepted in transit” without his knowledge and without his consent. The court determined that Old Navy “uses a third-party service to ‘covertly embed code into its chat feature that automatically records and creates transcripts of all such private conversations,’ and ‘allows at least one third party … to secretly intercept in real time, eavesdrop upon, and retain transcripts of [the Old Navy] chat communications with unsuspecting website visitors.'”

Old Navy argued that it did not “intercept” the communications in transit as required by Section 631(a), and more than that, the communications were not “intercepted” because “the third parties [that] access the messages [do so] after they are electronically stored rather than while they are in transmission.” However, the court dismissed the Section 631(a) direct liability claim on the basis that CIPA exempts from liability any individual or entity who is a “party” to the “communication.” Since Old Navy “was a party to the customer chats at issue in [the] complaint,” Licea’s claim that it is directly liable for wiretapping fails, according to the court.

This case highlights the importance of businesses understanding the legal implications of using chatbots and similar technology in a business context. While technology can be a powerful tool for improving customer engagement and support, businesses must tread carefully and deliberatively when introducing new technologies that interact with consumers to ensure that they remain in compliance with applicable privacy laws and regulations. Few of these laws will have been written with these new technologies in mind, and a failure to comply can lead to lawsuits and reputational damage.

Read the full article: Court Refuses to Toss Out Chatbot-Centric Wiretapping Lawsuit Against Old Navy

Contact your attorney or The Karlin Lawfirm for questions regarding the use of chat boxes and what you can do to protect your business in this litigious landscape.

A website chatbot can lead to a wire-tapping lawsuit in California

A US District Court has ruled that a lawsuit filed against Old Navy, a San Francisco-based clothing retailer, can proceed after a customer accused the company of violating California’s Invasion of Privacy Act (CIPA) through the use of a chatbot feature on its e-commerce site. In August 2022, Miguel Licea filed a lawsuit alleging that the company “eavesdropped” on his private conversations without his knowledge or consent.

Old Navy sought to have the case dismissed entirely, but Judge Sunshine Sykes of the U.S. District Court for the Central District of California has allowed Licea’s CIPA Section 632.7 claim against the retailer to move ahead. This section imposes liability on anyone who “without the consent of all parties to a communication, intercepts or receives and intentionally records … a communication transmitted between two … telephones.” Old Navy argued that Licea “cannot allege that both parties were using a qualifying telephone device to conduct the customer chats,” but Judge Sykes ruled that smartphones are included in the definition of cellular phones and thus fall under the scope of Section 632.7.

However, the court dismissed Licea’s Section 631(a) claim, which prohibits “intentional wiretapping,” including in the context of internet communications. Judge Sykes stated that Licea had sufficiently pled facts to allege that his communications with Old Navy’s chatbot “were intercepted in transit” without his knowledge and without his consent. The court determined that Old Navy “uses a third-party service to ‘covertly embed code into its chat feature that automatically records and creates transcripts of all such private conversations,’ and ‘allows at least one third party … to secretly intercept in real time, eavesdrop upon, and retain transcripts of [the Old Navy] chat communications with unsuspecting website visitors.'”

Old Navy argued that it did not “intercept” the communications in transit as required by Section 631(a), and more than that, the communications were not “intercepted” because “the third parties [that] access the messages [do so] after they are electronically stored rather than while they are in transmission.” However, the court dismissed the Section 631(a) direct liability claim on the basis that CIPA exempts from liability any individual or entity who is a “party” to the “communication.” Since Old Navy “was a party to the customer chats at issue in [the] complaint,” Licea’s claim that it is directly liable for wiretapping fails, according to the court.

This case highlights the importance of businesses understanding the legal implications of using chatbots and similar technology in a business context. While technology can be a powerful tool for improving customer engagement and support, businesses must tread carefully and deliberatively when introducing new technologies that interact with consumers to ensure that they remain in compliance with applicable privacy laws and regulations. Few of these laws will have been written with these new technologies in mind, and a failure to comply can lead to lawsuits and reputational damage.

Read the full article: Court Refuses to Toss Out Chatbot-Centric Wiretapping Lawsuit Against Old Navy

Contact your attorney or The Karlin Lawfirm for questions regarding the use of chat boxes and what you can do to protect your business in this litigious landscape.

Stop California AB 950: The Bill That Threatens Small Business Websites

As businesses move more and more of their operations online, website accessibility has become a critical issue for many. While the intention behind Assembly Bill 950 (AB 950) in California is to improve website accessibility, the bill could have severe consequences for small businesses with customers in the state. It doesn’t just affect businesses IN the state, but businesses that do business with residents of the state.

AB 950 seeks to place the responsibility for website accessibility on small businesses and developers, which could result in costly lawsuits that could put small businesses at risk. Many small businesses rely on their websites to generate income, so a costly lawsuit could be catastrophic. Additionally, the bill does not provide any relief from abusive or frivolous claims of inaccessibility under the Unruh Act, which has statutory fines of $4000 per infraction.

The bill is also vague in its requirements, leaving small businesses unsure of what they need to do to comply with the law. The bill solely relies on the Web Content Accessibility Guidelines (WCAG 2.1 AA) as a legal standard for website accessibility, which was never created to be a legal standard. As a result, businesses could be fined for technical glitches that are not intentional and may not be feasible to fix.

For example, one of the criteria to pass WCAG 2.1 AA is the requirement of Audio Descriptions on all videos. The vast majority of video content does not contain a separate track for audio descriptions, which can be costly to create. This would result in websites having to remove all video content for fear of a lawsuit.

AB 950 could also have significant economic consequences and a chilling effect on the tech sector of California. The bill could increase the cost of creating, maintaining, and insuring a website, which would harm entrepreneurs, especially those who are minorities, people of color, the disabled, the elderly, and those who are just starting out. Furthermore, if this bill passes, there may be an organized effort to GEO block California by many out-of-state businesses, and many California-based businesses will opt to use third-party platforms to sell their goods and services instead of hosting their own websites.

In its current form, AB 950 is an ill-conceived bill that could have unintended and harmful consequences for small businesses. However, there is hope. California residents can contact their local representatives, including San Diego Assemblyman Brian Maienschein, and ask them to vote no on AB 950. Non-California residents can also help spread the word and share the petition on Change.org.

It’s essential to improve website accessibility for all, but it’s crucial to do so in a way that is fair and reasonable to all parties involved. The current version of AB 950 does not accomplish this goal, and instead, it could put small businesses at risk. Let’s work together to find effective solutions that improve web accessibility without harming small businesses.

What can you do?

Visit our Stop AB 950 Action Page to take steps to stop the bill and spread the word.