If you have ever telephoned a customer support hotline to be greeted with an explanation that “this call may be monitored for quality assurance,” you are familiar with the implications of various state laws governing the recording of telephone conversations. Most states have cold-war era wiretapping laws, with some states providing for two-party consent, meaning the recording party must announce to the other party it plans to record the call. Thus, the industry standard practice is to announce the call shall be recorded to avoid civil liability from such wiretapping statutes that provide private rights of action.

But how do these decades-old wiretapping laws apply to new methods of communication, specifically internet communications where instead of providing a traditional customer support representative, the retailer employs an online chat service? The Plaintiffs’ bar appears to have the answer: mass liability, whereby each and every entity that makes use of helpful and convenient online chat services that save inordinate amounts of time and resources otherwise spent listening repeatedly to “Opus Number 1” awaiting the next available telephonic agent. Plaintiffs, and particularly the serial-filing plaintiffs, have been seizing wiretapping statutes designed to deter the recording of spoken conversations over telephones to text-based communications over the Internet in online chat services.

This blog addresses the history of the California Invasion of Privacy Act (“CIPA”), serial-filing Plaintiffs, recent civil litigation trends applying CIPA to businesses using online chat features, and the industry responses to this practice.

CIPA’s Legislative History to Deter “Snoopers” and Not Customer Service

CIPA is a Cold-War era wiretapping statutes enacted to prevent industrial espionage. Internet communication did not exist in 1967 when CIPA was passed, though retailers did communicate with their consumers through written correspondence through letters and photocopies. CIPA never contemplated criminalizing these interactions between retailers and consumers. Instead, CIPA’s purpose was to “severely restrict the private ‘snooper’ from invading the privacy of our citizens.” Further, the Bill’s sponsor in the California Legislature expressly stated CIPA targeted only clandestine overhearing, recording, and eavesdropping on an individual’s private confidential communications, and it would be perfectly legal for entities to monitor business calls to facilitate proper service of customers by employees. This is reflected in the statute itself, prohibiting eavesdropping upon confidential communications. “Eavesdropping” means to listen secretly to what is said in private.” Further, a party cannot eavesdrop on its own conversation, as only a third party can listen secretly to a private conversation.”

Thus, there was no legislative contemplation of Internet communications and a clear intent against criminalizing ordinary business interactions with its consumers. Case law has overwhelmingly followed this trajectory.

Case Law Governing California Penal Code 631(a)

CIPA claimants use Penal Code 631(a) as a basis for liability, and case law has established three statutory “clauses” to state a claim with a “fourth clause” for aiding and abetting with a violation of the three primary clauses.

The statute creates liability under three “clauses,” (1) intentionally wiretapping; (2) willfully attempting to learn the contents or meaning of a communication in transit over a wire; (3) attempting to use or communicate information obtained as a result of the previous two. Liability extends to those who aid another with a violation of these clauses.

  • Courts consistently interpret the first clause as applying to communications over the telephone and not through the internet.
  • The second clause requires messages to be “intercepted” while in transit.
  • CIPA provides a “Party Exemption” from liability for a person that was a “party” to the communication, as a party to the communication cannot record their own conversation under 631(a).
  • Penal Code Section 637.2 provides a private right of action and statutory damages of $5,000 per penalty, including three times the amount of actual damages.

With case law well established, what changed to open the floodgates of CIPA litigation that now threatens all businesses with online chat services?

The Inadvertent Culprit: an Unpublished Ninth Circuit Opinion Regarding Retroactive Consent

In May 2022, the Ninth Circuit issued an unpublished ruling in a CIPA class action case that the district court dismissed pursuant to a 12(b)(6) motion. The district court concluded that although Plaintiff alleged he was his online interactions were recorded, a subsequent clickable link requiring agreement to the defendant’s Privacy Policy that in turn constituted to consent to the recording. The Ninth Circuit reversed, holding that retroactive consent could not provide a defense to a Penal Code 631(a) claim. As such, consent was the only issue addressed in reversing the dismissal.

However, the opinion made a fleeting comment that Section 631(a) applies to Internet communications. Despite this one-sentence conclusion with no subsequent analysis in an unpublished opinion that strictly instructs against its use as a citation, Plaintiffs have interpreted this dicta as a license to file a CIPA suit against any entity that employs an online chat function, with one district court noting in ruling on a motion to dismiss a CIPA claim that the unpublished decision opened the floodgates for these cases, and this was an unfortunate and unintended consequence of a brief, narrow ruling limited to the issue of prior consent.

Boilerplate Pleadings That Would Disappoint Your Civil Procedure Professor

In response to the dicta in this case, serial-filers employ carbon-copy pleadings (sometimes brazenly titled “Pleading Template” when filed in Court) with boilerplate allegations of a violation of Penal Code 631(a) following the Plaintiff’s alleged use of a defendant retailer’s online chat service. Cases are filed either as individual actions or class actions.

The Plaintiffs attempt to circumvent Penal Code 631(a) Clause One’s inapplicability to internet communications by alleging Plaintiff used a smartphone with internet connection to access the online chat feature. Plaintiffs attempt to allege “interception” as required by Clause Two by claiming the business automatically records chatlogs. Plaintiffs avoid the “Party Exemption” by pleading that the recorded chatlogs are contemporaneously shared with third parties or service providers, such as Salesforce. Further, Plaintiffs often allege a cause of action under Penal Code 632.7, which imposes liability for intercepting or recording communications from telephones. Plaintiffs claim they accessed the retailer’s online chat function through a Smart Phone with an Internet connection, thus falling within the scope of Penal Code 632.7.

Remarkably, many of these boilerplate complaints neglect to allege fundamental requirements, such as facts supporting personal jurisdiction over a defendant retailer who is not “at home” in California, or threshold information such as the case number that would take moments to complete. Defendants have challenged these actions in court, and these boilerplate pleadings have not been well-received.

Court Responses to CIPA Claims Premised on Online Conduct

Several California district court opinions have granted motions to dismiss Penal Code 631(a) claims. Some courts issue strong criticisms of the boilerplate pleadings and serial filings. Although the general trend is to grant dismissal, courts provide leave to amend. Plaintiffs have been adapting to survive dispositive motions on the pleadings by alleging new theories of liability, such as allegations of session-recording or keystroke logging by browsing the website, pivoting from their claims of online chat recording. Alternatively, some Plaintiffs are using CIPA in addition to pleading a cause of action under the federal wiretapping statute.

What’s Next on the Horizon?

With new theories alleged on the amendment, some defendants have renewed their motions to dismiss, scheduling hearings in Summer and Fall of 2023, whereas others are settling. Some defendants may include disclosures indicating consumers accept that online chat functions are “recorded,” thereby establishing consent, though this defies common sense because everyone understands that text-based communications are always “recorded” on the recipient’s device.

We should begin to see more rulings on motions to dismiss in the near future. Until then, while Courts have typically been dismissing CIPA claims premised on online chat, with leave to amend granted, we cannot conclude at this point that these claims are exhausted. Retailers and Plaintiffs’ counsels should be mindful of recent updates in this developing area of law.