Litigation Minute: Website Analytics or Illegal Wiretapping?

5 April 2023

What You Need to Know in a Minute or Less

For most businesses today, a website is a necessary tool for interacting with customers and marketing products and services. Businesses know the importance of understanding how customers interact with the features of their websites. The type of analytics data that provides this understanding can be crucial for identifying features that work, elements to be changed, and practices to best serve customers. 

Recently, however, an increasing number of plaintiffs have turned to the courts and claimed that session replay software—a certain analytics software used by a variety of businesses—not only invades customers’ privacy rights, but also violates state wiretapping statutes.

In a minute or less, here is what you need to know about this increasingly popular litigation trend.

What Is Session Replay?

Session replay is a type of analytics software that records a visitor’s interaction with a website. This could include visitors’ clicks on a website, website searches and typing, and items added to and removed from carts. 

While the software can record the interactions of individual visitors, its usefulness for website operators lies in its ability to aggregate the interactions of numerous visitors to show trends and patterns. Session replay is generally offered by third-party vendors.

Is There a Problem With Session Replay?

In the eyes of an increasing number of plaintiffs’ attorneys, session replay software is an invasion of privacy. They claim that those visiting a website have a reasonable expectation that no one can “observe” their movement through a website. More recently—particularly in California, Pennsylvania, and Florida—plaintiffs have upped the ante and claimed that session replay violates state wiretapping statutes. 

Plaintiffs are relying on these wiretapping statutes (and the statutory damages they provide) to claim that companies and their third-party session replay vendors are illegally monitoring and recording their movements.

Who Is Impacted by These New Claims?

In short, virtually every business with a website that collects data on website visitors may be vulnerable to these claims. In Pennsylvania alone, lawsuits have been filed against national retailers, travel companies (such as airlines and cruise providers), service providers (such as real estate listing aggregators), healthcare companies, social media companies, and news organizations. 

Moreover, due to the nature of the internet, a company that marketing itself nationwide could find itself targeted by a plaintiff, in any state with a similar wiretapping statute, who visits the website.

How Can a Company Protect Itself?

This will be the topic of upcoming installments in this Litigation Minute series, which will cover the changes in Pennsylvania and California law that have led to a spike in these and related claims— as well as potential defenses including jurisdictional challenges and scopes of wiretapping statutes. 

For now, companies should bear in mind the old adage that “the best defense is a good offense.” Securing clear and express consent from website visitors before collecting data is likely among the best strategies to combat these claims from the start.