Washington DC – Wiley, on behalf of a coalition of clients, helped secure a significant victory for Microsoft Corporation at the U.S. Court of Appeals for the Ninth Circuit in Popa v. Microsoft Corporation, a closely watched case involving online privacy and state wiretap laws with significant implications for digital consumers and businesses.
In Popa, the plaintiff brought a putative class action against Microsoft based on the use of its session-replay technology—a common tool used by businesses to optimize their websites for customers—on petsuppliesplus.com, claiming that use of that technology while she browsed that website invaded her privacy and violated Pennsylvania's Wiretapping and Electronic Surveillance Control Act. The district court dismissed these claims for lack of subject matter jurisdiction, concluding that use of the session-replay technology did not invade her privacy so as to give rise to a "concrete" injury-in-fact required for standing under Article III of the U.S. Constitution. The plaintiff appealed to the Ninth Circuit, challenging this conclusion.
On appeal, Wiley filed an amicus curiae brief on behalf of the Chamber of Commerce of the United States of America; the Washington Legal Foundation; NetChoice, LLC; and the Interactive Advertising Bureau. In their brief, these amici supported Microsoft and urged the Ninth Circuit to affirm, arguing that dismissal was required based on "the Supreme Court's recent teaching on Article III and the limitations on clever but harm-free litigation."
On August 26, 2025, the Ninth Circuit affirmed the dismissal, agreeing with amici that the plaintiff failed to establish a "concrete injury" under Article III. The court held that the plaintiff's allegations about the use of Microsoft's session-replay technology on a pet-supplies shopping website did not "remotely" resemble the kind of invasion of privacy that could qualify as a "concrete" injury-in-fact to give the plaintiff standing under modern standing doctrine.
This decision reinforces strict limits on privacy lawsuits brought by plaintiffs trying to capitalize on businesses' use of commonplace internet technologies without suffering any legitimate harm from the use of those technologies. And it provides clarity for businesses who depend on those technologies to compete in the digital economy.
The Wiley team on the brief included Privacy, Cyber & Data Governance Practice co-chair Megan L. Brown, as well as partner Jeremy J. Broggi and associate Joel S. Nolette of the Litigation and Issues and Appeals practices.