If your business operates a website, it is imperative that you comply with the Pennsylvania Wiretapping and Electronic Surveillance Control Act. Readers of our blog are now aware of the growing influx of class action lawsuits filed against online companies, which allege that use of third-party website tracking software violates California's wiretapping law. Our readers are likely less familiar with Pennsylvania's wiretap law, however. Like California, Pennsylvania is a "two-party consent" state, meaning that Pennsylvania's wiretap law requires that all parties to a telephone call or conversation consent to its recording. Below is a brief primer on Pennsylvania's wiretap law.
Pennsylvania's Wiretap Law Explained
The Pennsylvania Wiretapping and Electronic Surveillance Control Act ("WESCA") makes it unlawful to intentionally intercept any wire, electronic, or oral communication. Specifically, WESCA allows "[a]ny person whose wire, electronic or oral communication is intercepted, disclosed or used in violation of [the statute]" to bring suit against "any person who intercepts, discloses or uses or procures any other person to intercept, disclose or use, such communication." Importantly, WESCA allows for a private right of action and permits recovery of damages as detailed below:
- Actual damages, or liquidated damages up to $1,000, whichever is higher;
- Punitive damages; and
- A reasonable attorney's fee and other litigation costs reasonably incurred.
Similar to lawsuits in California, plaintiffs' attorneys are bringing class action claims alleging that online companies violate WESCA by employing third-party software on their websites which, without prior notice or consent, tracks, records or stores the visitor's website activity. In Popa v. Harriet Carter Gifts, Inc., the Third Circuit reversed a Pennsylvania district court's grant of summary judgment for defendants on claims that a shopping website and a marketing service violated WESCA by collecting and sharing records of the plaintiff's digital activities without her consent.
In the aftermath of the Popa decision, Pennsylvania district courts have denied defendants' motions to dismiss WESCA claims. For example, in Vonbergen v. Liberty Mutual Ins. Co., plaintiff brought a class action lawsuit alleging that defendant violated WESCA through its use of session replay software on defendant's website. Defendant filed a motion to dismiss for lack of personal jurisdiction and failure to state a claim. The Court denied defendant's motion to dismiss, and held that discovery was necessary before it could determine: (a) whether defendant's conduct was directed at Pennsylvania, and (b) whether: (i) the session replay software employed would be considered a "device;" and (ii) the browsing activity collected should be considered the "contents of a communication."
Conversely, last month, the Western District of Pennsylvania granted a defendant's motion to dismiss for lack of standing. However, plaintiff appealed the district court's decision to the Third Circuit; as such, additional WESCA-related guidance should be forthcoming.
Defenses to Pennsylvania Wiretap Claims
These decisions highlight the necessity not only of obtaining a website user's consent to the recording of his/her activity through the use of session replay software and similar tools, but also disclosure of and consent to any third-party involvement in the collection of information via that software. In addition to user consent, additional defenses include: (1) lack of jurisdiction in the subject forum; (2) that the software employed is not a "device;" and (3) that the browsing activity data collected are not considered "contents of a communication."
Similar Blog Posts:
Contradictory CIPA Pen Register Decisions Create Uncertainty
Significant CIPA Eavesdropping Lawsuit Dismissed
California Court Holds That Website Recording Is NOT Wiretapping
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.