ARTICLE
2 October 2024

The Next Target Of CIPA Litigation: Search Bars

FK
Frankfurt Kurnit Klein & Selz

Contributor

Frankfurt Kurnit provides high quality legal services to clients in many industries and disciplines worldwide. With leading practices in entertainment, advertising, IP, technology, litigation, corporate, estate planning, charitable organizations, professional responsibility and other areas — Frankfurt Kurnit helps clients face challenging legal issues and meet their goals with efficient solutions.
Over the past two years, we have seen an influx of lawsuits asserting that the use of tracking technologies on websites violates the California Invasion of Privacy Act (CIPA).
United States Privacy

Over the past two years, we have seen an influx of lawsuits asserting that the use of tracking technologies on websites violates the California Invasion of Privacy Act (CIPA). Some companies have successfully dismissed these CIPA claims on the basis that the information allegedly intercepted by the tracking software—i.e., pages viewed, keystrokes and mouse clicks, etc.—do not constitute the "contents' of a communication, and are thus not protected under CIPA.

In a seeming attempt to plead around these holdings, California plaintiffs' attorneys have added a new spin to these CIPA claims—that when website users enter search queries on a website, descriptive URLs are created (containing those search queries), which are then conveyed to third parties via tracking pixels (e.g., the Meta pixel) and used for targeted advertising campaigns in violation of CIPA.

A recent California federal court decision has given this theory some traction. In Heerde v. Learfield Communications,the court held that "[s]earch terms constitute 'contents' of a communication", and that a company's sharing of those search terms with Facebook via the Meta pixel potentially violates CIPA. See Heerde v. Learfield Communications, Case No. 2:23cv4493, 2023 WL 3583874, at *5-6 (C.D. Cal. July 19, 2024). Since this decision, we have seen a wave of demand letters alleging CIPA violations of this nature.

What can be done to prevent these CIPA claims? Companies should review the tracking technologies used on their websites, and ensure that their privacy policies are comprehensive and accurate. Companies should also consider obtaining users' express consent prior to the firing of any tracking software, or adding pop-up disclosures that inform users that their search queries may be shared with third parties.

www.fkks.com

This alert provides general coverage of its subject area. We provide it with the understanding that Frankfurt Kurnit Klein & Selz is not engaged herein in rendering legal advice, and shall not be liable for any damages resulting from any error, inaccuracy, or omission. Our attorneys practice law only in jurisdictions in which they are properly authorized to do so. We do not seek to represent clients in other jurisdictions.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More