Following a recent decision,1 The Third Circuit Court of Appeals has breathed new life into claims by Pennsylvania consumers that the practice of tracking a customer’s movements on a company’s website violates Pennsylvania’s wiretapping law and Electronic Surveillance Control (WESCA).2 WESCA makes it unlawful to intentionally intercept any wired, electronic or oral communication.3 For years, Pennsylvania courts have applied a “direct party” exception to WESCA, finding that a party that directly receives a communication does not “intercept” it. This limited the scope of potential claims under WESCA, which provides a direct cause of action for consumers.4
In Popa Gifts vs. Harriet Carter, Inc., however, the Third Circuit determined that later WESCA revisions significantly reduced this exception. In 2012, in an apparent effort to codify the direct party exception with respect to law enforcement investigations, the Pennsylvania General Assembly revised the definition of “interception” in WESCA to exclude any communication directly received by law enforcement. law enforcement, as long as law enforcement meets certain criteria. .5 Under the Third Circuit’s interpretation, the 2012 revisions limited the direct party exception to only circumstances described in the statute, i.e., direct communications to law enforcement that otherwise meet certain criteria.
Unsurprisingly, many class action lawsuits quickly followed the Popa decision, each alleging that the companies violated WESCA by tracking the plaintiffs’ activities on the companies’ websites. However, the Popa decision still leaves some questions unanswered. First, the Third Circuit’s decision is based on its presumption on how the Pennsylvania Supreme Court would interpret WESCA and the revised definition of “interception”. If the Pennsylvania Supreme Court had a chance to consider this issue, it could effectively strike down Popa if he interprets WESCA differently. Plaintiffs will likely try to avoid this by primarily suing in the federal district courts of Pennsylvania, which remain bound by the Popa decision until further notice. However, a question could be certified to the Supreme Court of Pennsylvania asking it to rule on the interpretation of the revised version of WESCA.
Second, WESCA still contains various other defenses for defendants, including the potential defense that consumers give implied consent to tracking by visiting websites with accessible privacy policies that inform visitors about tracking. Since the Third Circuit has declined to resolve this issue, companies should carefully review their policies – both terms and conditions, as well as privacy – to ensure that, to the extent applicable, they clearly state the manners which visitor information may be collected and aggregated by the Company or third parties. Opt-ins may also be used to obtain consumer consent to these terms, and by continuing to browse the website, visitors consent to this collection.
Third, identifying when an interception occurs could give rise to jurisdictional arguments. In Popa, the Third Circuit determined that the interception occurred when plaintiff’s browser, located in Pennsylvania, provided information that was routed to defendants’ out-of-state servers. The Third Circuit therefore held that the courts of Pennsylvania had jurisdiction. This interpretation would apparently exclude anyone of a potential class who accessed a website from outside of Pennsylvania. On the other hand, in today’s highly mobile society, where people typically access websites on their smartphones, the Popa the court’s interpretation could also raise a host of jurisdictional complications, as well as constitutional concerns, such as the implications for the dormant trade clause.6
The Popa The decision represents a significant change in the application of WESCA, and while potential defenses are available, questions remain unanswered. What is clear, however, is that companies need to anticipate the potential for these disasters and take steps to prepare for them. In addition to reviewing their privacy policies and terms and conditions, companies should consider reviewing their agreements with website managers and software or marketing vendors to determine if the agreements include indemnification.
1Popa vs. Harriett Carter Gifts, Inc.., 45 F.4e 687 (3rd Cir. 2022).
218 Pa.CS § 5701-5782
318 Pa.CS § 5703(1).
4See, for example, Commonwealth v. project, 771 A.2d 823 (Pa. Super. Ct. 2001); Commonwealth vs. Cruttenden58 A.3d 95 (Pa. 2012).
5Specifically, the definition excludes direct communications to law enforcement “where the investigator or law enforcement agent is impersonating a real person who is the intended recipient of the communication, provided that the attorney general, a deputy attorney general designated in writing by the attorney general, a district attorney, or an assistant district attorney designated in writing by a district attorney in the county in which the investigator or enforcement officer laws must receive or make the communication has reviewed the facts and is satisfied that the communication involves suspected criminal activity and has given prior approval for the communication. 18 Pa.CS § 5702.
6The defendants in Popain fact, submitted a letter to the court on September 23, 2022 as part of their request for a rehearing, stating that the extension of the court’s liability under WESCA to any website accessible in Pennsylvania has resulted in an increase in lawsuits brought by plaintiffs who otherwise “have no connection with the Commonwealth”. See https://www.law360.com/articles/1533666/attachments/0.
#Circuit #Pennsylvania #Consumers #Base #Internet #Tracking #Claims