Data collection on corporate websites is a litigation risk
By on Posted in Cybersecurity, Data Privacy

Businesses continue to be subjected to a steady stream of consumer class action lawsuits alleging improper collection or disclosure of information from their websites. A variety of laws and legal claims are used to support the suits. Some lawsuits assert violation of laws that are not particularly cutting edge, such as the Video Privacy Protection Act, or cite to non-disclosed use of more modern technology such as tracking pixels. In many of the lawsuits, both types of claims are asserted.  

A noteworthy example is a recent putative class action filed against MLB Advanced Media, a digital media arm of Major League Baseball. The suit, filed by several subscribers to the MLB.com website, alleges that MLB Advanced Media violated the VPPA by disclosing, without authorization, website visitors’ personally identifiable information in relation to videos viewed on the website.  The plaintiffs allege that the VPPA violations occurred due to use of Meta Pixel on the site. Through the use of Meta Pixel, the suit alleges, the website visitors’ information, including their Facebook IDs, was shared in violation of the VPPA. Other high-profile corporations have been targeted using this theory of liability to assert VPPA violations.

Another example is the current trend of lawsuits alleging illegal use of pen register or trap devices under the California Invasion of Privacy Act.  In essence, these suits claim that use of one or more modern third-party website analytics, session replay, chatbot, or similar tools violate older provisions in the CIPA aimed at wiretapping or eavesdropping, even though those provisions predate the technologies at issue. 

The immaturity of controlling case law in this area can create significant litigation risks for companies. Although it previously may have been viewed only as a “compliance” issue, the volume of class litigation means that companies should carefully review and assess their websites’ data collection, sharing, tools, functions, and data streams. 

The Constangy Cyber Team regularly counsels businesses of all sizes and industries on how to comply with the growing number of data privacy laws and regulations. If you would like additional information on how to prepare your organization, please contact us at cyber@constangy.com.

TAGS: California, Cyber Incident Response, Cyber Team, CyberMonday, Cybersecurity, Data Privacy, Data Security
Facebook Twitter/X Linkedin Email
  • John Babione in a light gray suit with a white shirt and dark navy tie smiles against a light blue and white geometric background.
    John Babione
    Partner

    He regularly defends clients in a variety of complex and high-stakes privacy and cyber-related litigation, including class action data breach suits, wire fraud litigation, and employee data theft actions. John’s experience ...

    More from John: Full Bio | Contact Author | Blog Posts

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Search

Get Updates By Email

Subscribe

Archives

Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek