Last week, the Third Circuit reversed a summary judgment ruling in favor of Harriet Carter Gifts and NaviStone for alleged violations of Pennsylvania’s wiretapping and electronic surveillance law, or WESCA. See Popa v. Harriet Carter Gifts, Inc., Case No. 21-2203, 2022 WL 3366425 (3rd Cir. August 16, 2022). This lawsuit is one of many recent putative class action lawsuits seeking to enforce decades-old wiretapping laws against websites and their service providers. The named plaintiff is a consumer who allegedly made purchases on the Harriet Carter Gifts website while NaviStone’s marketing software was installed on the website. The plaintiff argued that the defendants violated WESCA by simultaneously sending its interactions with Harriet Carter’s website to NaviStone.
The district court entered summary judgment in favor of the defendants, finding that there was no interception at law because NaviStone was a direct recipient of the plaintiff’s communications. In coming to this conclusion, the court relied on Pennsylvania state court cases involving undercover law enforcement who were not found liable for wiretap claims while they were the direct recipients of the communications, even if they were not the intended recipients. The district court also found that while there was an interception, it did not occur in Pennsylvania, but rather in Virginia, where NaviStone’s servers were located.
The Third Circuit disagreed, finding that NaviStone’s position as the direct recipient of Popa’s communications did not allow it to escape liability under WESCA. The court explained that since the state court cases the district court relied on were decided, the Pennsylvania legislature amended WESCA to include an explicit exception for covert law enforcement. This changed language prohibited a broad reading of state court cases beyond the circumstances of law enforcement, so that NaviStone could not rely on the direct addressee exception. The court also rejected the argument that the interception occurred outside of Pennsylvania on NaviStone’s servers in Virginia; instead, the court found that the interception occurred on Popa’s browser, although the court noted that the record did not show whether she was in fact in Pennsylvania at the time. The court was not persuaded by defendants’ arguments that the ruling would mean websites could never use cookies or third-party marketing companies to analyze customer data. The court noted that consent is a clear exception to wiretapping liability under WESCA, but declined to address the parties’ consent arguments as these had not yet been decided by the lower court. .
Comments are closed.