The explosion of e-commerce websites, internet marketing, and AI technology has raised serious concerns about the privacy of consumers online. Increasingly, courts in California and elsewhere are relying on the Federal Wiretap Act to ensure that consumers’ sensitive personal information remains confidential. What is the Federal Wiretap Act? The federal data privacy law broadly protects consumer data by placing clear limits on how the government and private businesses can go about collecting information about website visitors. The law also gives individuals a private right of action to sue in federal court, which has led to a rise in class action consumer privacy lawsuits. Consumers who visited websites that unlawfully intercepted their personal data may be eligible to join one of these class actions and receive financial compensation.
To learn more about the Federal Wiretap Act, keep reading this blog.
The Federal Wiretap Act Protects Consumer Data Privacy
The Federal Wiretap Act is contained in Title I of the Electronic Communications Privacy Act (ECPA) and codified at 18 U.S.C. § 2510. The wiretapping law was passed by the U.S. Congress in 1986, with the primary intent of the statute being to extend previously enacted restrictions on government wiretaps of telephone calls to other types of electronic data transmissions by computer.
As a federal statute, the wiretap law applies to interstate or international communications. For example, a consumer may bring a Federal Wiretap Act claim when they use the internet from a California IP address to visit a website operated in another state.
Federal Wiretap Law Prohibits the Interception of Personal Communications Without Consent
The Federal Wiretap Act prohibits law enforcement agencies, businesses, and individuals from intercepting a person’s communications without their consent. The law explicitly prohibits the interception, use, or disclosure of a communication. The key term that is often disputed in civil proceedings is “intercept,” which the statute defines as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.”
One of the most common ways that a company violates the Federal Wiretap Act is by using online trackers to spy on website visitors and collect data. The personal information unlawfully collected by companies on their websites is often extremely sensitive in nature: it can include confidential medical data, financial information, and other highly personal information about website visitors.
The Federal Wiretap Act Protects Real-Time Communications
The Federal Wiretap Act’s digital privacy protections apply to wire communications, oral communications, and electronic communications. Importantly, the law protects these types of communications while they are in transit. This places a limitation on the law because plaintiffs must show that their information was intercepted and/or read in real time.
Courts will typically examine whether the online communication was collected before, during, or after it was sent. If a company read or learned the contents of a communication while it was in transit, then the action qualifies as an “interception” under the federal wiretap law and exposes the offending party to liability.
Plaintiffs in Federal Wiretap Act claims must be able to allege that their data was collected contemporaneously with the transmission of that data to a third-party’s server. For example, a plaintiff who provides personal medical information on a health website would need to show that the information was intercepted via tracking software as soon as it was input.
The Federal Wiretap Act Protects Internet Communications
Courts have interpreted the Federal Wiretap Act to apply to both internet communications and telephone communications. Although the wiretap law was originally meant to limit the ability of the government to intercept and monitor telephone calls, it is now basically settled law that these kinds of privacy statutes also protect online communications. For example, the federal wiretap law is understood to apply in many different contexts, including when companies embed trackers on their websites. This is significant because the internet era has witnessed the steady proliferation of website cookies, scripts, and pixels that track users’ activity and collect their personal information.
Email Communications
The question of whether the Federal Wiretap Act applies to email messages has been disputed in court. That’s because the statute protects electronic communications only while they are in transit, while practically all emails are put in temporary storage on the way to their final destination. However, courts have ruled that emails must be protected under the Electronic Communications Privacy Act (ECPA) because otherwise the added safeguards of the wiretap law would be meaningless.
Victims of Online Surveillance Have a Private Right of Action to Sue in Federal Court
Although the Federal Wiretap Act was initially passed as a criminal statute to limit government surveillance, the law does provide individuals with a private right of action in civil court.
The Federal Wiretap Act gives consumers the right to bring a civil suit and pursue monetary damages for data privacy breaches. When a company violates federal wiretap laws by unlawfully collecting the personal information of website visitors, the company may be subject to both criminal and civil penalties.
Are There Exceptions to Liability Under the Federal Wiretap Act?
The Federal Wiretap Act has a single-party consent exception to liability. When one of the parties to the communication consents to the interception, then the collection of data is lawful. For instance, if a company consents to the use of tracking code on its website to collect customer data, that could be enough for the one-party consent rule to initially preclude liability under the federal statute.
Crime-Tort Exception
However, even when the single-party consent exception applies, it is still possible for a plaintiff to successfully bring a Federal Wiretap Act claim if the crime-tort exception also applies. The crime-tort exception stipulates that a party may be liable under the wiretap law when they intercepted and/or shared customer data “for the purpose of committing any criminal or tortious act.”
California Invasion of Privacy Act (CIPA): State Law Protects Consumers Against Online Data Collection
The Federal Wiretap Act was actually a model for California’s main consumer privacy law: the California Invasion of Privacy Act (CIPA). The CIPA imposes even stronger data privacy protections than the Federal Wiretap Act, and this is particularly true with respect to consumer data. That’s why many California consumers choose to file invasion of privacy lawsuits under the CIPA. In fact, the CIPA is often the basis for class action lawsuits against companies that unlawfully collect and share consumer data online.
The Federal Wiretap Act can work in tandem with the CIPA and other California state privacy laws to create dual compliance obligations for companies that operate websites. Plaintiffs may file both CIPA claims and ECPA claims together, resulting in enhanced penalties for defendants and additional compensation for victims.
Two-Party Consent
One of the ways in which the California Invasion of Privacy Act (CIPA) is more robust than the Federal Wiretap Act is that the CIPA is a two-party consent law. This means that it is illegal for anyone to record a conversation without the consent of all parties to that conversation. This is true for many different types of conversations, including telephone calls, in-person conversations, and electronic or online communications.
CIPA Penalties & Damages
Like the federal wiretap law, California’s Invasion of Privacy Act (CIPA) imposes both criminal and civil penalties on offenders. The criminal penalties include fines of up to $10,000 for each violation, depending on the severity of the offense. The civil penalties include statutory damages of $5,000 per violation and actual damages for any financial losses suffered by the victim.
Contact the Los Angeles Consumer Protection Attorneys at Tauler Smith LLP
Did you visit a website that may have unlawfully collected and shared your personal information? Under federal law, you may be able to file a civil suit and get financial compensation. The California consumer protection lawyers at Tauler Smith LLP represent plaintiffs in both state and federal courts. Our legal team is highly skilled in consumer privacy litigation, and we have helped numerous clients win favorable settlements and verdicts in these cases.
Call 310-590-3927 or email us to find out how we can help you.
