Many of you use TrustedForm on your website to document consent for current or potential customers to be contacted by telephone, text message or email. TrustedForm provides significant benefits for all concerned with a website visit and the process of lead verification. In particular, TrustedForm helps document a consumer’s consent to be contacted which greatly helps companies comply with privacy laws such as the Telephone Consumer Protection Act (“TCPA”). TrustedForm also helps to protect you from baseless claims of TCPA violations by aggressive litigators. Recently, some of the same serial litigators who have threatened TCPA claims have been pursuing a new avenue of litigation. They have pursued cases against website owners and their service providers (like us) based on a decades-old California wiretapping statute. These “wiretap” cases involve sites that use any type of session replay technology like TrustedForm. This is yet another challenge for website owners, who are doing their best to conduct business responsibly and comply with the law. Again, ActiveProspect is at the frontlines of the battle. The purpose of this article is to provide some context and updates on recent legal developments. 

As a company, our mission is to make consent-based marketing the best channel for customer acquisition. Consent-based marketing is the practice of only contacting consumers who have given their prior express written consent to be contacted. Ultimately, we want to put the control in the hands of the consumer and do away with unsolicited outreach by giving marketers a better alternative. Given that we are strong advocates of consumer privacy, we were very frustrated to be named in a few of these CA wiretapping complaints, even though most have been quickly dismissed. 

However, some recent wiretap cases have made it past the dismissal stage of litigation.  

  • Javier vs. Assurance IQ, LLC and ActiveProspect, Inc.:  Originally, the District Court for the Northern District of California dismissed the Javier case, but the plaintiff appealed that ruling to the Ninth Circuit. Unfortunately, the Court of Appeals for the Ninth Circuit reversed the District Court’s dismissal and remanded the case back to the District Court for additional discovery and fact finding. The Ninth Circuit held that the basis for the District Court’s decision—that the plaintiff had provided express consent retroactively to Assurance IQ’s use of TrustedForm—was in error. In particular, relying on cases dealing with a different statute than the one under which the plaintiff sued (and that arose in the context of telephone calls and not internet communications), the Ninth Circuit held that the plaintiff had to provide his consent prior to any involvement by TrustedForm for his express consent to be effective. This decision was met with criticism. However, upon remand, the District Court again dismissed the plaintiff’s claim – this time on a statute of limitations issue.

The primary takeaway from the rather uneven Javier litigation is that the Ninth Circuit held that prior express written notice is required when a website employs session replay technology such as TrustedForm.

  • Williams v. What If Holdings, LLC and ActiveProspect, Inc.: Another case from the Northern District of California, Williams was also dismissed by the District Court and appealed to the Ninth Circuit.  However, in Williams, the plaintiff voluntarily withdrew her appeal just several days prior to the oral argument scheduled before the Ninth Circuit.  

The takeaway?  One can only assume that the plaintiff felt extremely unsure of her chances at prevailing upon appeal; and thus withdrew her claim before precedent could be set against serial litigators everywhere.

  • Hazel v. Prudential Financial, Inc. and ActiveProspect, Inc.:  Yet another case out of the Northern District of California, this wiretap case is still ongoing (currently in the discovery phase of litigation).  This case turns primarily on two issues:  (1) whether TrustedForm (and therefore ActiveProspect) intercepts communications “in transit”; and (2) whether ActiveProspect is a third-party “eavesdropper.”  ActiveProspect remains confident that during the fact-finding discovery phase of this case, it will meet its burden to prove that TrustedForm does not intercept communications in transit and is acting solely on behalf of the website owner (and therefore is not a third-party “eavesdropper”).  

While this case is being litigated, the best protection customers have against these wiretap suits is the same as outlined by the Ninth Circuit in Javier:  Website owners should provide prior express written notice of the use of session replay technology such as TrustedForm. 

It is important when discussing these cases to note that the internet is a fundamentally different technology than telephone communication under which this 1993 California Wiretapping law is being interpreted. When you go to a website, by default your interaction with and activity on that website is logged. This logging and recording has become more sophisticated over the years with “session replays.” This technology works by taking the logged events on a site and replaying them with a copy of the site to visualize a replay of that user’s website session. While it looks like a video, it is not an actual video recording, but rather a reconstruction of the exact webpage and webform interaction, as it occurred, on that day and time. We are a service provider to the website owner who relies on our technology to comply with the TCPA by documenting the consumer’s consent to be contacted. A website owner could build and implement its own technology to provide similar functionality. We simply provide the tool for capturing and archiving the webform interaction and consent language presented for compliance and verification purposes. Only the site owner can share a TrustedForm certificate (which includes the session replay) from their site for access by others. 

We remain confident that we will prevail in the Hazel case. It is important for everyone in the consent-based marketing ecosystem that we do.

In the interim, developments such as Javier and Williams serve as an important reminder about the need for website owners to provide prior express written notice to site visitors about your privacy practices, including the use of session replay technology like TrustedForm. We have specifically developed a TrustedForm Privacy Notice for your use on your website (Click here). We recommend using this link in your own Privacy Policy which is shown on your website.  Please also note that use of the TrustedForm Certify Web SDK is specifically governed by our TrustedForm EULA, which requires that site operators provide notice to their visitors. As always, we recommend that you work with your privacy, legal and design teams to determine the most reasonable, balanced way to meet any webpage notice and consent language compliance requirements set forth in our EULA or under various data laws and regulations.

Stay in the loop! Subscribe to the recAP email list to get our latest updates and insights.

* By providing your information you agree to receive marketing communications and content from ActiveProspect. To unsubscribe click the link in email messages. Privacy Policy

You're All Set!