Lawyers: 9th Circuit Ruling Downplays Chat Tools' Capabilities, CIPA in Privacy Suits
The 9th U.S. Circuit Court of Appeal's recent ruling in Gutierrez v. Converse raised the bar for plaintiffs filing lawsuits involving website chats, and questioned whether the California Invasion of Privacy Act (CIPA) applies to internet communications, said three Fisher Phillips lawyers in a blog post Monday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
On July 9, a three-judge panel from the 9th Circuit dismissed claims that shoe company Converse aided and abetted violations of CIPA when it used a Salesforce chat function. In addition, one of the judges took things a step further and said the Act's wiretapping clause shouldn't apply to internet communications (see 2507100072).
"Under the standard set by this case, plaintiffs now need hard proof that a vendor actually intercepted or attempted to intercept and read a live message while in transit -- not just that it could have or was capable of doing that," the bloggers said. "That’s a significant evidentiary burden."
Plaintiffs in case 24-4797 alleged that Converse let third-party entities record and commoditize communications on its website's chat feature in violation of CIPA and the California Unauthorized Access to Computer Data Act. But "the 9th Circuit wasn’t persuaded," the bloggers said.
"Even if the vendor could access messages, there was no proof it actually did or actually attempted to do that -- and that’s a critical difference under the law," they said.
This ruling is significant because it pushes against a trend in privacy law where plaintiffs "attempt to revive old laws to establish claims applied to new technology."
In addition, it could apply to more than the chat features of a website. "Plaintiffs in lawsuits filed against AI vendors and their corporate customers for use of an AI tool to record, transcribe, summarize, or process incoming calls are already arguing that the vendor’s mere capability" of accessing data and "potential or capability of using the contents of the recorded call to train their AI model is sufficient to establish a wiretapping claim," the lawyers said. "Defendants in such AI litigation will cite to this decision" to show "that mere capability of accessing a private call is not enough under CIPA."
It may also shift legal strategies. Attorneys may eschew CIPA and opt for suits under "the California Consumer Privacy Act (CCPA), which focus[es] on data misuse rather than message interception, as well as wiretapping laws in other two-party consent states and the Federal Wiretap Act."