Papa John’s is Being sued for allegedly violating the US Wiretap Act
Papa John’s is being sued by a customer, but not for the pizza itself, but rather for allegedly breaking the US Wiretap Act by keeping an eye on how he used the website that sells pizza. The titan of greasy wheels is said to have violated wiretapping regulations by using so-called session replay software on its website. This app is said to record and call home everything a user does on the website, including going to pages and placing orders.
It supposedly alerts Papa John’s to mouse movements, clicks, and keystrokes made on the page, for example. This data can be used to pinpoint the locations where customers leave a sale, become trapped, or become lost. Session replay programs have caused privacy concerns due to their indiscriminate data collection, occasionally shoddy security, inability to gain user agreement to track and keep this data, and analysts tracking your every move to see how they can improve their websites and enhance sales. On the other hand, you might not think it is all that alarming when you consider all the other concrete information a website may have on you, such as name, email and home address, date of birth, orders completed, payment data, etc. We should note that due to the technology, Intel has gone through a comparable legal battle.
A lawsuit [PDF] against Papa John’s was filed this week in a federal district court in southern California. In the proposed class-action complaint, Papa John’s is charged with violating the California Invasion of Privacy Act and the Wiretap Act with regard to their session replay software by going too far (CIPA). The “session replay” technology, according to the lawsuit, is “purportedly used to monitor and uncover faulty website functionality; nonetheless, the extent and information acquired by users of the technology… substantially surpasses the stated objective,” alleges David Kauffman of San Diego.
Although his complaint doesn’t precisely name the software, or “spyware,” as he dubbed it, that Papa John’s allegedly used, he insists that such code is illegal. The lawsuit seeks “the greater of $10,000 or $100 per day for each violation” of the Wiretap Act, in addition to the $2,500 in statutory damages for each CIPA violation. Papa John’s may be liable for a substantial amount of money if they are proven to be at fault, which is unfortunate for them. Even though Kauffman’s lawyers don’t know the exact number of people in the class who are named in the lawsuit, they think that “millions” of people were secretly watched.
We’ll update this article as Papa John’s responds to our questions about the lawsuit. Privacy respect cannot be baked into a pie. The fast food chain was previously fined £10,000 ($11,100) in the UK for sending advertising text messages to clients without their express consent, despite the argument that Papa John’s leaves a lot out of their pizza, such as flavor.
Papa John’s was charged with abusing the Privacy and Electronic Communications Regulations of Great Britain’s “soft opt-in” exception, which permits companies to use customer information obtained during a sale to send marketing communications, but only if the customer is given the opportunity to opt-out first. That’s where Papa John’s fell short. Papa John’s wouldn’t be the first company to face charges in US courts for utilizing session replay code.
Numerous lawsuits have been filed in Florida and California against companies that were accused of using integrated technology on their websites for illicit activities. Despite the fact that many cases brought in Florida in recent years have been dismissed, the Ninth Circuit Court of Appeals’ ruling in June, according to The National Law Review, opened the door to a flood of new session replay lawsuits in California using the same legal justification used in the Papa John’s case.