The Tidal Wave of Website Privacy Class Actions and Mass Arbitration Claims

Show Notes

We often hear of litigation trends described in dramatic terms: “the floodgates will open” or “a tidal wave of claims is coming.” Often the predictions end up being off the mark. But with respect to website privacy claims, companies being deluged in litigation claims and the metaphors are apt.  A number of law firms in California and elsewhere are bringing large number of individual lawsuits, class actions and mass arbitrations.  Any company with a website that seeks to capitalize on gathering data on website activities is vulnerable. These cases present unique substantive and procedural challenges. In this episode, Deb Howitt, Austin Chambers and Jessica Leano explain the merits of these claims, how courts and arbitrators are reacting to these trends and what companies should do to be prepared for the tidal wave.

This podcast is not legal advice and does not establish an attorney-client relationship or create any duty of Dorsey & Whitney LLP or those appearing in this podcast to anyone. Although we try to assure that the content of this podcast is accurate, comprehensive, and reflects current legal developments, we do not warrant or guarantee those things. The opinions expressed in this podcast are the opinions of those appearing in the podcast only and not those of Dorsey & Whitney. This podcast is considered attorney advertising under the applicable rules of certain states.

Transcript

Voiceover

Welcome to another episode of the SharkCast on litigation risks management where we explore why businesses are so frequently sued, and how to mitigate and navigate the dangers lurking in these risky waters. Join us now as we welcome our host Kent Schmidt, Litigation Partner at the law firm of Dorsey & Whitney.

Schmidt

Thanks for joining us for another episode of Shark Cast. I’m happy to welcome today three guests to the show. Deb Howitt is a partner in our Denver office as well as Austin Chambers, also a partner in the Denver office, and Jessica Leano practices litigation with me here in Southern California. Deb and Austin are both privacy specialists. They advise clients on privacy regulations, which are constantly changing and continue to grow and create significant compliance obligations for clients, and as I indicated, Jessica is a commercial litigator who along with me has been doing a fair amount of privacy related litigation. There’s been an absolute tidal wave of consumer privacy litigation over the past eighteen months or so focused on the privacy claims that are filed when a consumer goes to a website and watches a video, or does some browsing and then discovers that that browsing history or that video watching activity is somehow transferred to other platforms, whether Facebook or Google or some other platform, and they start being targeted with ads. These claims are being filed in federal court, state court and an arbitration. They have a number of different statutory bases, a number of different strategies that the lawyers are employing, and so I thought would be a great idea to tackle some of these issues with the lawyers that I work with the most on these claims. So with that as a brief introduction, let me welcome Deb and Austin and Jessica. Thank you for being here on SharkCast.

Howitt

Thanks, Kent. Really glad to be here.

Chambers

Yeah, thanks Kent.

Schmidt

 Well, thank you for joining us and for your time. Deb, I think you’ve probably been in the privacy space longer than all of us and so you have perhaps greater contacts for assessing this new tidal wave of claims. Can you give us sort of your perspective about what you’ve seen over the last, say ten or fifteen years in privacy, and how that informs you with respect to this new subset of privacy claims?

Howitt

Sure. In the past, privacy litigation was much less prevalent and more focused on proving the elements and showing harm, such as that the behavior of the defendant was deceptive or unfair or breach of contract, or perhaps an invasion of privacy tort claim where the plaintiff had to show emotional distress. Or often in a data breach scenario where they’d have to show that the defendant was negligent and the plaintiff suffered some harm, but these latest cases are just about the numbers. They’re being filed under laws that have statutory damages available per violation. The violations rack up extremely quickly with website visitors and the plaintiffs’ attorneys are filing as many suits and arbitration claims as possible, even if there’s no harm whatsoever, and even when it’s truly not clear whether the statute is even applicable to the circumstances. Just because they know that many of these defendants will settle and that different courts will have different approaches, the judges are not always sophisticated in their knowledge of the technology and may not fully comprehend what’s being discussed in some of these claims, and they have different opinions. So these plaintiffs’ attorneys are just throwing everything against the wall and seeing what sticks, and they repeat that hundreds and hundreds of times against other defendants and, you know, they’re successful in many of these cases. People thought that the CCPA would result in a significant amount of litigation. That’s the California Consumer Privacy Act, if anybody’s not aware of that, and there were certainly cases filed, but the only private right of action under this CCPA is if there was a data breach and the defendant failed to have reasonable security measures in place. Plaintiffs did try to bring CPA claims under other theories, but these are typically not successful, and frankly, these other statutes that are being used now more heavily are just easier and so this is where the plaintiffs are focused at this time.

Schmidt

Well, it’s a great overview, Deb and I think it helps us sort of set the table for where we’d like to go in this conversation and we’re going to hear from each of our guests shortly. What I would propose is that we sort of divide the discussion into a number of segments, and first, I’d like to tackle a little bit of the technology that’s at issue in these cases and then secondly, we’ll tackle some of the substantive theories, and as I said earlier, there are variations on the legal theories. And then we would want to delve into some of the procedural issues and the litigation tactics of the firms that are bringing these claims, and what we’re seeing come down the line and what we’ll probably be seeing for the foreseeable future. So let’s begin with a discussion of the technology, and as I often do, when I work with Austin on these cases, I asked him to explain this in a way that makes sense to those of us that sit at the back of the classroom, at least on the technology side of things. So without getting too technical, because he has a wealth of background, can you tell us, Austin, what the technology is in general terms that triggers these claims?

Chambers

Of course, yeah, happy to and as an adamant back of the class person coming up through law school, I’m happy to do that. So you know, these technologies are pretty ubiquitous. What they are, it’s really common marketing technology. I mean frankly kind of to set the stage here. If you’re in marketing, this is sort of it would be malpractice, almost not to use some of these technologies like they’re just sort of considered run-of-the-mill regular things that you’re doing. So like the scale is enormous like so many websites use these types of technologies, and really what they are, are relatively simple. We hear a lot about pixels and really all that is, is just a pixel that’s on a page. It’s loaded when the web page loads and you work with other companies like Google or Facebook or all the social media companies. All these advertisers, all your website operators, brands, what have you, what they want to do ultimately, they want to reach a broader audience, right? Their goal is to, you know, get eyeballs on their marketing, get their brand out there, get people to click on ads and buy stuff, right? So these pixels, these marketing technologies, what they do is if you go to a brand’s website, they will pull a little bit of information about your browser, about who you are and it’ll send it to either Google or Meta. Any of these types of companies and it’ll let them know that you’ve been to this website and these brands, they’ll go on social media and they’ll run ad campaigns on Facebook or Instagram and they’ll say we want to reach people who’ve been to our website before. We want to remind them who we are, and the pixels really are just this sort of very simple technical tool that allows for marketers to figure out who’s been to their website before, and then find them on other properties. And different ways to go about that and they count all work in slightly different ways, whether that’s advertising on specific social media platform or it can be again Google where they are, you know, sort of in the business of finding you elsewhere or pretty much on any other media site for example, that shows display ads, they might just find you there. But fundamentally the technology that these plaintiffs have seized on is this ubiquitous pixel technology that just allows for retargeting and remarketing and ultimately kind of profiling. But in order to pull this off, ultimately the technology that underlies this retargeting creates a huge database. They frankly can track people pretty effectively in their activities across the Internet, so I think this is kind of driving a little bit of the plaintiffs theories here that this is kind of an invasive technology, and, and as the public has picked up on this some more and realized what these systems that have sort of grown up around it. What profiles they build about people, and what you do on the Internet, what have you creates a little bit of sensitivity. I think getting a little bit of sympathy from judges as well. Who are learning a little bit about what this technology does.

Schmidt

Yeah, well, in very broad strokes, as I understand it from doing some work in this area, there’s no express legislation, state or federal, that speaks to this precise practice. It’s not directly regulated and therefore, and we’ll talk about the legal theories in a moment. There’s a vacuum that’s created and lawyers come up with creative legal theories to attack this type of conduct. Do you see anything on the horizon of Congress or state legislatures that specifically address pixel sharing and this related technology?

Chambers

Yeah, so there has been some legislation, I think CCPA is one of those laws and some of these other state consumer privacy laws do mention retargeting or cross context behavioral advertising, and that’s what these pixels are able to do fundamentally. But the interesting thing about those laws is that they’re all on an opt out basis. Basically, each of these laws, for the most part, only would require that a website provide a means by which an individual could come and say, don’t track me, don’t engage in retargeting. I want to opt out. It doesn’t mean that you’re going to get advertising. You might instead just get sort of less targeted or less relevant to ads. But again, fundamentally, the regime is opt out, and it’s been enforced only by regulators. So again, as Deb mentioned, CCPA has no private right of action. You can’t sue for these things. So what we’ve kind of seen is these new claims are kind of an end around of what was carefully crafted statutes around this sort of technology, and this was never meant to be opt in. That’s not what this was and we’ve seen people sort of, I think, kind of resisting their inability to take more action or maybe the inaction by regulators so far.

Schmidt

Well, let’s talk for a moment about what users can do before we get to the legal theories. If they do not want their browsing history shared. Obviously you’ve talked about opt out, but apart from those opt out features, or if those opt out features are not present on a website, what can users do?

Chambers

Sure, so for many years there have been ad blockers. I think a lot of people are familiar with ad blocker plus or uBlock or Ghostery. Each of these technologies and these have been sort of a ham fisted way of approaching the issue, perhaps, but basically what these tools do is they live in your browser and they have a small database of all of these different trackers. How the pixels work and they will pretty much just strip out the little bits of code that make the pixels work, so they will basically just modify the site. So for a lot of people, sort of, I guess the absence of user choice has led them to take relatively drastic measures, which is these ad blockers.

Howitt

Yeah, and it’s interesting that the major browsers have announced that they’re phasing out some technologies, third party cookies, I think from they’ve announced just recently as part of their settlement with regard to the Incognito browsing that if anyone uses the Incognito browser tabs, the third party tracking technologies are disabled by default, and I think Google and Edge and you know others are in the process of phasing them out generally. I mean they will be replaced with something else, but they’re starting to go away generally.

Schmidt

Well, I think the take away is, as I used to say on the Evening News, this is an evolving story or a developing story. So as the browsers phase out, there’s AI that’s coming on. So this area is going to continue to evolve with the technology, even if the picture a year from now is not quite the same as what we see today.

Howitt

Yeah. One thing. I’m sorry. One thing I think we should mention also with what they can do is that many websites are now starting to have Cookie banner functionality in their websites. The little banner that you see pop up when you visit a website and there are cookie settings in there and many users, don’t bother to do that. They’ll just click sort of accept all or reject all, but they can actually go in and change their settings if they wish to through those modules as well.

Schmidt

Okay, that’s interesting options that technology presents. Let’s turn now to some of the legal theories, and Jessica I’ll turn to you as my fellow litigator on the call here and ask you to sort of unpack some of these legal theories that we’re seeing, again as indicated earlier, these are not necessarily statutes that had the Internet or browsing history in mind, but are being adapted and expanded by courts to apply here. So can you give us what you’re seeing as the most often invoked statutory basis here in California?

Leano

Sure. So in California, we’ve seen a mix of claims runs the gamut from you know, your typical law school intrusion upon seclusion, invasion of privacy, constitutional violation claim. In terms of statutes, we’re seeing quite a bit of claims under CIPA, the California Invasion of Privacy Act and as you mentioned Kent, the legislature, when enacting CIPA, likely wasn’t thinking about megapixels or beacons, or various technologies that are on a website in today’s times. This was a law that was enacted in the 60s. So CIPA was enacted, contemplating that there would be advances in science and technology that would result in new devices that would have eavesdropping capability, and that there would be invasions of privacy resulting from such eavesdropping. But I don’t think the legislator thought about cookies and megapixels and the things we’re dealing with today. So as of today, what we’re seeing is a lot of claims under CIPA for wiretapping, but it’s not wiretapping in the sense that you stick a device onto a phone line and you can listen to what the person is saying. As Austin and Deb mentioned a lot of these claims have to do with websites and what consumer attorneys and consumers are claiming are, listening to surreptitious conversations through the technology. So kind of as a primer we have the Federal Wiretap Act, which requires that a violator, so the website, the company intentionally intercept or endeavor to intercept the contents of an electronic communication to be liable for a wiretapping violation. And then we have the California wiretapping law, which is part of CIPA that similarly requires that the violator to be liable under the statute obtain contents of a communication. So to boil it down, we have a lot of claims coming up that are saying a pixel or some other communication on a website is the equivalent of someone basically listening into your phone conversations and involving a third party. The third party in this case usually being Facebook, Google, TikTok, a social media platform. So the claim is that the eavesdropper is listening and getting your information by the website having software installed, usually for advertising purposes, but we’re seeing a lot of claimants analogize these website technologies to someone listening to your phone conversations.

Schmidt

And let’s just clarify on this. This technology doesn’t actually listen to conversations. It just picks up browsing history, and that’s a major disconnect between CIPA, which was focused on the actual content of the conversation, as opposed to just the fact that some communication of some sort occurred. Is that?

Leano

Yeah, that that’s correct then. Yeah, I’d say that’s fair. The statutes say contents of a communication. They don’t say, you know, there’s liability just for observing the fact that someone is having a conversation or that some kind of transmittals going back and forth. They do say contents, but we end up in a battle over what constitutes contents, of course, and whether getting some information about websites you visited is a content of a communication. Is that any substance? Is that the equivalent of listening to a conversation? So there’s definitely a split there between the plaintiffs and defense bar on whether what these websites are doing in terms of advertising even fits within the scheme of the Federal Wiretap Act or CIPA.

Schmidt

Deb, let’s cover one more statutory claim before we move to some other topics and that is something that for once doesn’t come from California, but comes from another state, Illinois, and that’s the biometric privacy regulation in Illinois. We’ve had some experience, both you on compliance, and Jessica and me on litigation in BIPA. Can you explain what BIPA is and what companies be aware of on that privacy claim?

Howitt

Sure. Yeah, so BIPA regulates the collection and processing of biometric data. So you know this is data collected for the purpose of identifying a person. So this is often collected in the employment context. Maybe, you know, employee has to scan their fingerprint to enter a certain secured area, or there might be a retina scan, or scan of facial geometry for purposes of facial recognition. So under this statute, it requires notice with very specific elements in the notice and consent for the collection, as well as requiring that companies have a specific policy describing the retention and the destruction of the data when it’s no longer needed and so this statute really catches a lot of companies off guard. They’re just not aware of it. There’s private right of action, and there have been numerous class actions, significant litigation under this statute and more recently there has been a case indicating that the statutory damages occur per violation. So in the employment context, when you have an employee who’s worked for the company for five years and scans their fingerprint or their face or whatever, every single day, that adds up extremely quickly. So this is a big one to watch out for.

Schmidt

Jessica, can I ask you to just add on to the BIPA discussion from the litigation experience perspective relating to websites that are the target of some of these claims, even if they don’t fall within the more traditional biometric applications that Deb just talked about?

Leano

Yes, this is an interesting area Kent, because the companies we’re seeing are not companies you would expect to be doing quote un quote, biometric matching and identification. The defendants we’re seeing in a lot of the BIPA cases are companies that provide makeup, glasses, hair extensions, any kind of try on clothes, features like that that as a consumer, you think, oh, this is helpful I’d like to see what I look like with this color lipstick on before I buy the product. But because these websites are using a photograph feature where it’s, you know, upload your picture or take a picture through your webcam and then try on a certain product, we’re seeing plaintiffs analogize this, too. This is biometric screening because you’re taking a picture of my face, you’re doing something behind the scenes digitally, and, you know, we assume you’re saving this picture somewhere, so you have a database. So it is an interesting situation to see companies that are not in the security or medical field getting hit with these types of BIPA claims. As Doug mentioned, one important aspect of the statute is that liability is imposed when there is matching. This is, as Deb mentioned, I walk up to my office, it scans my picture, it scans my face and then it matches my face to know that I’m an employee of the building and it lets me in. That’s a different scenario from me trying on a hat virtually. So we’re seeing a different evolution of claims. It’s different from the megapixel or the trap and trace claims, but it is another situation where you know the statute says biometric data and we’re seeing that, that definition gets stretched into new technologies and new features that are really meant to provide the customer service, you know, increased sales. As now leading to biometric data related claims, it’s a very interesting area and something that’s a bit surprising.

Schmidt

Well, and the correlation between everything we’ve talked about is the legislature says X and the plaintiffs’ bar comes along and says Oh it’s X, but it’s also Y&Z and courts take a look at it and some say yeah, I think it’s Y but not Z, and other courts say no, it is Y&Z, and next thing you know you have litigation risks that go far beyond X, what the legislature originally envisioned, but are real and are significant for companies to be aware of. Let’s turn to another statute, this one of federal statute, the Video Privacy Protection Act, and Deb, I’m gonna ask you to address this legal theory and how it’s being adapted and asserted in a wide variety of contexts to address certain consumer privacy concerns.

Howitt

Of course. The VPPA is a federal law that was enacted back in 1988, and it came about following Robert Bork’s confirmation hearing and publication of his video rental history. So as a result of that, Congress passed the VPPA with the goal to prevent video rental stores such as Blockbuster back in the day from disclosing information regarding what their customers had rented unless there was, you know, prior express consent by that customer. So the VPPA was more recently amended to make it clear that it does apply to video content delivered online through newer technologies. So the online applicability is not the issue here. However, the statute specifically applies to what they call video service providers, which is defined as an entity engaged in the business of rental, sale or delivery of videos. So not just to any site that happens to have a video or two on their site, or some video ads on their site and the consumers to whom the statute applies are, to quote the statute, a renter, purchaser or subscriber. So not just a casual visitor who happens to go to a site once and click on a video. But the plaintiffs’ attorneys are now stretching these definitions and bringing claims against any company just because it has even, you know, a short video clip or ad on its site featuring video, even though it’s not truly in the business of being a video service provider as the statute intended. If that site happens to be using the megapixel or Google Analytics or some of these other technologies that Austin discussed which shares the data about a user or visiting a page that has a video, or maybe clicking on a particular video with those third parties. The VPPA requires consent to share video viewing data in the situations where it does apply, and in these new cases, we have circumstances where sites are just using these third party tools as Austin mentioned, they’re extremely common. Virtually every site has some of these tools in place to help them track what’s popular on their site, you know what’s being viewed for how long, you know where users come from, where they go to, you know, just common data that companies need to operate their sites and their business to target ads to their visitors. So in order to do all of this, they need to share certain data with those third parties to accomplish these goals, and that’s perfectly legal as we were just discussing in the US at this time. So the vast majority of sites in the US don’t obtain prior consent to share data with Google or Meta or others just because it’s not required at this time as it is in certain other countries. So some of the major issues or whether it applies to companies merely using video for advertising or providing short video clips to casual users which seems to not have been the intent of the statute based on the way it’s drafted, but the claims are being brought anyway.

Schmidt

Most courts by the way, and Deb, wouldn’t you agree that most courts are coming down on that issue in favor of the companies and against lawyers?

Howitt

 Yes.

Schmidt

Jessica and I had a win in federal court a couple months ago on that very issue on the under the…

Howitt

Mm-hmm.

Schmidt

Yay, that seems to be a growing body of case law. Is that your experience?

Howitt

Yes, absolutely. Yep, I’m glad that the courts are starting to see the light in that regard, and I think it may potentially start to reduce the number of cases and I think these attorneys are moving on, you know, as we’ve seen to some of these other theories that Jessica mentioned under CIPA.

Schmidt

Well, we don’t have time to unpack every single variation on the legal theory, but before we move from the legal theories to discuss some other concept, I wanted to ask Jessica about a trap and trace variation on some of these claims. Jessica, what is that legal theory?

Leano

Under a different provision of CIPA Kent, this would be section 638.51, we have a statute that says a person may not install or use a pen register or a trap and trace device without first obtaining a court order. So here we’re thinking about, technologies that are known to be used by law enforcement to observe ingoing calls, outgoing calls really have a register of who someone may be communicating with and we’re seeing this statute evolving to the basis of claims for metapixels or TikTok pixels, very similar claims. So it appears that, you know, with some difficulties or with some unfavorable decisions about the wiretapping theory we’re seeing that claimants, attorneys and plaintiffs bars using the trap and trace statute as a basis to similarly allege a privacy violation based on software on a website. At this point, there’s not much case law on what constitutes a pen register or what constitutes a trap and trace device. We’re seeing quite a bit of uncertainty at this point without any case law either way saying you know a metapixel is a trap and trace device, or metapixel is not a trap and trace device and it is a little odd to think about, you know, needing a court order or equivalent of a warrant to be able to have advertising software. But at this point, we’re waiting for a court to weigh in and give us guidance on whether the statutes are even implicated by this type of technology. As I mentioned, we’ve seen a lot of cases be filed in the last few months, but the cases are generally early, so I predict that we’ll see quite a bit of battle over whether a metapixel is a trap and trace device, or whether a metapixel is a pen register. At this point, it’s really an open question and I think there’s uncertainties on both sides about whether this statute is meant to criminalize or penalize standard website software as Austin and Deb have mentioned. So that’s the summary of the trap and trace legal theory at this point.

Schmidt

You know, some common threads in all of these variations, and even legal theories we haven’t been able to tackle in this conversation. One of which is there’s so much of a square peg in a round hole to use and perhaps an overuse phrase. You know, so many of these statutes were drafted before the advent of the Internet and so we’re trying to analogize or extend concepts of technology in the 60s or even earlier to modern technology, and it’s a I guess you have to say the plaintiffs’ lawyers are very creative and to some extent they’ve had some success. I’d like to turn back to you, Austin on another common thread in all of these legal theories, and that is the concept of consent. The users’ affirmative consent to the activity that the website is engaged in. Can you talk to us from a compliance perspective, but also I suppose from a defense perspective, when a company is actually facing these types of issues? How this concept of consumer consent plays out, and how that informs how a company should proactively avoid this litigation risk altogether?

Chambers

Sure. So consent is an interesting thing. It’s evolved a lot in sort of the privacy compliance space over the years. And historically there was this old notion of notice and consent, right, which basically meant the company puts up a privacy policy as long as you talk about what you’re doing, you know, that’s deemed consent as long as you continue to use it, and you were transparent about these practices. This is kind of separate and apart from what we see in modern privacy laws, which is the notion of, you know, opt in consent or prior specific informed consent and there’s this sort of spectrum of what consent really is, and I think as we’ve seen these cases involving what sort of consent is required and you know, consent is of course is going to be a bar for most of these cases. You know, you can install a wiretap as long as you have consent. The question really is becoming what sort of consent is that, and it’s been an interesting thing to watch, whereas you know, obviously we’ve seen many clients and many companies have privacy policies that talk about retargeting pixels, and all of this stuff, but this has not been persuasive necessarily to the plaintiffs’ bar. They’re sort of alleging almost that we have to have prior specific informed opt in consent before you can install any of these technologies. In practice, what that would mean is, as Deb mentioned, those cookie banners you see on all the websites you know, do we need to have that? Do you have to click, yes, I agree, before you can install a tracking pixel. That certainly seems to be the direction that a lot of these plaintiffs are going for with this, which is a dramatic departure from sort of traditional practice with respect to a website. I think a lot of marketers and you know, website operators of course would take the position that you know, there has certainly been consent, but maybe not to that degree.

Schmidt

Jessica, do you want to add anything to this concept of consent? The perspective of one and the litigation, briefing and arguing over whether or not there’s been effective and valid consent.

Leano

Sure. As you know Austin has mentioned, the consent is really key. A lot of the decisions we’ve seen, motions to dismiss, we’ll turn on consent and whether the court believes that there is consent for exactly what the claimant or plaintiff is claiming the defendant did. In theory, under both the Federal Wiretapping Act and CIPA, as well as, you know, common law, privacy claims, consent is a complete bar to the claim. If you said ahead of time, you can do what I’m now complaining that you’re doing, you have no claim. When it comes to consent, we’re seeing arguments about what’s the consent informed? Did you give me proper notice and proper detail of what you were doing? Did you just tell me that Facebook might get some information versus the specific pages you’re visiting on our website will be communicated to Facebook. So once we get into the consent phase, we’re seeing a lot of arbiters look at what the claimant contends the defendant or the company is doing and what the defendant says that they told the claim that they were going to do. You know, in theory, a pop up banner that tells a consumer that information may be shared with third parties should be sufficient for the claimant to know that, okay, by using this website my information is going to be sent to a third party and I’m agreeing to that. The courts are also dissecting and arbiters are dissecting, you know, the method of information. Was there a cookie banner that popped up? At what point did the cookie banner pop up before information was supposedly sent? Did the cookie banner have very small writing that someone would not look at and would just click past? Does the cookie banner hyperlink to a policy that is more specific? Is there a cookie banner at all? Courts are really looking at how conspicuous did you make the disclosure? How many places did you make the disclosure? Was the person who visited the website really able to give their consent and really understand what you were going to do with their information? So in theory, consent can be a complete bar to these privacy claims. Then we get into the nitty gritty of what’s consent effective and courts are looking at all kinds of factors going forth, you know, from the method of the pop up to what color was the text. You know things that allow us to consider what the person saw and we’ll come down to the Court’s judgment of, oh, someone would have seen that and they should have known versus oh, no one would have seen that. So we’re seeing some interesting arguments there similar to, you know, shrink wrap or other cases where we’re kind of imputing knowledge on what someone would have known and what they agreed to.

Schmidt

Very good, and in many of these cases, it’s very difficult to get past motion to dismiss because consent itself involves very factually intensive questions as to whether consent was effective and whether the disclosure that is on the privacy policy is understandable and things of that nature. So this presents issues for litigation. Keeping with our focus on litigation, let’s discuss how these claims are being brought, beginning with the forum in which some of these lawsuits and arbitration claims are being filed. Often in consumer cases, the preferred process for bringing those claims as a consumer class action, and we certainly see state and federal consumer class actions in this area, but we’re also seeing a very unique type of claim, AAA, American Arbitration Association arbitration claims that are brought as a mass arbitration. Who would like to tackle the advent of mass arbitration claims brought in the consumer privacy context?

Leano

I suppose I can. So we are seeing very much an influx of mass arbitrations, and what that entails is we’ll see some repeat names in the plaintiffs’ bar who, you know, will file 10, 15, 20 demands for arbitration with an arbitration association like the AAA or JAMS, and it’s a very simple process to initiate a lawsuit there. You just fill out a form. You can give a short summary of the claims. So we’ll see a violation of CIPA, a violation of the Federal Wiretap Act, and the claimant can file the claim with the AAA, and it eventually makes its way to the defendant. In theory, the consumer arbitration process is meant to be a cost effective, and you know, streamlined way to litigate disputes. But we’re seeing the companies who have arbitration provisions incurring significant fees with the AAA or JAMS, the company will end up footing the bill for an arbitrator’s fee, administration fees, and it can be very difficult to manage a lot of these claims and it can be very expensive. It’s very difficult to get arbitrations consolidated or combined, so you may end up with a company that has, you know, as many from 5 to 20 to 30 identical actions pending against them brought by the same firm with different claimants and they’re all on different tracks and they’re all incurring fees for arbitrators, for administration. So it can be a very expensive process. Certainly there’s benefits to arbitration, moving faster, you know you are not going through the court system where there can be delays. But the downside is also dealing with mass arbitrations where you’re incurring a significant amount of fees just to administer the disputes, and it tends to be very costly for the companies. Whereas for the consumers it’s very simple, they don’t incur as many fees to process the dispute, and so that’s what we’ve been seeing Kent.

Schmidt

Deb or Austin, anything you want to add on mass arbitrations dealing with clients that are facing these types of claims being filed?

Howitt

Yes, so many companies have had class action waivers in their website terms of use, but it’s also important to think about the possibility of mass arbitrations, and extend the waiver and the language in the terms of use or other applicable notices and agreements to cover mass arbitrations as well. This wasn’t as much of an issue in the past as it is now and many of our clients are seeing multiple claims and mass arbitration claims from these plaintiffs’ firms, and so we definitely recommend addressing those as well to the extent possible.

Schmidt

And there are ways to address this risk relating to mass arbitration claims in website terms and conditions, so that’s something to think about, not just making sure that the consumer class action waiver will meet the standards and be enforceable. So this is again a very dynamic and evolving area. Well, with that, I’d like to turn to the segment of our show that we call the deeper dive, and learn a little bit more about each of you. And today, we’d like to talk about travel. We’ll begin with you, Deb, because I know from some of our prior interactions that you recently took a very interesting trip to Italy. One of my favorite locations. But you didn’t do just the typical sightseeing that most people do in Italy. Tell us what you did and saw in Italy.

Howitt

Yes, so it was an incredible trip. My family and I went on a hut to hut hiking trip in the Dolomites in northern Italy. And I love hiking, I love being out in nature, it’s truly my passion. And on this trip, there’s a well-marked trail called the Alta Via 1, there’s actually a series of these Alta Via trails and these huts you can reserve in advance, and it’s sort of like an extremely rustic B&B, hostel type of arrangement where you show up and you can have a hot meal and a glass of wine or a beer and sleep in an actual bed. And it’s a really nice way to travel. The scenery is incredible. Met so many interesting people. You get to know people who are on sort of the same schedule as you, you know, going down the trail for 10 days. And even when it’s really challenging, it’s nice because, you know, you have to get to your destination. That’s where you’re sleeping, so you just keep going.

Schmidt

And I’m sure after however many miles you traverse, no matter how primitive or rustic the bed is, you sleep really well at night?

Howitt

Oh yes, absolutely.

Schmidt

And how was the food? It’s somewhat rustic, as you say, I’m sure the food was phenomenal, huh?

Howitt

Oh, the food was great. I mean, anywhere in Italy, the food is incredible. But yeah, it’s unexpected to be sort of out in the middle of nowhere, and you show up in this very remote location and get your, you know, pumpkin gnocchi and some delightful red wine.

Schmidt

Well, yeah, I think it’s hard to have a bad meal in Italy.

Howitt

Yes.

Schmidt

You have to work at it. Austin, let’s turn to you going to a different hemisphere. I understand that you have recently gone to Mexico, and tell us about those journeys.

Chambers

Yeah, sure. So we just took the family down for a quick couple week trip after Christmas this year. We went down to Merida, Mexico. It’s out in the Yucatan, but on the other side of the peninsula, so a lot of people, you know, fly into Cancun and you know, do the Riviera Maya down there kind of on the eastern side of the peninsula. So Merida is the old colonial city on the west side. Really interesting place honestly, a ton of history. Was kind of one of the very rich trading cities during the Spanish colonial period in Mexico, so it’s kind of got this interesting mix of the colonial history, but it’s also alongside a lot of the old, obviously there was a lot of Maya in the area previously, so a lot of interesting Mayan ruins, Chichén Itzá is near there, but aside from Chichén Itzá there’s also a handful of other smaller, maybe lesser well known Mayan ruins and temples and pyramids and what have you. So we spent a couple weeks down there. Kind of traveling around, going to the beach, going to some ruins. Obviously eating the food and if you’ve never had food from the Yucatan, it’s a little bit different from you know sort of your traditional Mexican food and red enchiladas and what you might know from the northern Mexican type cuisine. Really interesting sort of Caribbean vibe to the food, and like a lot of interesting new different dishes, and it was fantastic.

Schmidt

Well, indicating where my priorities are when I travel. I’m always interested in what the food is. So Jessica, let’s conclude with you, travels either where you’ve been or your bucket list of where you feel like you have to get to.

Leano

Bucket list, definitely. So I guess a fun fact about me is I’m one of those oddballs who likes homework and likes going to class and misses law school. So for the past two years I’ve been taking Korean classes trying to learn Korean language. It’s a lot of fun. It’s an adult class, once a week. I will not speak any right now, but I would love to go to Korea and, you know, go with some of my classmates and just experience a lot of different places, and see if my language skills can take me far enough to not get too lost. So I’d love to go to Seoul and see a lot of the famous landmarks, and then there’s one particular place called Jeju Island. You would say Jeju-Do, which is an island about a couple hours away from Seoul. It’s just this beautiful green island that’s on its own. Has hot springs, and then if we’re looking at, you know, the foodie aspect of it, they have this pork there that’s really interesting, kind of a funny famous pork dish which I would love to try. And it’s just an island, so there’s all kinds of fresh seafood and I see on my Food Network shows there’s just all kinds of things to eat and try. So hopefully one day I can get there.

Schmidt

Well, that’s fantastic. I didn’t know you were working on adding that language to your impressive list of skills and accomplishments, so congratulations to that and hope you can get there in the not too distant future. Well, with that, I’d like to thank each of you for being here. I think it’s been a great discussion on these emerging litigation risk and website browsing consumer activities. Is there anything that one of you would like to summarize in terms of the main take away from all of this?

Howitt

Companies need to pay attention to any new features or technologies they’re putting on their websites, such as chat bots, adding video, anything new, new pixels, or tracking or cookies, and speak with your attorneys to find out what you can do to mitigate the risks of litigation associated with these technologies. Because the plaintiffs’ firms are coming at these fast and furiously and they’re very creative in their arguments.

Schmidt

Well, thanks each of you for being here. It’s been a very interesting discussion and I would think this will be a great benefit to our listeners of SharkCast. As always, I’m indebted to the extraordinary team at Dorsey for making this podcast and episode possible. For more resources on this and other litigation risk, go to litigationrisk.com, where more information can be found, including a book on managing litigation risk written by yours truly. Until next time, my friends, this is yet another reminder that there are a lot of sharks swimming out there in the murky waters, so swim safely.

Voiceover

This podcast is not legal advice and does not establish an attorney-client relationship, or create any duty of Dorsey & Whitney LLP for those appearing in this podcast to anyone. Although we try to assure that the content of this podcast is accurate, comprehensive and reflects current legal developments, we do not warrant or guarantee those things. The opinions expressed in this podcast are the opinions of those appearing in the podcast only, and not those of Dorsey & Whitney. This podcast is considered attorney advertising under the applicable rules of certain states.