A consumer is suing Papa John’s, but not for the pizza, but rather for allegedly violating the US Wiretap Act by watching how he used the pie-slinging website.
By utilising so-called session replay software on its website, the titan of greasy wheels is said to have broken wiretapping laws. In addition to retrieving pages and placing orders, this programme reportedly records and calls home every action a user takes on the website.
For instance, it allegedly informs Papa John’s of mouse movements, clicks, and keystrokes used on the page
This information can be utilised to identify the points at which users get lost, bail out of a sale, get stuck, etc.
Due to their indiscriminate data collection, occasionally lax security, inability to obtain user authorization to track and store this data, and analysts watching your every action to see how they can improve their websites and increase sales, session replay programmes have raised privacy concerns.
About the other hand, considering all the other tangible information a website may have on you, such as name, email and home address, date of birth, orders made, payment details, etc., you might not think it is all that concerning.
We should point out that Intel has experienced a similar legal battle because of the technology.
This week, Papa John’s was the target of a lawsuit [PDF] filed in a federal district court in southern California. The proposed class-action lawsuit accuses Papa John’s of going too far with their session replay software and breaking both the Wiretap Act and the California Invasion of Privacy Act (CIPA).
The case, filed by David Kauffman of San Diego, claims that the “session replay” technology is “purportedly used to monitor and uncover faulty website functionality; nonetheless, the extent and information acquired by users of the technology… substantially surpasses the stated objective.”
Although the software, or “spyware,” as he called it, that Papa John’s allegedly deployed isn’t specifically mentioned in his complaint, he maintains that such code is unlawful.
In addition to $2,500 in statutory damages for each violation of CIPA, the lawsuit demands “the greater of $10,000 or $100 per day for each violation” of the Wiretap Act. Unfortunately for Papa John’s, if found at fault, they might be on the hook for a sizable sum of money. Although Kauffman’s attorneys are unsure of the exact number of class members the complaint includes, they think “millions” were secretly monitored.
When Papa John’s responds to our inquiry regarding the lawsuit, we’ll update this report.
Respect for privacy cannot be baked into a pizza.
It may be argued that Papa John’s leaves a lot out of their pizza, such flavour, yet the fast food business was previously fined £10,000 ($11,100) in the UK for sending advertising text messages to customers without their express authorization.
Papa John’s was accused of misusing the “soft opt-in” exception under the Privacy and Electronic Communications Regulations of Great Britain, which allows businesses to utilise consumer data acquired during a sale to send marketing communications, but only if the client is given the chance to opt-out first. Papa John’s fell short in that regard.
Papa John’s wouldn’t be the first business to be charged for using session replay code in US courts.
Numerous lawsuits have been brought in Florida and California against businesses who allegedly used the technology that was integrated in their websites for illegal purposes.
The Ninth Circuit Court of Appeals issued a decision in June that, according to The National Law Review, opened the door to a flood of new session replay lawsuits in California using the same legal justification used in the Papa John’s case, despite the fact that many cases brought in Florida in recent years have been dismissed.
Could Papa John’s have gotten out of this mess? Maybe by just discarding it, as The National Law Review suggested: