In an earlier piece, we discussed the increase in recently-filed California Invasion of Privacy Act (“CIPA”) TikTok trap and trace device lawsuits. Generally, TikTok trap and trace actions allege that the use of TikTok tracking code and/or scripts on consumer-facing websites, without user consent, violates CIPA’s trap and trace regulations. Unfortunately, a recent decision from a California federal court added fuel to the continued proliferation of these claims. We discuss the decision in greater detail below.
Court Denies Dismissal of TikTok Trap and Trace Claim
CIPA defines a “trap and trace device” as a “device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” In Conohan v. Rad Power Bikes Inc., Plaintiff alleged that Defendant’s website utilized TikTok code and scripts to trap and trace his personal information. Specifically, Plaintiff alleged that Defendant embedded TikTok software to gather certain information of visitors to Defendant’s website, including: (1) device and browser types; (2) locations; and (3) referral URLs. By collecting this information, Plaintiff alleged that TikTok could compare the data with profiles in its database to identify visitors to Defendant’s website. Defendant filed a Motion to Dismiss the Complaint on several grounds, including that CIPA’s trap and trace restrictions do not apply to the technology used on Defendant’s website.
The Court denied Defendant’s Motion to Dismiss and found that Plaintiff plausibly alleged that the TikTok software is a trap and trance device under CIPA. Citing two California federal court cases, the Court held that “[p]laintiff’s allegations that the TikTok Software is embedded in the Website and collects information from visitors plausibly fall within the scope of [CIPA].” The Court also rejected Defendant’s argument that Plaintiff’s claims “effectively seek to criminalize the Internet” because most websites employ tools similar to that of the TikTok software. The Court determined that its job is limited to interpreting CIPA as drafted by the California Legislature. Relying on a Northern District of California case, the Court explained that questions about CIPA’s scope and whether it should be narrowed are for the Legislature, not the Court, to determine.
CIPA’s trap and trace provisions impose heavy monetary penalties on offenders. The statute permits the recovery of: (1) $5,000 per violation; or (2) three times the amount of actual damages, if any; and (3) injunctive relief. More often than not, CIPA lawsuits are filed on a class action basis, which dramatically increases potential exposure and liability for companies. Decisions like Conohan only embolden the plaintiffs’ bar to continue filing CIPA lawsuits asserting TikTok trap and trace device claims.
Determining whether your company complies with CIPA, and other federal and state privacy laws, requires hiring experienced counsel.
[View source.]
