Because the session replay provider collecting the data is often a third-party vendor, plaintiffs’ attorneys across the country are filing class action lawsuits alleging that companies are violating state wiretapping and privacy laws by using session replay software to collect and share website visitors’ data. Central to these lawsuits is the argument that a visitor’s interactions with a website, regardless of whether any text or words are captured, constitute “communications,” which are being illegally intercepted without that visitor’s consent. Given the damages framework built into many state wiretapping statutes—which can include statutory damages for each and every “violation,” punitive damages, and attorney fees—the potential exposure in a class action of this nature can be significant. In addition, because wiretap statutes are often criminal statutes, such class action lawsuits also create the risk of criminal exposure and potential reporting requirements, as well as public relations issues.
Preventative Measures for Avoiding Session Replay Lawsuits
Companies can help protect themselves from class action wiretap lawsuits related to session replay software and other website analytics tools by taking action to improve transparency with their consumers, including the following:
Create or Update Privacy Policies
Your company may require its customers to accept a user agreement before engaging with your website, submitting information, and/or completing a purchase. The user agreement can set the standard for potential dispute resolution with the customer, potentially including a provision requiring that disputes be addressed on an individual basis through arbitration rather than class action litigation. It can also establish a particular forum for any disputes to decrease the chances of being sued in multiple jurisdictions across the country.
A pop-up banner that users must click to indicate that they agree with your company’s data collection practices can be an effective tool for establishing that the user consented to the collection and use of their information.