CIPA problems are continuing to bubble up for an online retailer.

In Rodriguez v. Aquatic Sales Solutions, LLC 2024 WL 2804097 (C.D. Cal. May 29, 2024), the Plaintiff claimed that she visited the Defendant’s aquarium supplies website and the chat feature on the site was eavesdropped by Zendesk. Defendant allegedly “allowed Zendesk to ‘embed…code into the chat feature’ such that ‘whenever a consumer chats via [d]efendant’s Website, the chat is routed through Zendesk’s servers [so that Zendesk may] simultaneously collect a transcript..along with other user data…for later access.’”

Defendant moved for dismissal for failure to state a claim.

As a reminder, CIPA offers four avenues of relief under Section 631(a):

1. Where a person by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection…with any telegraph or telephone wire, line, cable, or instrument
2. Where a person willfully and without consent of all parties to the communication, or in any unauthorized manner, reads or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit”;
3. where a person “uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained”; and
4. where a person “aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the acts or things mentioned above.”

In response to Defendant’s argument, Plaintiff stated that the chat provider violated that the first, second and third avenues of relief. As a result of those violations, the fourth avenue of relief is therefore actionable against the Defendant.

The court found that Plaintiff has sufficiently alleged that Zendesk acted as a third-party eavesdropper. Since Zendesk allegedly uses its recordings for “data analytics and marketing/advertising to consumers”, Zendesk acting as more than the “proverbial tape recorder.” 

Because Plaintiff has sufficiently alleged that Zendesk is a third-party eavesdropper, the court then found the Plaintiff also sufficiently alleged that Zendesk was intercepting the communications in transit. The fact Plaintiff alleges that Zendesk routed the communications through Zendesk’s own servers was found to be sufficient to suggest that the alleged interception occurs while the communication were still in transit and were sufficient to adequately plead that Zendesk was violating the second clause of section 631(a).

On the third clause liability can be imposed on any person “who uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained.” The Court found that since the Plaintiff adequately pled the second clause, the third clause was also met because Zendesk used the information, specifically in its allegations that Zendesk provided intercepted chat transcripts to Meta.

And finally, for Defendant, since their third-party (Zendesk) is alleged to violate the second and third clauses, that was sufficient to suggest Defendant violated the fourth clause by aiding and abetting.

Again, website operators HAVE to understand how plug-ins and other service providers are using the data. Failure to understand leaves the operator open to a significant amount of risk from CIPA claims.