Hi CIPAWorld! The Baroness here. And I have a new interesting putative class action that was just filed.

Noah Bender v. Twilio, Inc. filed in the Northern District of California.

This one is about eavesdropping on consumers’ “sensitive” in-app communications.

Some background.

Twilio has developed a software development kit called Segment.

Software developers can integrate Segment into their applications to collect data on a consumer, including, but not limited to, search terms, search results, keystrokes, button presses, page views, and consumers’ names and email addresses.

On information and belief, the Complaint alleges over 11,000 mobile app developers have integrated Segment. And the apps that have integrated Segment are across the board—shopping, productivity, gaming, and even mental health apps.

Segment uses the data to gather insights and analytics regarding a consumer and uses the data it collects across various apps and websites to create a unified profile about a consumer.

I wonder what this “profile” looks like.

Once Twilio obtains this data from Segment, it applies its atificial intelligence algorithms to the consumer profile in a process called “Predictive Traits.” The Predictive Traits algorithm allows Twilio to predict a consumer’s “propensity . . . to make a purchase,” “[p]redict a customer’s future spend over the next 90 days,” and even “[p]roactively identify customers who are likely to stop using [a] product” among other behavioral predictions.

And it doesn’t end there.

Twilio has created a platform that allows sharing of the data it harvested with even more unknown third parties. Well that’s fun. For example, Twilio created integrations to share consumer data with marketing and advertising platforms such as Facebook Ads, Google Ads, TikTok Ads, and Snapchat Ads.

So, in this case, Plaintiff Noah Bender downloaded and used the Calm mediation app on his cell phone.

I’m pretty sure a lot of you folks are familiar with this app.

The developers of the Calm app embedded Segment into its app which allowed Twilio to intercept communications between Plaintiff and Calm such as Plaintiff’s keystrokes, button presses, search terms he input into the Calm app, the results of his searches, page views, his name, email address, information about which app(s) he uses, device IDs, and fingerprint data.

Basically everything.

Plaintiff alleges he did not grant permission or otherwise consent to the collection of his information from Twilio.

Based on this alleged violation, Plaintiff seeks to represent two classes:

Class: All individuals who downloaded and used an app on their mobile device (1) with Twilio’s Segment SDK embedded into the app and (2) that did not publicly disclose “Twilio” in any of the app’s notices or disclosures.

California Subclass: All California residents who downloaded and used an app on their mobile device (1) with Twilio’s Segment SDK embedded into the app and (2) that did not publicly disclose “Twilio” in any of the app’s notices or disclosures.

Plaintiff sues Twilio for (1) Violations of the Wiretap Act, 18 U.S.C. § 2510, et seq.; (2) Violations of the California Comprehensive Computer Data Access and Fraud Act, Cal. Penal Code § 502; and (3) Violations of the California Wiretap Act, Cal. Penal Code § 631.

As this case was just filed yesterday, the case is still in its early stages. It will be interesting to see what Twilio does in response to the Complaint. We will keep a close eye on this one.

Read the full Complaint here.