Almost every business has a website; every website should have a privacy policy, terms of use, and, in some cases, a consumer privacy rights notice—if certain state consumer privacy rights laws apply to your business, such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively CCPA). What about a cookie policy? Or a cookie consent banner? Or a cookie preferences pop-up? If you haven’t looked at what types of ad tech your website uses—i.e., cookies, pixel tags, device IDs, and browser fingerprinting technologies that collect data about user behavior across multiple devices and platforms, which are essential for targeted advertising online—now is the time.
“Trap and trace” litigation and private demands for damages related to online tracking have risen significantly. “Trap and trace” litigation is related to the ad tech used on websites involving online trackers that plaintiffs’ attorneys liken to “pen registers” under state wiretap laws. These technologies allegedly collect website users’ device information and activities without their consent, which plaintiffs’ attorneys argue constitutes unauthorized interception of electronic communications under various wiretap laws. Here are some key considerations to assess your company’s website and ad tech:
- Unauthorized Interception: the use of third-party trackers in ad tech is being construed as an intentional interception of electronic communications, similar to how pen registers and trap and trace devices operate by capturing dialing, routing, addressing, or signaling information.
- Unauthorized Interception: the use of third-party trackers in ad tech is being construed as an intentional interception of electronic communications, similar to how pen registers and trap and trace devices operate by capturing dialing, routing, addressing, or signaling information.
- Legal Risks: the use of such technologies without clear consent or transparency can lead to legal and reputational risks for your business, not to mention demands from plaintiffs’ attorneys seeking quick settlement in this unsettled area of the law, as well as class actions seeking millions of dollars in damages.
- State Wiretap Laws: state wiretap laws, such as California’s Invasion of Privacy Act and Massachusetts’s Wiretap Act , have been adapted to address online tracking methods. These laws prohibit unauthorized interception of electronic communications, and plaintiffs’ attorneys are alleging that using online trackers could potentially violate these laws.
- Privacy Rights: the use of certain ad tech may also constitute a privacy rights violation under state consumer privacy rights laws, like the CCPA.
- Impossibility of Obtaining Prior Consent: the way most ad tech is set up to function means that website users’ data and activity are tracked instantaneously upon visiting the website, which prevents the business from obtaining prior consent (i.e., acceptance of website cookies) before the tracking begins. Knowing how to program your website’s ad tech properly is vital in steering clear of these claims and lawsuits.
Overall, the intersection of ad tech and “trap and trace” demands and litigation highlights the importance of understanding and complying with privacy laws and obtaining explicit consent from website users when collecting and using their data. Now is the time to evaluate your website, privacy policy, terms of use, and consumer privacy rights notices to confirm compliance with the ever-changing landscape of state and federal laws, while also finding balance between meeting your marketing team’s needs and your website users’ experience. Take action to avoid this trap.