Covington & Burling LLP

01/22/2025 | News release | Distributed by Public on 01/23/2025 22:22

Pennsylvania Court Dismisses A Trio of Defendants in Website Wiretapping Suit Challenging Email Marketing Program

A Pennsylvania court recently dismissed a wiretapping complaint filed against a trio of defendants for lack of Article III standing, lack of personal jurisdiction, and failure to state a claim in Ingrao v. Addshoppers, Inc., 2024 WL 4892514 (E.D. Pa. Nov. 25, 2024).

The two plaintiffs in this case contended that Defendant AddShoppers runs a marketing platform called "SafeOpt" that collected data about the plaintiffs' website activity and then used that data to send them targeted email advertisements. Among the data allegedly collected was the plaintiffs' "personal information, such as their email addresses," on websites operated by the other two defendants, Nutrisystem and Vivint. The plaintiffs filed suit against the three defendants, asserting wiretap claims under the Pennsylvania Wiretapping and Electronic Surveillance Control Act ("WESCA") and the California Invasion of Privacy Act ("CIPA").

The Court granted the defendants' motions to dismiss "in their entirety," outlining three different grounds for dismissal.

  • No Alleged Concrete Harm Sufficient to Confer Article III Standing. The plaintiffs failed to allege the collection of "private or personal information" sufficient to establish a concrete injury required for Article III standing. Instead, "the only information of Plaintiffs that Defendants are alleged to have collected are their internet browsing activities and email addresses." Although the plaintiffs argued that "other, more personal information" was collected, the Court reasoned that this assertion was "mere speculation" because "they fail[ed] to plead with specificity what this personal information consists of."
  • No Personal Jurisdiction Over Addshoppers. The plaintiffs also failed to establish personal jurisdiction over Addshoppers. No one disputed that the North Carolina company is not subject to general jurisdiction in Pennsylvania. Addshoppers is also not subject to specific jurisdiction in Pennsylvania, the Court reasoned, because the plaintiffs "fail to point to specific activity indicating that Defendant Addshoppers expressly aimed its tortious conduct at Pennsylvania." Relying on a favorable Third Circuit decision that Covington secured for FullStory last year (Hasson v. FullStory, Inc.), the Court reaffirmed that "a software company" like Addshoppers "does not expressly target Pennsylvania simply by providing code for a website that is accessible there."
  • No Collection of Contents. Finally, the plaintiffs failed to allege the collection of their website communications' "contents" within the meaning of CIPA and WESCA. Rather, the data allegedly acquired consisted of information about their communications, such as the "dates and times" that the plaintiffs visited certain websites. According to the Court, this type of information is the "cyber analog" to non-actionable "record information" that "could have been obtained through a security camera at a brick-and-mortar store."

While this decision is not novel, it reaffirms many of the established defenses that defendants facing similar wiretapping lawsuits should consider raising when challenging a complaint in a motion to dismiss.