In a big improvement within the ever-expanding world of privateness class actions, earlier this month a federal choose in Florida denied dismissal of a web site privateness declare introduced below the Florida Safety of Communications Act (FSCA). For years, Florida courts have been reluctant to search out that this 50-year-old wiretapping statute might be utilized to third-party applied sciences that analyzed client habits on web sites. When a wave of privateness class actions was filed below the FSCA just a few years in the past, the claims have been virtually uniformly rejected, because the courts discovered that the knowledge allegedly intercepted by web site applied sciences had little resemblance to the contents of a wiretapped phone name. However on March 6, a district court docket within the Center District of Florida took a brand new take a look at a number of the newest web site applied sciences and, in doing so, could have thrown the FSCA again into the combo of decades-old statutes that pose new risks to consumer-facing web sites.
In W.W. v. Orlando Well being, Inc.,1 a plaintiff introduced a putative class motion alleging that she, as a affected person of the defendant hospital group, had used the defendant’s web site and shared non-public medical info to obtain healthcare providers. In keeping with the plaintiff, this web site used “monitoring applied sciences” developed by social media corporations and others that have been intercepting her communications and utilizing them for promoting functions unrelated to her well being, with out her consent. The plaintiff claimed that these applied sciences violated state and federal wiretapping statutes, together with the FSCA and the federal Wiretap Act, as amended by Digital Communications Privateness Act (ECPA) of 1986.2
These kinds of putative class actions aren’t new — a whole bunch have been filed lately, and Sidley has defended dozens of those circumstances and has provided steering to corporations on the best way to keep away from these lawsuits.3 However most of those lawsuits have been introduced below statutes akin to California’s Invasion of Privateness Act or the federal Video Privateness Safety Act. In these circumstances, courts have been keen to interpret these decades-old statutes as relevant to web sites or cell functions. The FSCA is never invoked in such circumstances. In reality, when the plaintiffs’ bar out of the blue started submitting quite a few FSCA circumstances based mostly on alleged web site privateness violations just a few years in the past, Florida courts repeatedly dismissed these circumstances.
Within the first significant determination involving these theories, Jacome v. Spirit Airways, Inc.,4 a Florida state court docket discovered that the FSCA couldn’t be utilized to “session replay” applied sciences on web sites. Though these applied sciences allegedly recorded mouse clicks, actions, keystrokes, and different info submitted on web sites, the court docket discovered that they weren’t intercepting the “contents” of the plaintiffs’ interactions with web sites. Florida federal courts discovered this reasoning persuasive, and comparable theories of alleged privateness violations on consumer-facing web sites have been constantly rejected within the following 12 months.5
In Orlando Well being, the district court docket discovered that the alleged pixel monitoring applied sciences allegedly working on the healthcare group’s web site have been completely different from the session replay applied sciences rejected by these courts. The court docket decided that based mostly on the allegations, these pixel monitoring applied sciences intercepted extra than simply “keystrokes” and “search phrases.” They allegedly shared the content material of web site customers’ communications with third events, together with info that reveals a “substantive message” about their well being considerations. The court docket noticed that quite a few district courts in different states had reached comparable conclusions concerning these applied sciences, however that these selections didn’t contain the FSCA and have been decoding completely different wiretapping statutes. In the end, the court docket concluded that the allegations raised “extremely technical questions” concerning the info allegedly disclosed, which couldn’t be resolved on a movement to dismiss.
It might sound laborious to sq. the end result in Orlando Well being with the rulings from just a few years earlier in Jacome and Goldstein, amongst others. In these circumstances, the session replay applied sciences additionally allegedly intercepted “info inputted by Plaintiff” and the “pages and content material seen by Plaintiff.”6 These allegations don’t seem altogether completely different from the URL info allegedly disclosed by pixel applied sciences in Orlando Well being. Nevertheless, whereas Florida courts decoding the FSCA have been beforehand reluctant to search out that technical web site communications might be thought of substantive content material ample to set off wiretapping legal responsibility, Orlando Well being reveals how these selections could also be reconsidered in gentle of newer web site applied sciences and the nonstop wave of putative class actions difficult these applied sciences. These developments additionally underscore the significance of evaluating, inventorying, and managing web site applied sciences to establish and handle privateness threat.
1No. 6:24-cv-1068-JSS-RMN, 2025 WL 722892 (M.D. Fla. Mar. 6, 2025).
218 U.S.C. § 2511(1).
3See When Acronyms Assault: Future-Proofing Your Web site from CIPA, CDAFA, ECPA, and VPPA Privateness Class Actions, out there at https://www.sidley.com/en/insights/occasions/2023/09/when-acronyms-attack.
4No. 2021-000947-CA-01, 2021 WL 3087860 (Fla. Cir. Ct. June 17, 2021).
5See, e.g., Goldstein v. Luxottica of Am., Inc., No. 21-80546-CIV, 2021 WL 4093295 (S.D. Fla. Aug. 23, 2021) (similar), report and advice adopted, No. 21-80546-CIV, 2021 WL 4125357 (S.D. Fla. Sept. 9, 2021).
6Jacome, 2021 WL 3087860, at *4.
