Plaintiff's Acceptance of Website Cookies Bars Her CIPA Claims, Says JetBlue
Plaintiff Anne Lightoller’s “cut-and-paste job belies the lack of merit to her claims,” said JetBlue’s Tuesday motion to dismiss (docket 3:23-cv-00361) a privacy case in U.S. District Court for Southern California in San Diego.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Lightoller’s allegations that JetBlue used technology from FullStory to record her mouse movements, clicks and keystrokes of websites she visited is one of 10 “cookie-cutter” suits filed by law firm Hausfeld before Lightoller filed her claims in the JetBlue case, said the motion. Lightoller is a plaintiff in a similar California Invasion of Privacy Act (CIPA) lawsuit filed against The Cheesecake Factory in February, alleging the company recorded her interactions on its website using session replay code that intercepted and recorded her electronic communications (see 2302150008).
Hausfeld has filed 17 lawsuits over the past nine months with “near verbatim factual allegations, said the motion. All the suits arise from "a website operator’s alleged collection of innocuous information that plaintiffs claim -- merely swapping in different parties and websites -- constitutes an unlawful wiretap and invasion of privacy," JetBlue said.
Lightoller didn’t inform the court that before she accessed the JetBlue website she “affirmatively allowed” the airline to place a cookie on her browser to collect “the information she complains about,” said the airline. Website visitors are presented with a pop-up banner they must acknowledge before they can use the website that tells them the company values their privacy and “we use cookies to provide a user-friendly experience, analyze website traffic and offer you personalized advertising,” it said.
Plaintiff had the option to “accept all cookies” or “manage cookies,” the motion said. She had the option under "managing cookies" to turn off “functional cookies,” JetBlue said. “Assuming Plaintiff’s claims are true and JetBlue recorded her website interactions with FullStory’s software, that recording occurred because she accepted the recording," it said. Plaintiff’s consent to the recording “is a complete bar to her claims,” it said.
Lightoller hasn’t alleged an Article III injury-in-fact necessary to maintain suit in federal court, JetBlue argued, saying a “bare procedural violation” of CIPA, without accompanying harm, is “insufficient.” Her CIPA claims are preempted by the Airline Deregulation Act, it said, saying various courts have said state law privacy claims arising from the information an air carrier collects in the course of providing ticketing and reservation services are “preempted under the ADA.”
Plaintiff’s CIPA claim also fails because California Code of Civil Procedure doesn’t prohibit a party to a communication from using a tool to record it, and the section doesn’t apply to internet communications, said the motion. CIPA, it said, prohibits only the interception of the contents of a communication acquired while in transit, not when accessed from “electronic storage,” and Lightoller alleges communications “landed on the server” supporting JetBlue’s website, it said. Her allegations don't qualify as an “interception” under any law, it said.
Lightoller's intrusion upon seclusion claim fails because she had no reasonable expectation of privacy “in the innocuous information she provided to generate flight prices,” said the motion, and JetBlue’s acquisition of information she voluntarily provided “is not an egregious breach of social norms.”