In a victory for online retailers, a New York federal court recently dismissed three putative class action lawsuits brought on behalf of website visitors whose mouse clicks, keystrokes, and electronic communications were tracked by a third-party marketing company. The cases were filed against three e-commerce retailers—Casper (a mattress manufacturer and retailer), Tyrwhitt (a men’s clothing company), and Moosejaw (an active outdoor retailer)—and against a marketing company named NaviStone. NaviStone offers computer code that allows e-commerce retailers to determine the identities of consumers who visit their websites and track their online behavior. The plaintiff alleged that the code offered by NaviStone, and embedded in the retailers’ websites, functioned as an illegal wiretap enabling the retailers and NaviStone to “spy” on website visitors in real time as they browse. The lawsuits alleged violations under the federal Electronic Communications Privacy Act (ECPA), the federal Stored Communications Act (SCA), and New York General Business law (NYGBL).

In dismissing the lawsuits in their entirety, the Southern District of New York notably found plaintiff’s case failed under all three laws:  the ECPA, the SCA, and the NYGBL. First, the Court held that the plaintiff’s ECPA claims failed, among other reasons, because the statute requires only one party to consent to the interception of electronic communications, and the online retailers clearly consented to NaviStone’s activities. Second, the Court held that the SCA regulates only electronic communications that are temporarily stored by electronic communications services (such as an ISP) incidental to their transmission; and, therefore, the SCA does not apply to communications stored on an individual’s personal device.  Finally, and significantly, the Court dismissed plaintiff’s NYGBL claims because an alleged general invasion of privacy—without more—does not qualify as a cognizable injury under New York law sufficient to confer standing to sue under the NYGBL.

Putting it Into Practice: Despite having dismissed the lawsuits in their entirety, the Court acknowledged that defendants’ conduct raised “troubling privacy concerns,” leaving the door open -potentially- for the similar claims to be brought under different causes of action.  Online retailers should keep courts’ potential unease in mind when using tracking software, and should be mindful of how the use of such tracking software is disclosed and represented to consumers who visit their websites.