Last week, the United States Court of Appeals for the Third Circuit denied rehearing en banc in a case about the application of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (“WESCA”), 18 Pa. C.S. § 5701 et seq., and issued an amended opinion to “clarify issues raised” by the defendants—an online retailer and an internet marketing company. The order leaves in place the Third Circuit’s August 2022 judgment in favor of the plaintiff consumer, which held that, dependent on further fact finding, defendants may be liable under WESCA for “intercepting” the consumer’s interactions with the retailer’s own website.
The District Court granted summary judgment in favor of the defendants by holding that (i) NaviStone could not have “intercepted” communications under WESCA because it was a direct recipient of the communications and (ii) NaviStone acquired any communications in Virginia, where its servers are located, not Pennsylvania.
The Third Circuit, however, vacated and remanded the District Court’s grant of summary judgment.
As more fully addressed in the amended opinion, the Third Circuit held that a 2012 amendment to WESCA—which added an “intended recipient” exception to the definition of “intercept,” but only for law enforcement officers—meant that the defendants could not “avoid liability merely by showing that [plaintiff] unknowingly communicated directly with NaviStone’s servers.”
The Third Circuit also held that the situs of an online “interception” under WESCA is not where the servers are located, but “the point where [defendant] routed th[e] communications to its own servers.”
As the defendants’ rehearing briefing noted, Popa has already proven to be a significant case for the plaintiffs’ bar in Pennsylvania. Since the Third Circuit’s original opinion in August, over ten cases alleging similar WESCA violations have been filed in federal courts in Pennsylvania. See Defendants’ Fed. R. App. P. 28(j) Letter, Popa v. Harriet Carter Gifts, Inc., No. 21-2203 (3d Cir. Sept. 23, 2022), ECF No. 82-1 (collecting cases). Most notably, this decision has spawned more complaints involving the use of session replay software, an emerging privacy litigation field. Because session replay software is frequently used by the operators of commercial websites to enhance the experience of website visitors, it is broadly used across industries—making many take note of the rise in claims and accompanying litigation risk.
For more on this developing area of privacy litigation and other related topics, stay tuned. CPW will be there to keep you in the loop.