In recent years, website operators have increasingly used chatbots to improve customer engagement and provide customer support. In the past several months, however, the plaintiffs' bar has expressed concerns about the privacy implications of these chatbots, and has brought a wave of litigation challenging their use under the California Invasion of Privacy Act (CIPA).
Broadly speaking, CIPA prohibits the use of any device to eavesdrop on or record a conversation without the consent of all parties involved. These lawsuits allege that the chatbot technology “eavesdrops” on and “records” the chat conversations in violation of the law, and that the website operators employing the technology aid and abet those violations. Because statutory penalties under CIPA are $5,000 per violation, these lawsuits, which assert claims on behalf of a class, present potentially outsized results, creating early settlement leverage for the plaintiffs. But risk and leverage depend not just on potential monetary exposure, but also on the likelihood of those consequences occurring.
Thankfully, in a string of recent decisions, courts are pushing back on these and similar claims, dismissing them at the pleadings stage. See Williams v. What If Holdings, LLC, 2022 WL 17869275, (N.D. Cal. Dec. 22, 2022); Arisha Byars v. Hot Topic, Inc. et al., No. EDCV221652JGBKKX, 2023 WL 2026994, at *1 (C.D. Cal. Feb. 14, 2023); Licea v. Cinmar, LLC, No. 22-6454-MWF (C.D. Cal. Mar. 7, 2023); Licea v. America Eagle Outfitters, Inc., No. 22-1702-MWF (C.D. Cal. Mar. 7, 2023).
As a general matter, courts are finding that a party to a conversation cannot “eavesdrop” on that conversation. As a result, a website operator can use a chat feature to enable and store a conversation with one of its users without “eavesdropping” on that conversation. The fact that the chatbot technology is provided by a third-party software developer is irrelevant when the software is being used solely for the website's operation and benefit. In that case, the software is not a third-party interloper, listening in with its ear pressed against the door. It is only when the third-party software takes the information from the chat and uses the information for its own purposes that it may become an unlawful eavesdropper.
Although these decisions may cause the recent wave of litigation to recede, the plaintiffs' bar is regrouping and considering new tactics and strategies, so continued vigilance is definitely warranted. Beyond that, these litigations underscore the importance of understanding the legal implications of using chatbots and similar technology in a business context. While technology can be a powerful tool for improving customer engagement and support, businesses are wise to tread carefully and deliberatively when introducing new technologies that interact with consumers to ensure that they remain in compliance with applicable privacy laws and regulations, since few will have been written with these new technologies in mind.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.