Marketing technology company NaviStone and the apparel retailer Moosejaw must face claims that they violated people’s privacy by using technology that can identify otherwise anonymous web users.
The decision, issued Wednesday by U.S. District Court Judge Vince Chhabria in the Northern District of California, stems from a class-action complaint brought last November by California resident Jeremiah Revitch. He said the shopping site Moosejaw embedded Navistone’s “wiretapping” technology, which allegedly logged keystroke data and scanned his computer for identifying information.
When web users type their email or home addresses while on a retailer’s site, those addresses are recorded by NaviStone’s keystroke-logging capabilities — even if the users never hit the “enter” button, according to a 2017 Gizmodo report.
NaviStone’s website says the company examines browsing behavior to determine whether visitors to a website might be potential purchasers, and uses outside data partners “to connect the visitor ID to a name and address,” which it sends “directly to the advertiser’s printer or data services provider for inclusion in the mailing event.”
Revitch claimed that NaviStone and Moosejaw violated a California wiretap law as well as a state law that allows for lawsuits over “highly offensive” privacy violations.
NaviStone and Moosejaw asked Chhabria to throw out the lawsuit at an early stage for several reasons. The companies argued that Revitch didn’t suffer the kind of concrete injury that would warrant a lawsuit. They also argued that the allegations, even if true, didn’t amount to violations of California laws.
Chhabria rejected the companies’ arguments. He said in a six-page order issued Wednesday that the allegations, if true, could support findings that the companies ran afoul of California privacy laws.
“According to the complaint, Moosejaw embedded into its webpages a mechanism that allowed NaviStone to eavesdrop on Revitch’s communications. These allegations are enough to sustain the [wiretap] claims against both defendants,” Chhabria wrote.
“The complaint also alleges that NaviStone’s code scanned Revitch’s computer for files that revealed his identity and browsing habits,” the judge wrote. “A jury could conclude that this intrusion, which allegedly allowed NaviStone to associate Revitch’s browsing habits with his identity, is a highly offensive breach of norms.”
NaviStone and the retailer Harriet Carter are currently facing a similar lawsuit in federal court in Pennsylvania.
In July of 2018, a federal judge in New York dismissed claims that NaviStone and three retailers — Moosejaw, mattress startup Casper, clothing retailer Tyrwhitt — violated the federal wiretap law and New York’s consumer protection laws.
In that matter, U.S. District Court Judge William Pauley ruled that the alleged tracking doesn’t amount to a violation of the federal wiretap law, which prohibits companies from intercepting electronic communications without the consent of at least one party. In this situation, the retailers consented to any interceptions, Pauley wrote.
“It is clear that the retailers were parties to the communications and NaviStone had their consent,” Pauley wrote last year.
(California’s wiretap law, unlike the federal one, requires all parties to consent to record or listen in on electronic conversations.)
Pauley also ruled that Cohen couldn’t proceed with claims that the companies violated New York’s consumer protection laws because he didn’t allege any financial injury.