Penalties for Wiretapping in Pennsylvania

Penalties for Wiretapping in Pennsylvania

Penalties for Wiretapping in Pennsylvania

Should a website be permitted to share your browsing activities with third parties without your consent?

The Third Circuit case of Ashley Popa v. Harriet Carter Gifts, No. 21-2203 (2022) addresses this question and centers around a dispute over alleged violations of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (WESCA).  The case is notable not only for its impact on the interpretation of the WESCA but also for its potential implications for online businesses’ collection of user data.

The case began when Ashley Popa used her iPhone to view Harriet Carter Gifts’ website.  Ms. Popa entered her e-mail when prompted.  She began to look for a product to purchase and added a product to her cart, but she never completed the checkout process.

As Ms. Popa clicked links, used the search function, and traversed the website, her browser communicated her activities to not only Harriet Carter Gifts, but also a third-party marketing service, NaviStone.  NaviStone’s collection of this data could be utilized to identify which of Harriet Carter’s customers may be targeted for promotional advertising.  Ms. Popa filed claims against both Harriet Carter Gifts and Navistone for violations of the WESCA as well as common law claims for invasion of privacy.

Pennsylvania’s WESCA, 18 Pa. C.S. 5701 prohibits the interception of wire, electronic, or oral communications.  The WESCA offers a private civil cause of action to “any person whose wire, electronic or oral communication is intercepted, discloses or uses or procures any other person to intercept, disclose or use, such communication.” 18 Pa. C.S. 5725(a).  In short, Pennsylvania law provides a remedy when someone intercepts (and shares) your online activities without your consent.

The Third Circuit vacated the District Court’s granting summary judgment to the online retailer by reasoning that there was insufficient evidence that Ms. Popa consented to her online activities being exposed to a third-party (NaviStone).

“The WESCA ‘emphasizes the protection of privacy.’  Consistent with that emphasis, it applies   when   anyone intercepts communications—that   is, takes an action to acquire them with a device.  And it requires all parties—not just a party—to consent to that interception.

So does this mean websites can never use cookies or third-party marketing companies to analyze customer data?  Though [Harriet Carter] tries to convince us about the certainty of any number of ‘parade of horribles,’ the WESCA is not so unreasonable.  It, like the Federal Wiretap Act, includes many exceptions   from   liability.    One   is   the   all-party   consent exception, under which it is not  unlawful for  someone to “intercept a wire, electronic or oral communication, where all parties to the communication have given prior consent to such interception.”    18 Pa.  C.S.§5704(4).

Here, [Harriet Carter] obviously consented to the interception.  The question is whether Popa did as well.”

The Third Circuit’s decision has significant implications on the permissible conduct of online businesses’ data collection.  Companies that transmit their customer data to third parties may be subject to civil fines if they fail to notify their users of the way their activities are recorded and utilized.  As data utilization represents an integral part of online businesses’ marketing efforts, future cases will develop the boundaries of individual privacy versus permissible harvesting of personal information.