Websites that use chatbots to provide their customers with real-time, online assistance have recently been the target of class action lawsuits in California. Whether or not corporations obtain the necessary consent before collecting data from a consumer’s internet behaviour has become a hot topic in digital marketing law in the wake of the Ninth Circuit ruling in Javier v. Assurance IQ, LLC. Chatbots that provide assistance on website home pages are known to anyone who has done any online shopping. These chatbots typically leave visitors with a generic welcome message in a tiny text box in the lower right corner of their computer screens. Customers can converse with the chatbot, where they can get general assistance in the form of pre-populated answers that are taken from FAQs. Recent cases claim that plaintiffs are unaware that their discussions with these bots are being recorded and that they are 1) not with real people. These cases claim that chatbot activity violates the California Invasion of Privacy Act (“CIPA”) because online businesses failed to disclose the purpose of customers’ chatbot conversations or get their prior agreement to monitor and/or record them. These chatbot wiretapping legal processes are still in the pleading stage at this time. As a result, Californian courts haven’t yet rendered a leading judgement on the subject. However, CIPA charges of wiretapping are nothing new, and internet shops can defend themselves against this type of class action by being knowledgeable about the relevant laws and technology.
Could Conversations with Chatbots Break the Law on Wiretapping?
Digital marketing chatbots provide consumer interaction, sales lead creation, and round-the-clock customer service that would often need a live human call centre with significant expense. Chatbots are programmed into any area of the client retailer websites and are run and offered by third parties. The use of chatbots by large companies like Old Navy to provide immediate and personalised service to an infinite number of website users at once has been quite successful. In Licea v. Old Navy, LLC, the plaintiff claims that when he spoke with a chatbot made available by a third party called PolSource, he mistakenly thought he was speaking with a real Old Navy customer service agent. He further claims that Old Navy gave the details of his communication to PolSource while he was unaware that the chatbot programme was capturing and preserving their whole exchange. Most significantly, the lawsuit claims that Old Navy never informed him that his chatbot interaction was being watched, recorded, or shared and that his permission was never requested for such activities. Plaintiff’s request for relief asks the court to order Old Navy to stop engaging in conduct that he claims violates CIPA’s wiretapping prohibition and to pay statutory damages of $5,000 for each infraction.
This is a completely fresh problem when it comes to the employment of chatbot technology. However, there has always been talk of wiretapping in relation to session-replay technologies. A website operator can recreate a visitor’s keystrokes and mouse movements using session-replay to gather information for bettering the functionality of the website and/or to demonstrate that the visitor’s assent to particular website terms was conveyed. In general, session-replay cases contend that using the technique amounted to “wiretapping” a user’s internet interactions. Chatbot plaintiffs assert that their discussions are secretly recorded by chatbots, much like session-replay plaintiffs assert that websites secretly record users’ keystrokes and mouse movements. In light of Licea’s chatbot claims against Old Navy, some of the defences available in session-replay litigation merit investigation.
First and foremost, any claims made by the plaintiff in his lawsuit against Old Navy would have been eliminated by notice and consent. His assertions are primarily based on the fact that a chatbot captured his conversation without his knowledge. It is possible that the whole situation would have been resolved if the website had made it clear that he was not speaking with a real representative and that his chat would be monitored, recorded, and possibly forwarded for data collecting reasons. Second, because Old Navy was undoubtedly a participant in the conversation, the party exemption is a strong deterrent to chatbot wiretapping. A session-replay vendor who sells its software to an online store is essentially “record[ing] and analysing its own data in aid,” the court ruled in Graham v. Noom, Inc. The court came to the conclusion that the aforementioned session-replay provider was not a third-party listener and that its actions did not amount to wiretapping. It might be argued that Old Navy was not a third party to the plaintiff’s chatbot discussions, despite not being as clear-cut and unambiguous as notice and permission. In the end, PolSource licenced the technology to Old Navy so that it could “participate” in customer contacts to enhance service and provide real-time assistance to clients. It will be fascinating to see what other defences online merchants present against this fresh round of alleged CIPA violations as Old Navy and other chatbot wiretapping lawsuits go.
Online merchants need to take proactive measures to avoid wiretapping lawsuits.
Allegations of chatbot wiretapping are the most recent development in the CIPA class action scenario, but they won’t be the last. Given that class action litigants are quick to move to the next frontier involving recorded activity and alleged lack of consent, online retailers need to be vigilant and proactive. Businesses can avoid the hassle of protracted litigation by preventing these lawsuits with website designs that adhere to relevant privacy rules, even though the defences will largely remain the same.
