True Value’s Website Wiretapping of Visitors Class Action

This class action accuses True Value Company of intercepting and wiretapping visitors to its website, www.truevalue.com. The complaint alleges that the company “directs third-party vendors, such as Microsoft Corporation, to embed snippets of JavaScript computer code (‘Session Replay Code’) on True Value’s website, which then deploys on each website visitor’s internet browser for the purpose [of] intercepting and recording the website visitor’s electronic communications with [] True Value’s website…”

The Nationwide Class for this action is all persons in the US whose website communications were captured through the use of Session Replay Code embedded in the www.truevalue.com website. A Missouri Subclass has also been defined for all those in the above class in Missouri.

Businesses now collect all kinds of data on consumers, including personal, engagement, behavioral, and attitudinal data. The complaint alleges, “In a consumer-driven world, the ability to capture and use customer data to shape products, solutions, and the buying experience is critically important to a business’s success.”

Many e-commerce sites now record the electronic communications of visitors, using Session Replay code that records things like their keystrokes, clicks, mouse movements, and pages visited, depending on the product and configuration. The code is deployed on the site to intercept and record this information and to offer the site owners Session Replay capabilities.

When the Session Replay Code goes to a visitor’s browser, the complaint alleges, the browser responds by sending data to a third-party server. According to the complaint, that third party is typically the one that wrote the Session Replay Code, and not the owner of the website being visited.

Once the events have been recorded from a visitor’s session, the website operator can replay them, “usually in the form of a video” the complaint alleges, rather than in the form of simple analytics.

The complaint claims that because the events captured by the software include a wide range of actions and events, it can also capture sensitive information, such as medical conditions, payment card information, and even information that the visitor did not decide to submit to the website, such as information entered and then deleted before the user clicked the Submit button. In fact, the complaint claims that visitors may be identified, for example, if the visitor is logged in to the system or if the website offers cookies that can link users with email addresses or user names.

The complaint alleges, “In addition to the privacy invasions caused by the diversion of user communications with websites to third-party Session Replay Providers, Session Replay Code also exposes website visitors to identity theft, online scams, and other privacy threats.”

Visitors to the website are not aware they are being wiretapped or eavesdropped on, the complaint alleges, and they therefore have not given consent to it. The complaint alleges that True Value’s actions violate the federal Electronic Communications Privacy Act and the Missouri Wiretap Act, among other state and federal laws.

Article Type: Lawsuit
Topic: Privacy
Tags: Intercepting Electronic Communications, Your Privacy, wiretapping