Class Action Lawsuits Against Sites Logging User Interactions
Halibut writes:
Last November, class action lawsuits were filed against multiple websites employing activity loggers: Nike (and FullStory), Lululemon (and Quantum Metric), and WebMD (and Mouseflow). The WebMD story mentions some others at the end.
According to these lawsuits, the companies running the websites, and the companies providing the logging software, are intercepting and/or recording personally identifiable information without the knowledge or consent of the viewers of the site. The lawsuits, which are filed in the state of California, allege this constitutes an illegal wiretap in violation of the California Invasion of Privacy Act (CIPA). The CIPA is an anti-wiretapping law that imposes civil and criminal penalties for recording confidential conversations, with fairly broad definitions for confidential conversations and consent.
Despite being a few months old, I had not heard about these lawsuits. Website replay logging software scripts have been around for years (here is a story from 2017). These replay loggers can record everything from where your cursor goes to what links you click on to what keys you press on the website. According to the stories, both the company hosting the website and the company who operates the logger can get enough information to fully replay a user's interaction with the website. This would be particularly violating where the user is entering a password or, as in the WebMD case above, personal information including medical information. Even if the user intended to send that information to the website in question, most users are probably not aware that it is also being sent to a third party.
Read more of this story at SoylentNews.