U.S. Privacy and Data Protection | Insights | Dec. 2024 (Federal Law)

Businesses using tracking services should take note. A class certification decision was recently granted in a lawsuit against Prudential Financial, Inc. regarding website tracking practices. Specifically, the federal court in the Northern District of California certified a class in the case of Torres v. Prudential Financial, Inc., marking a significant development in privacy litigation.

The class action alleges that Prudential violated the California Invasion of Privacy Act (CIPA) by using ActiveProspect's TrustedForm script on its website. This script allegedly intercepted and recorded visitors' real-time interactions with Prudential's life insurance quote form without proper consent.

The case argues the quote form in question allowed Prudential’s software provider to document and survey real-time interactions of users who were completing the form, before submission. Keystrokes, mouse clicks, and data input are some of the categories of data that were purportedly acquired without comprehensive consent. Certain issues that will be challenged include whether the privacy policy of Prudential offered a reasonable and explicit understanding that keystrokes of users would be documented in such fashion.

This certification decision is notable, as many similar wiretapping suits against businesses using third-party tracking technologies typically resolve through settlement or arbitration. While not over, this case serves as a wake-up call for businesses using third-party website tracking technologies. If successful, the lawsuit could result in significant damages, as CIPA provides for statutory damages ranging from $5,000 per violation to three times actual damages. This certification does not guarantee the plaintiffs' success at trial, but it does allow them to pursue their claims as a unified class group. Thus, the case highlights the growing importance of data privacy compliance and the potential legal risks associated with website tracking practices.

As businesses continue to use technologies for their websites and software, it is critical to develop privacy notices and policies that informs users on how the data will be processed and utilized, along with any other subsidiaries that may also be involved in collecting said data.

Kronenberger Rosenfeld, LLP regularly advises clients regarding data and privacy compliance. Contact our firm using our online case submission form.