December 30, 2024
Partner
Businesses using tracking services should take note. A class certification decision was recently granted in a lawsuit against Prudential Financial, Inc. regarding website tracking practices. Specifically, the federal court in the Northern District of California certified a class in the case of Torres v. Prudential Financial, Inc., marking a significant development in privacy litigation.
The class action alleges that Prudential violated the California Invasion of Privacy Act (CIPA) by using ActiveProspect's TrustedForm script on its website. This script allegedly intercepted and recorded visitors' real-time interactions with Prudential's life insurance quote form without proper consent.
The case argues the quote form in question allowed Prudential’s software provider to document and survey real-time interactions of users who were completing the form, before submission. Keystrokes, mouse clicks, and data input are some of the categories of data that were purportedly acquired without comprehensive consent. Certain issues that will be challenged include whether the privacy policy of Prudential offered a reasonable and explicit understanding that keystrokes of users would be documented in such fashion.
This certification decision is notable, as many similar wiretapping suits against businesses using third-party tracking technologies typically resolve through settlement or arbitration. While not over, this case serves as a wake-up call for businesses using third-party website tracking technologies. If successful, the lawsuit could result in significant damages, as CIPA provides for statutory damages ranging from $5,000 per violation to three times actual damages. This certification does not guarantee the plaintiffs' success at trial, but it does allow them to pursue their claims as a unified class group. Thus, the case highlights the growing importance of data privacy compliance and the potential legal risks associated with website tracking practices.
As businesses continue to use technologies for their websites and software, it is critical to develop privacy notices and policies that informs users on how the data will be processed and utilized, along with any other subsidiaries that may also be involved in collecting said data.
Kronenberger Rosenfeld, LLP regularly advises clients regarding data and privacy compliance. Contact our firm using our online case submission form.
This entry was posted on Monday, December 30, 2024 and is filed under Privacy and Data Protection Updates, Internet Law News.
Privacy & Cybersecurity
FTC Brings Enforcement Action Against Hotel Chain After experiencing multiple large-scale data breaches, Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC have agreed to a significant...
Read ArticlePrivacy & Cybersecurity
As many businesses are already aware of the California Consumer Privacy Act (CCPA) in California, it is important to note there are also now dozens of enacted and proposed state...
Read ArticlePrivacy & Cybersecurity
The EU-U.S. Data Privacy Framework (DPF) marks a significant milestone in international data protection by providing a robust mechanism for transatlantic data transfers. Companies that collect and process personal data...
Read ArticlePrivacy & Cybersecurity
With the start of the new year, the Federal Trade Commission (FTC) has been active in ongoing privacy issues. Below outlines some key issues being considered by the FTC. Participation...
Read ArticleGet legal help now
Submit your case in 3 minutes and get legal help fast.
Give us a call
The internet moves fast. We'll keep you informed.
No thanks, I'll keep myself up to date!