The End of the Road for CIPA Class Actions?
California has been experiencing a wave of putative class actions under the California Invasion of Privacy Act (“CIPA”). A decision this week by a federal court judge in California could halt new case filings and lay the groundwork for the dismissal of pending actions.
CIPA is codified in California’s Penal Code (Section 630 et seq.) and was historically used to prevent wire tapping and the unauthorized interception of cordless or cellular telephone calls. The statute was discovered recently by the plaintiffs’ bar and used as a basis for civil claims against companies that record incoming customer service calls. Plaintiffs’ complaints were filed under both CIPA and California Business and Professions Code Section 17200 for alleged unlawful business practices. In recent years, more than a dozen cases were filed, and many more cases threatened, against companies in California under CIPA.
Plaintiffs’ claims against the recording of customer service center calls never fit the purpose of the statute, which is to combat “new devices and techniques for the purpose of eavesdropping upon private communications.” However, it took two years of litigation to fully dismantle plaintiffs’ theory of liability.
Shin v. Digi-Key: Customer Service Center Calls Are Not Confidential
The initial CIPA cases were filed under Section 632 which prohibits any party to a confidential communication (whether in person or by telephone) from recording the conversation unless all parties consent. This is referred to often as California’s “two party consent rule,” distinguishing California from many other states in which only one party to the conversation (the person making the recording) needs to “consent.” Plaintiffs in the first wave of cases included individuals who initiated calls to customer service centers and allegedly expected the calls to be private and/or allegedly disclosed personal information during the calls.
In his 2012 ruling, Judge Percy Anderson in Shin v. Digi-Key (C.D. CA Case No. 12-cv-5415), held that there was no reasonable expectation of privacy in dialing a toll-free customer support number and reasoned that such calls are not of the type that require sensitive personal or financial information. In ruling that calls to customer support centers are not confidential communications, the Court relied in part on the legislative history of Section 632 which made clear that the law was not intended to prohibit businesses from monitoring their employees’ customer service since that practice is “in the public’s best interest.” In short, recording calls for quality assurance is the modern day equivalent of the supervisor physically sitting in on the employees’ calls.
Young v. Hilton: Customer Service Center Calls May Be Recorded
Undeterred, following the decision in Shin v. Digi-Key, plaintiffs in CIPA cases began to rely more heavily on Section 632.7. Unlike Section 632 of CIPA, Section 632.7 is not limited to confidential communications. It applies to any communication in which at least one of the parties is using a cordless or cellular telephone (a pre-requisite plaintiffs can control). However, Section 632.7 imposes other limitations on liability. Specifically, Section 632.7 imposes liability only on a person who “without the consent of all parties to a communication intercepts or receives and intentionally records” it.
The questions left unanswered after Shin v. Digi-Key, which allowed CIPA class actions to proliferate for two more years, were (1) whether Section 632.7 is limited to interlopers to a communication or whether it includes known parties to the communication, and (2) whether the legislative intent to preserve a company’s ability to observe its employees’ customer service extends to Section 632.7. Judge Manuel Real’s decision on Monday in Young v. Hilton (C.D. CA Case No. 12-cv-01788) answered both of those questions.
The Court held that only third-parties can “intercept or receive” a communication within the meaning of Section 632.7. The Court found that, in drafting the law, the legislature was clearly concerned with the use of technology to access radio signals by people who were not intended to have access to the radio signals. As such, the Court concluded that Section 632.7 does not prohibit parties to a conversation from recording it. Indeed, interpreting the term “receive” under the statute to include the recipient of a call would have the perverse effect of permitting the caller initiating the communication to record the call but not the company receiving it.
The Court advanced two additional grounds for dismissing Young v. Hilton. The Court held that the term “consent” in Section 632.7 modifies the phrase “intercepts or receives” and, thus, to the extent the company “received” a call within the meaning of Section 632.7, the plaintiff who placed the call consented to it. The Court also held that the legislative history of Section 632 is equally applicable to Section 632.7 and, therefore, service-monitoring by companies of their employees is not limited under Section 632.7.
The time to appeal has not yet run on Young v. Hilton. If the decision becomes final and/or Judge Real’s reasoning is adopted in other cases, it could finally turn the tide in CIPA class actions.
If you have any questions regarding this update, please contact:
Amy P. Lally
To receive future copies of this and other Sidley updates via email, please sign up at www.sidley.com/subscribe
Sidley has extensive experience defending many types of consumer class actions and non-class representative actions in state and federal courts throughout the country, at trial and on appeal. Our consumer product and services clients draw on Sidley’s deep experience in litigation areas such as products liability, complex commercial, intellectual property, privacy law, employment, real estate, and antitrust. Our lawyers have broad experience defending claims against all businesses in the chain of commerce for consumer products including suppliers, manufacturers, distributors, retailers, and consumer services such as call centers, warranty providers, and e-commerce sites.
We offer clients an inter-disciplinary, international group of lawyers focusing on the complex national and international issues of data protection and cyber law. The group includes lawyers experienced in regulatory compliance, litigation, financial institutions, healthcare, EU regulation, IT licensing, marketing counsel, intellectual property and criminal issues. Sidley provides services in the following areas:
- Privacy and Consumer Protection Litigation, Enforcement and Regulatory Compliance
- Data Breach, Incident Response and Cybersecurity Advice, Response and Litigation
- Global Data Protection, International Data Transfer Solutions and Cross-Border Issues
- Corporate Data Protection, Compliance Programs and Information Governance Assessments
- FTC and State Attorney General Investigations of Unfair or Deceptive Acts and Practices
- Cloud Computing, Social Media, Online Advertising, Internet of Things, E-Commerce and Internet Issues
- EU, China, Japan, Singapore, Hong Kong and other International Data Protection and Compliance Counseling
- Gramm-Leach-Bliley and Financial Privacy
- HIPAA and Healthcare Privacy
- Communications Law and Data Protection
- Workplace Privacy and Employee Monitoring
- Website Policies, Online Trademarks and Domain Name Protection
- Records Retention, Electronic Discovery and Defensible Deletion
- Governmental Access and National Security
Sidley Austin provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship.
Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300; One South Dearborn, Chicago, IL 60603, 312.853.7000; and 1501 K Street, N.W., Washington, D.C. 20005, 202.736.8000.