Data broker and loans company not liable for surreptitious tracking

A New Jersey court finds no liability for ‘surreptitious tracking’ regarding a data broker and a website accused of an alleged violation of Wiretap Act (the Act) and the Store Communications Act (SCA).

In considering the motion to dismiss a complaint against Quick Loans (QL) and Navistone (Defendant), the plaintiff claims that Quick Loans use a JavaScript code to reveal anonymous website visitors. The plaintiff, who did not purchase any products or services from the defendants’ websites, found out about the code on a tech news website.

The code was provided to QL by Navistone, a marketing company and data broker. The code identifies website visitors by matching their IP address and other personally identifiable information (PII) to information in its databases. Apparently, this is achieved by intercepting visitors' interactions such as keystrokes and mouse clicks.

According to the Wiretap Act section 2511(2)(d) an interception is lawful, if the person carrying out the interception is party to the communication, or where one of the parties has given prior consent to such an interception.

All of the relevant communications took place on QL’s website, making the site the intended recipient - and a party – to the communications. Apparently, whether, or not website visitors are aware of Navistone is entirely irrelevant.

Although the plaintiff argued that the defendant should not be exempted from the liability, the Act stipulates that liability is waived where a communication is intercepted for the purpose of committing a criminal or tortious act. The plaintiff accepted, however, that the purpose of Defendants' interception was for marketing purposes and promotional use.

Under section 2511(2)(d) a violation of a website's privacy policy on its own, does not constitutes a "criminal or tortious act".