Skip to Main Content
Our Commitment to Diversity

Third Circuit Gives Pennsylvania Consumers New Footing for Internet Tracking Claims

Date: 4 October 2022
U.S. Litigation and Dispute Resolution Alert

Following a recent decision,the Third Circuit Court of Appeals breathed new life into Pennsylvania consumer claims that the practice of tracking a customer’s movements on a company’s website violates Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (WESCA).WESCA makes it unlawful to intentionally intercept any wire, electronic, or oral communication.3 For years, Pennsylvania courts applied a “direct party” exception to WESCA, finding that a party who directly receives a communication does not “intercept” it. This limited the scope of potential claims under WESCA, which provides a direct cause of action for consumers.4

In Popa v. Harriet Carter Gifts, Inc., however, the Third Circuit determined that subsequent revisions to WESCA significantly curtailed this exception. In 2012, in an apparent effort to codify the direct party exception as related to police investigations, the Pennsylvania General Assembly revised the definition of “intercept” in WESCA to exclude any communications directly received by law enforcement, so long as law enforcement meets certain criteria.5 Under the Third Circuit’s interpretation, the 2012 revisions limited the direct party exception to only those circumstances described in the statute—that is, direct communications to law enforcement that otherwise meet certain criteria.

Not surprisingly, numerous class actions quickly followed the Popa decision, each alleging that companies violated WESCA by tracking the plaintiffs’ activities on the companies’ websites. However, the Popa decision still leaves certain questions unanswered. First, the Third Circuit’s decision is based on its presumption about how the Pennsylvania Supreme Court would interpret WESCA and the revised definition of “intercept.” If the Pennsylvania Supreme Court has occasion to consider this question, it could effectively overrule Popa if it interprets WESCA differently. Plaintiffs will likely try to avoid this by primarily filing suit in federal district courts in Pennsylvania, which remain bound by the Popa decision until further notice. However, a question could be certified to the Pennsylvania Supreme Court asking it to weigh in on the interpretation of the revised version of WESCA.

Second, WESCA still contains various other defenses for defendants, including the potential defense that consumers give implied consent to tracking by visiting websites with accessible privacy policies that inform visitors of the tracking. The Third Circuit, however, left open the question of whether browsing a website with an accessible privacy policy constitutes implied consent. Regardless of how the Court decides that question, though, companies should closely review their policies—both terms and conditions, as well as privacy—to ensure that, to the degree applicable, they clearly state the manners in which visitors’ information may be collected and aggregated by the company or third parties. Affirmative opt-in mechanisms can also be used to seek consumers’ express consent to the collection of information as described in a company’s privacy policy. Opt-in mechanisms like these can help avoid potential arguments over whether a consumer gave implied consent to a privacy policy.

Third, identifying the point when an interception occurs could give rise to jurisdictional arguments. In Popa, the Third Circuit determined that the interception occurred when the plaintiff’s browser, situated in Pennsylvania, delivered information that was routed to the defendants’ servers out of state. The Third Circuit, therefore, held that Pennsylvania courts had jurisdiction. This interpretation seemingly would exclude anyone from a potential class who accessed a website from outside of Pennsylvania. On the other hand, in today’s highly mobile society, where people often access websites on their smartphones, the Popa court’s interpretation could raise a host of jurisdictional complications, as well as constitutional concerns, such as implications for the Dormant Commerce Clause.6

The Popa decision represents a significant shift in applying WESCA, and while potential defenses are available, unanswered questions remain. What is clear, however, is that companies should anticipate the potential for these claims and take steps to prepare. In addition to reviewing their privacy policies and terms and conditions to ensure they completely and accurately disclose a company’s collection, use, and disclosure of data, companies should review their agreements with website managers and software or marketing providers who collect information from visitors to a company’s web site to ensure that the the practices are accurately disclosed in the company’s privacy policy and determine if the agreements include indemnification for claims related to use of data collected from the company’s web site visitors.

The lawyers at K&L Gates LLP are prepared to assist companies as they navigate this new landscape of potential liability.

Popa v. Harriett Carter Gifts, Inc., 45 F.4th 687 (3d Cir. 2022).

18 Pa.C.S. § 5701-5782

18 Pa.C.S. § 5703(1).

See, e.g., Commonwealth v. Proetto, 771 A.2d 823 (Pa. Super. Ct. 2001); Commonwealth v. Cruttenden, 58 A.3d 95 (Pa. 2012).

Specifically, the definition excludes direct communications to law enforcement “where the investigative or law enforcement officer poses as an actual person who is the intended recipient of the communication, provided that the Attorney General, a deputy attorney general designated in writing by the Attorney General, a district attorney or an assistant district attorney designated in writing by a district attorney of the county wherein the investigative or law enforcement officer is to receive or make the communication has reviewed the facts and is satisfied that the communication involves suspected criminal activities and has given prior approval for the communication.” 18 Pa.C.S. § 5702.

The defendants in Popa, in fact, submitted a letter to the court on 23 September 2022 in connection with their petition for a rehearing, indicating that the court’s extension of liability under WESCA to any website that can be accessed in Pennsylvania has led to a spike in lawsuits by plaintiffs who otherwise “have no nexus to the Commonwealth.” See https://www.law360.com/articles/1533666/attachments/0.

This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.

Return to top of page

Email Disclaimer

We welcome your email, but please understand that if you are not already a client of K&L Gates LLP, we cannot represent you until we confirm that doing so would not create a conflict of interest and is otherwise consistent with the policies of our firm. Accordingly, please do not include any confidential information until we verify that the firm is in a position to represent you and our engagement is confirmed in a letter. Prior to that time, there is no assurance that information you send us will be maintained as confidential. Thank you for your consideration.

Accept Cancel