Foot Locker has been hit by a $25 million class-action suit brought by allegations of unpermitted harvesting and sharing of customer support conversations. The company's website was said to be recording the data and then distributing them to third parties as well.
The Lawsuit
According to the lawsuit, the footwear retailer wiretaps the foot-related conversations of website visitors, all while customer services software providers like Smooch and Zendesk are listening in during transmission. The company then labels it as part of data analytics.
An expert within the industry stated that live chat transcripts are gold mines of customer service, as mentioned by Gizmodo. The lawsuit also mentioned that the company secretly embedded code into its chat feature which records and transcribes the conversations.
It was said that Foot Locker did not ask customers for consent nor did they inform them of the practice. Given the kind of business that the company runs, customers share sensitive personal data through the website's chat feature.
The complaint claims that at least 5,000 people were victims of the wiretapping issue and that they were entitled to $5,000 each in statutory damages. That ultimately amounts to a $25 million cost for the retailer company, according to Footwear News.
Does the Shoe Fit?
There are two courses of action against the defendant. First is the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA). CIPA was written 56 years ago when phones still had actual wires.
The court docket noted that the penal code imposes liability on anyone who wiretaps through a machine, instrument, contrivance, or any other manner. That last part alone can cover a wide scope which could include online customer service chats.
It mentions that the violation applies to those who intentionally tap connections physically, electrically, acoustically, and inductively. Although it particularly states that it applies to instruments of any internal telephonic communication system.
Yes, we no longer require DSL connections to have Internet access. That has also been covered in the docket, saying that Section 631 of the Penal Code applies to Internet communications as well, which applies to the situation.
The software used to record and transcribe the conversations also qualifies with the mentioned "machine, instrument, contrivance, or any other manner" in the docket. Of course, there's also the intentional recording of conversations that also violates CIPA.
Although the Penal Code Section 632.7 states that the violation applies to intentionally recorded conversations through cellular radio telephones, landline telephones, or cordless phones, it also noted that Foot Locker's actions were still considered.
The complaint states that "Section 632.7 defines 'Communications' exceptionally broadly," and so text messages sent from a smartphone to a computer or Internet like customer service messages are subject to Section 632.7.
The prohibitions, although a bit outdated, apply to all communications, not just confidential ones. Foot Locker will also face the accusation of aiding and abetting a third party in the interception and reception of the recorded conversations.