A $5,000,000 legal raid is underway against Blizzard Entertainment Inc. (“Blizzard”) and its World of Warcraft website, over Blizzard’s use of a third-party mouse-tracking software called Mouseflow to record visitors’ sessions. The plaintiff, Brain Sacco, a California resident, has filed a putative class action complaint against Blizzard and Mouseflow for intentional wiretapping under the California Invasion of Privacy Act (“CIPA”). Further, the plaintiff’s attorneys at Bursor & Fisher, P.A. have recently filed similar class action lawsuits against numerous other Mouseflow clients including WebMd, Chevrolet, and Carnival

According to its documentation, Mouseflow is a tracking tool with 165,000+ clients that records website visitors’ sessions to show how individual website visitors browse, click, and scroll. Mouseflow’s clients can watch replays of specific visitors’ time on a website, a feature that Mouseflow describes as “CCTV but better.” In addition to replays, Mouseflow also collects visitors’ “full activity, location, device type, referral source, duration of session, browser/operating system, and much more.”

The CIPA is a two party consent to monitoring statute, essentially stating that both parties must consent to any recording of an interaction between them.  In relation to the wiretapping allegations, the CIPA prohibits persons and entities from various acts of eavesdropping, intercepting, or recording communications including: (1) intentional wiretapping; (2) willful attempts to learn the contents of a communication in transit over a wire; (3) attempting to use or communicate information obtained in either manner; and (4) aiding or conspiring with anyone else to do any of the foregoing. Cal. Penal Code §§ 631, 635, see also Tavernetti v. Superior Court, 22 Cal. 3d 187 (Cal. 1978).

This statute, enacted in 1994,  was not originally designed to cover internet interactions, but the recent claims show how older statutes may be applied to new mediums and tracking technologies.  Businesses should be aware that their monitoring of customer interactions in electronic environments must be carefully reviewed.