A court in the Northern District of California recently granted summary judgment to DDR Media LLC and Jornaya in a website wiretapping lawsuit under the California Invasion of Privacy Act (“CIPA”). See Williams v. DDR Media, LLC, 2024 WL 4859078 (N.D. Cal. Nov. 20, 2024). This decision represents a meaningful victory for defendants facing similar wiretapping claims.
The plaintiff claimed that when she visited DDR Media’s website, Jornaya’s software, TCPA Guardian, recorded her keystrokes, clicks, and other interactions with the website, including her name, email address, and phone number. On this basis, she asserted that Jornaya engaged in unlawful “wiretapping” in violation of the second clause of CIPA section 631(a). Plaintiff also asserted a claim against DDR Media for aiding and abetting Jornaya’s purported wiretapping.
The district court granted summary judgment in favor of the defendants because Jornaya did not “read, attempt to read, or learn” the contents of any communication input by the plaintiff on DDR Media’s website. The court held that the phrase “reads, or attempts to read, or to learn the contents” of a communication requires “some effort at understanding the substantive meaning” of the communication. Jornaya submitted evidence demonstrating that all data entered by a user is immediately “hashed,” or converted into an incomprehensible alphanumeric string, as soon as it is transmitted from the website to Jornaya’s servers, and that it did not retain the original, unhashed data. For that reason, the court found that Jornaya made no attempt to understand the substantive meaning of any user data, and thus did not “read, attempt to read, or learn” the contents of any communications. Because Jornaya did not commit a predicate CIPA violation, DDR Media likewise could not be held liable under an aiding-and-abetting theory.
The decision underscores the importance of developing evidence about defendants’ data practices where cases survive dismissal.