Does a plaintiff’s use of a website constitute consent to a privacy policy linked in the website’s footer?  A Pennsylvania federal court answered yes in Popa v. Harriet Carter Gifts, Inc., 2025 WL 896938 (W.D. Pa. Mar. 24, 2025), granting summary judgment in favor of an online retailer (Harriet Carter Gifts) and its marketing partner (NaviStone) accused of collecting data about plaintiff’s website visit in violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”).

Plaintiff Ashley Popa visited the Harriet Carter website to search for pet stairs.  According to plaintiff, Harriet Carter used NaviStone’s marketing service to track her shopping activity on the website for the purpose of delivering mail advertisements.  Plaintiff admitted that she did not review Harriet Carter’s privacy policy, which was linked in the website’s footer and disclosed that third parties, like NaviStone, may have access to information relating to consumers’ activities on the website.  Nevertheless, Popa sued Harriet Carter and NaviStone, alleging that they violated WESCA by collecting data about her shopping activity on the Harriet Carter website without consent.

In an earlier decision we reported on here, the Third Circuit had reversed the district court’s initial grant of summary judgment under the direct party exception, but it left open on remand the issue of consent.  Almost three years later, the district court has now granted summary judgment for the second time, this time holding that plaintiff “consented to NaviStone’s activities on the Harriet Carter website.”  “[M]indful of the reality of internet communication,” the district court explained that “a reasonably prudent person has a lower expectation of privacy on the internet.”  With that understanding, the district court concluded that the plaintiff was put “on inquiry notice” of the privacy policy disclosing the alleged conduct because the plaintiff, like “any other user, could have easily seen the [privacy policy] link” in the webpage’s footer when landing on the website “and understood exactly what it contained.”

In granting summary judgment, the district court rejected an argument commonly raised by plaintiffs in wiretapping suits: that the plaintiff’s data was collected “before she, or any reasonable user, had a chance to view the terms of the Privacy Statement.”  The problem with this argument, the district court explained, is that WESCA “only applies to ‘contents’ of communications,” and “[a]ccessing the Harriet Carter webpage, visiting the Privacy Statement, and then leaving the site does not lead to the interception of ‘content.’”  In other words, “[t]he mere fact that a user visits Harriet Carter’s website is not protected by WESCA any more than that of a caller who uses a phone to reach a number, and then hangs up after being warned of an interception and/or recording.”

Wentao Yang

Wentao Yang is an associate in the Washington, DC office. He is a member of the White Collar Defense and Investigations and Transportation Practice Groups.

Wentao maintains an active pro bono practice, with experience in the areas of immigration and criminal justice.

Read more about Wentao Yang
Photo of Matthew Verdin Matthew Verdin

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in…

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in securing dismissals at the pleadings stage. For example, he won dismissal at the pleadings stage of over a dozen wiretapping class actions involving the alleged use of website analytics tools to collect data about users’ website visits. He also advises companies on managing litigation risk under federal and state wiretapping laws.

Matthew is also dedicated to pro bono legal services. Recently, he helped a domestic violence survivor win a case in the California Court of Appeal. Matthew’s oral argument led to the court ordering renewal of his client’s restraining order just one day later.

Read more about Matthew Verdin
Show more Show less
Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer…

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.

Read more about Kathryn Cahoy
Show more Show less