PITTSBURGH – GameStop has hit back at Pennsylvania-based class action litigation against it, denying that it violated a state wiretap law and invaded its customers’ privacy when it allegedly intercepted and recorded the electronic communications of visitors to its website.
Amber Cook (individually and on behalf of all others similarly situated) of Lawrence County first filed suit in the U.S. District Court for the Western District of Pennsylvania on Aug. 16 versus GameStop, Inc. of Grapevine, Texas.
“GameStop operates the website www.gamestop.com. GameStop is an online and brick-and-mortar retailer for gaming consoles, games, and accessories. However, unbeknownst to the millions of individuals perusing GameStop’s products online, GameStop intentionally procures and embeds various Session Replay Codes from Session Replay Providers on its website to track and analyze website user interactions with www.gamestop.com. One such Session Replay Provider that GameStop procures is Microsoft,” the suit said.
“Microsoft is the owner and operator of a Session Replay Code titled Clarity, which provides basic information about website user sessions, interactions, and engagement, and breaks down users by device type, county, and other dimensions. GameStop’s procurement and use of Microsoft Clarity’s Session Replay Code, and procurement and use of other Session Replay Codes through various Session Replay Providers, is a wiretap in violation Pennsylvania statutory and common law.”
The suit added the named plaintiff visited www.gamestop.com on her computer while in Pennsylvania and during a visit to GameStop’s website, she fell victim to the defendant’s “unlawful monitoring, recording, and collection of plaintiff’s website communications with www.gamestop.com.”
“Unknown to plaintiff, GameStop procures and embeds Session Replay Code on its website. During the website visit, plaintiff’s Website Communications were captured by Session Replay Code and sent to various Session Replay Providers. For example, when visiting www.gamestop.com, if a website user searches for a certain product, such as a video game, console or accessory, that information is captured by the Session Replay Codes embedded on the website. The wiretapping by the Session Replay Codes is ongoing during the visit and intercepts the contents of these communications between plaintiff and GameStop with instantaneous transmissions to the Session Replay Provider, as illustrated below, in which only 30 milliseconds were required to send a packet of even response data, which would indicate whatever the website user had just done,” the suit stated.
“The Session Replay Codes operate in the same manner for all putative Class members. Like plaintiff, each Class member visited www.gamestop.com with Session Replay Code embedded in it, and those Session Replay Codes intercepted the Class members’ Website Communications with www.gamestop.com by sending hyper-frequent logs of those communications to Session Replay Providers. Even if GameStop masks certain elements when it configures the settings of the Session Replay Code embedded on its website, any operational iteration of the Session Replay Code will, by its very nature and purpose, intercept the contents of communications between the website’s visitors and the website owner. For example, even with heightened masking enabled, Session Replay Providers will still learn through the intercepted data exactly which pages a user navigates to, how the user moves through the page (such as which areas the user zooms in on or interacted with), and additional substantive information.”
UPDATE
GameStop answered the class action suit on Nov. 3, arguing that the complaint failed to state a claim upon which relief could be granted.
“Despite the complaint’s repeated incantations of ‘privacy’ violations, it pleads no facts showing that GameStop actually collected any information that was personal or private within the common law understanding of a privacy right. Nor do any other alleged injuries establish standing. The complaint’s assertions of mental anguish and suffering are unsupported by any facts showing such harm – which makes sense since what is alleged is the collection of information about browsing on a video retailer’s public website. The claim that GameStop deprived Cook of the monetary value of her personal information is likewise insufficient because she does not allege she provided any personal information and, even if she did, courts routinely reject such a theory of standing,” according to the company’s answer.
“Second, even if she could establish Article III standing, Cook’s Pennsylvania Wiretap Act claim fails because she fails to allege that GameStop intercepted or procured the interception of any communications ‘contents’, a prerequisite for a violation. It is well-settled that mouse movements, mouse clicks and URLs are non-content information under state and federal wiretapping laws. As to ‘keystrokes,’ she does not actually allege she entered any keystrokes on GameStop’s website, let alone that GameStop collected those keystrokes. Third, to the extent any interception of content occurred, Cook consented to it. GameStop’s website Privacy Policy disclosed that GameStop may collect ‘usage information’ which it described as ‘information about your product searches, browsing behavior, clickstream information, use of our services, and date/time stamps’ – precisely the information Cook complains about. Because a link to the Privacy Policy generally appears on every page of GameStop’s website, Cook reasonably should have known about any collection and consented to it, by persisting to navigate to the website.”
Lastly, GameStop argued the complaint’s” common law intrusion upon seclusion claim fails as a matter of law because its allegations fall far short of the ‘extreme’ and ‘highly offensive’ conduct demanded by this claim” and that “the case law is clear that GameStop’s alleged collection of browsing information on its website does not come close to meeting this standard.”
For counts of violating the Pennsylvania Wiretap Act and invasion of privacy (intrusion upon seclusion), the plaintiffs are seeking the following reliefs:
• Certifying the class and appointing plaintiff as the class representative;
• Appointing plaintiff’s counsel as class counsel;
• Declaring that defendant’s past conduct was unlawful, as alleged herein;
• Declaring defendant’s ongoing conduct is unlawful, as alleged herein;
• Enjoining defendant from continuing the unlawful practices described herein, and awarding such injunctive and other equitable relief as the Court deems just and proper;
• Awarding plaintiff and the class members statutory, actual, compensatory, consequential, punitive and nominal damages, as well as restitution and/or disgorgement of profits unlawfully obtained;
• Awarding plaintiff and the class members pre-judgment and post-judgment interest;
•Awarding plaintiff and the class members reasonable attorneys’ fees, costs, and expenses; and
• Granting such other relief as the Court deems just and proper.
The plaintiffs are represented by Gary F. Lynch of Lynch Carpenter, in Pittsburgh.
The defendant is represented by Adam T. Petrun and William J. Wyrick of Cafardi Ferguson Wyrick Weis & Gabriel in Sewickley, plus Jeffrey G. Landis and Sheri B. Pan of ZwillGen, in Washington, D.C. and New York, N.Y.
U.S. District Court for the Western District of Pennsylvania case 2:22-cv-01292
From the Pennsylvania Record: Reach Courts Reporter Nicholas Malfitano at nick.malfitano@therecordinc.com