In Pennsylvania and nationwide, courts have seen a spike in class action litigation surrounding the use of website cookies and whether such use in the context of consumers visiting websites violates federal and state wiretapping and electronic storage control acts (collectively, WESCA). Is this the “junk fax” claim for the internet? Maybe. Like the junk fax claims, WESCA litigation presents real liability for companies that host websites. Unlike the junk fax claims, there are some simple and straightforward proactive measures companies can undertake to minimize the threat of this potential liability. If your company has a website that uses cookies to share data with third parties, such as marketing or analytical firms, this article discusses the three things you should know.

What Are These WESCA-Cookie Claims?

The recent U.S. Court of Appeals for the Third Circuit decision in Popa v. Harriet Carter Gifts, 52 F4th 121 (3d Cir. 2022), seemed to pop the lid for WESCA claims in Pennsylvania, but in actuality, it was merely catching up with decisions rendered by the First, Seventh and Ninth Circuits, albeit on different grounds. In Popa, plaintiff used her iPhone to browse Harriet Carter Gifts’ website. A pop-up window asked for her email address, which she provided, and she thereafter added a Harriet Carter product to her cart, but never completed the checkout process. What the plaintiff did not know (allegedly) was that as she perused through Harriet Carter’s website, her iPhone’s browser simultaneously communicated with two entities: Harriet Carter and a third-party marketing service, NaviStone, employed by Harriet Carter. Her browser’s communications with Harriet Carter brought her through the site; the communications with NaviStone recorded how she perused through the website to identify her for future Harriet Carter marketing. It is a setup used on many websites.