Papa John's is being sued for allegedly 'wiretapping' its own website

Papa John's pizza sign
(Image credit: / Dutchmen Photography)

Popular pizza chain Papa John’s is being sued for allegedly wiretapping its own website.

The claimant is asking for at least $100 per day of violation, per person, and given that this is a class-action lawsuit, should the company be declared guilty, the damages could amount to quite a lot.

According to the lawsuit filed earlier this week in a federal district court in southern California, Papa John’s installed what’s known as “session replay software” -  software that’s capable of recording, then replaying a user session on the website. That way, the company can see exactly where users clicked, hovered their mouse, when they decided to abandon the cart, and pretty much anything else that was part of their session with Papa John’s.

Violation of the US Wiretap Act

While this type of tracking is nothing new, and many companies use it to improve the website and its performance, Papa John’s took it too far, the plaintiffs are claiming, and in the process - violated the US Wiretap Act, as well as the California Invasion of Privacy Act (CIPA).

"The purported use of 'session replay' technology is to monitor and discover broken website features; however, the extent and detail collected by users of the technology ... far exceeds the stated purpose," the lawsuit reads.

The plaintiff is now asking for “the greater of $10,000 or $100 per day for each violation”. Furthermore, he’s demanding $2,500 in statutory damages for multiple CIPA violations. At the moment, the extent of the potential fine is unknown, but the plaintiff argues “millions” of people were unlawfully spied on. That means, if the company is found guilty, the fine could be in the millions, as well.

Papa John’s is currently silent on the matter.

Session replay software is part of the usual arsenal of every marketing and IT department and is usually used to monitor and improve the user experience. 

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.