Harriet Carter Gifts Hired Navistone to Mine Website Users’ Data Without Consent, Class Action Says [UPDATE]
Last Updated on October 7, 2021
Popa v. Harriet Carter Gifts, Inc. et al.
Filed: April 19, 2019 ◆§ 2:19-cv-00450
A class action alleges Harriet Carter Gifts hired co-defendant Navistone to intercept and record website users' keystrokes and personal data without consent.
Pennsylvania
Case Updates
October 7, 2021 – Case Decided in Defendants’ Favor
The judge overseeing the case detailed on this page has ruled in the defendants’ favor and granted the companies’ motion for summary judgment.
In a June 17, 2021 opinion, U.S. District Judge William S. Stickman IV found that no interception of the plaintiff’s communications—as the Pennsylvania Wiretapping and Electronic Surveillance Control Act (WESCA) defines it—had occurred, and that even if it had, the interception does not fall under the scope of that law because it was received outside of Pennsylvania.
Judge Stickman explained that the communications between the plaintiff’s web browser, Harriet Carter’s server and Navistone’s servers occurred “separately and directly,” with Navistone being a direct party to the “conversation.” Per the filing, the plaintiff’s web browser communicated specific information to Harriet Carter’s server and separate information to Navistone’s servers.
“As such, there was no interception,” the judge wrote.
While the plaintiff argued that she was unaware that she was communicating directly with Navistone’s servers, the judge found this was “inconsequential” given the plaintiff “freely initiated the entire process” when she chose to visit Harriet Carter’s website.
“In that sense, although she may have been unaware of the nuanced intricacies required to build the webpage she requested, she nevertheless commanded her web browser to load the webpage, and her web browser carried out her command by sending and receiving information to and from various servers,” the judge wrote.
Judge Stickman further noted that even if the plaintiff’s communications had been intercepted, the communications were received in Virginia, where Navistone’s servers are located, and thus fall outside of the WESCA’s jurisdiction.
Harriet Carter Gifts and Navistone are the defendants in a proposed class action that alleges the consumer data broker was hired by the former to intercept and record the communications of visitors to HarrietCarter.com without the users' consent to do so.
According to the lawsuit, which has been removed to Pennsylvania federal court, Navistone “intercepted Harriet Carter website visitors’ keystrokes, mouse clicks, and other electronic communications” in real time in an effort to collect personally identifiable information (PII). Such conduct constitutes a violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act, the lawsuit argues. Navistone, according to the suit, obtains consumer information via code installed on Harriet Carter’s website, which apparently spies on visitors in real time by “reporting every keystroke and mouse click to the Navistone server”—regardless of whether a user hits “submit” on an order.
“As deployed,” the complaint reads, “Navistone's remote code (deployed by Harriet Carter) functions as a real-time wiretap of users' IP address, keystrokes, and PII and tracks all pages that the user navigates to on the site, linking the user with their potential interest in Harriet Carter products for the purpose of Harriet Carter target-marketing its products to its website users.”
As the case tells it, Navistone maintains a back-end database that houses data and profiles on consumers across the country. No stranger to potential class action litigation over the alleged surreptitious tracking of website users, Navistone has reportedly encoded hundreds of other websites with similar code and for similar data-mining reasons. The code itself, the lawsuit says, can only be accessed using a browser’s developer tools.
Before commenting, please review our comment policy.