[USA] Pharmatrak, Inc. Privacy Litigation

Facts:

Pharmatrak, Inc. sold a service to pharmaceutical companies called NETcompare intended to collect information about internet usage and web traffic on their websites. When a user first visited a website that used Pharmatrak, the website’s code instructed the user’s computer to retrieve an invisible, clear GIF called a web bug. Pharmatrak’s server responded by placing a cookie on the user’s computer that tracked use of the website. But due to software errors in an email program and a web browser, combined with an interaction between NETcompare and one client’s computer code, NETcompare stored users’ personal information.

Claim:

A group of users whose personal data was collected brought a class action asserting Pharmatrak intercepted electronic communications without consent in violation of the Electronic Communications Privacy Act of 1986 (ECPA). 

Holding:

The websites did not indicate that use meant the user consented to third-party collection of their personal information. Pharmatrak intercepted user information simultaneously with its transmission to the pharmaceutical companies. NETcompare effectively automatically routed the data to Pharmatrak.

Related regulation:

An ECPA claim requires five elements. The claimant must show the other party:

 (1) intentionally (2) intercepted or tried to intercept (or had someone else do so) (3) the contents of (4) an electronic communication (5) using a device. The statute lists exceptions, including consent.