Papa Johns Accused of Using Session Replay Software in Class Action Lawsuit

A class action lawsuit against Papa John’s International, Inc. (DBA “Papa Johns”) was filed by David Kauffman in California federal court alleging the pizza chain giant violated privacy laws including, for example, the Wiretap Act and the California Invasion of Privacy Act

Papa Johns Accused of Using Session Replay Software 

Many companies utilize tools to help track consumer interactions to better understand consumer use and experience to improve business and target consumer offerings.  However, as Internet privacy laws continue to evolve, most such consumer laws require that companies inform customers and obtain authorization for use of such data. 

Papa Johns was accused of using session replay software, considered “spyware” by some opponents of private data recordings.  Session replay software enables a company to use the software as a tool on its website to visually record consumer interactions which can then be played back for review and analysis. Such tools can be useful to companies for improving consumer experience, understanding how branding efforts are working, identifying consumers needs, for targeted marketing, and other valuable business insights.

Kauffman, a consumer and user of the Papa Johns website, filed a class action lawsuit claiming he and other users were not informed of, and did not provide authorization for, the recording of their electronic interactions within the company’s website. The lawsuit demands injunctive relief and statutory damages for claims of privacy violations under federal and state laws.

Concern That Session Replay Software Can Expose Consumers to Harm

Privacy advocates warn that the use of session replay software tools can expose website users to identity theft and other harm due to the storing of private consumer data.  This is why privacy laws require companies be forthright about the gathering of personal consumer data, how the data is to be used, and may even regulate how the data is stored. Privacy laws require consumers be informed so they can either provide consent, or to choose not to allow such gathering of potentially sensitive information.

All businesses with a website should have a well written website Terms of Use that informs consumers of the private data collected through the website and discloses the safety measures the company uses when such data is collected and stored.  Although session replay software can be great business tools for companies, it is important for companies utilizing the software to ensure website visitors are quickly made aware of the collection of such data and that visitors be allowed to either consent to the use, opt out (and ensure the tools are not used for those users), or that access be blocked for visitors not consenting to the tracking/recording of data.

Key Takeaways on the Use of Session Replay Software 

Companies utilizing business tools such as session replay software for gathering consumer data on a website must take special care to help guard from privacy law violations by:

• Having a full understanding and knowledge of the various relevant state, federal, and international privacy laws;

• Ensuring website visitors are made aware of the use of such tools and consent to such use; and

• Utilizing secure data storage servers that are compliant with relevant privacy laws.

For more information on the class action lawsuit, See: Kauffman v. Papa John’s International, Inc., Case No. 3:22-cv-01492, U.S. District Court for the Southern District of California

For more information about eCommerce and data privacy, see our Internet Law and eCommerce Legal Services and Industry Focused Legal Solutions pages.