2022 brought a new wave of data privacy lawsuits seeking to impose wiretapping liability on website operators and their service providers—just as the dust settled on the first wave. To date, plaintiffs have filed over 120 such lawsuits across nine jurisdictions (California, Florida, Illinois, Pennsylvania, Maryland, Massachusetts, Missouri, New York, and Washington) seeking to capitalize on statutory damages. California and Pennsylvania are at the focal point of these filings, with recent circuit court decisions reopening the floodgates.
In addition to moving beyond California and Florida, a chief fixture of this second wave has been a focus on live chat recording. While about one-third of these cases are still premised on session replay—the technology at issue in the first wave of these cases—the remaining two‑thirds are premised on the alleged wiretapping of online customer service chat communications.