Move over, OnlyFans, there’s a new feet-sharing game in town. At least, that’s what the plaintiffs argue in a new $25 million class-action privacy lawsuit filed against Foot Locker on Monday. I’m sorry to say that even your feet data isn’t safe.
Specifically, the allegation is that Foot Locker is harvesting and distributing the details of conversations you’re having about your feet, or at least the shoes that you put on them, as reported in Bloomberg Law. Consent is sexy, whether you’re dealing with data or feet, but Foot Locker allegedly didn’t get permission before it recorded customer support chats on its website and shared that data with third parties.
According to the lawsuit, such taping and distributing violates a wiretap law called the California Invasion of Privacy Act (CIPA). The law passed in 1967. It’s separate from the recent California Consumer Privacy Act, better known as the CCPA. Ruth Martin, the plaintiff in the case against Foot Locker, wants the shoe store to foot the bill for a $25 million class-action payout.
Foot Locker “wiretaps the conversations of all website visitors and allows a third party to eavesdrop on the conversations in real time during transmission. Why? Because, as one industry expert notes, ‘Live chat transcripts are the gold mines of customer service,’” according to the text of the lawsuit. The company “covertly embedded code into its chat feature that automatically records and creates transcripts of all such conversations.”
Apple MacBook Air Laptop
The M1 chip delivers 3.5x faster performance than the previous generation all while using way less power. Get up to 18 hours of battery life.
In this case, the third parties getting a copy of your foot-related chats are Smooch and Zendesk, companies that provide customer service software, the lawsuit says.
Foot Locker didn’t respond to a request for comment.
Not just Foot Locker: String of lawsuits tests the limits of old privacy laws
There’s something in the air. Over the last year, we’ve seen a wave of cases trying to stretch the United States’ few ancient privacy laws to apply to modern privacy problems.
“This case is part of a general trend of creative plaintiffs’ firms testing new theories about long-standing U.S. privacy laws,” said Cobun Zweifel-Keegan, managing director of the International Assosiation of Privacy Professionals’ Washington, D.C. wing.
For example, the famously anti-gay sandwich emporium Chick-fil-A faced a class-action privacy lawsuit of its own this week. That chicken data case was just one of over 50 lawsuits filed in the last year accusing companies of violating the Video Protection Privacy Act of 1988. In those cases, litigators argue that sharing data about videos you view violates a law originally passed to protect information related to video-tape rentals. The text of that law is vague enough to seem like it should apply to online videos—though if it does, basically every website on the planet is breaking the law right now. Courts will decide how these laws apply to evolving technology.
“Though these may be new applications of the law, it is far from a foregone conclusion how any one of these cases will play out,” Zweifel-Keegan said. “If some of these cases have merit, it could have a real impact on data privacy best practices. That isn’t a bad thing.”
But what about my feet conversations and Foot Locker?
Stepping back into our conversation about feet data, the Foot Locker case has to contend with the fact that California’s wiretap law was written about literal wires. CIPA is an 56-year-old law passed in a time when telephone landlines were the still primary communication technology. California courts have ruled that CIPA applies to the web, though it’s an open question whether or not customer service chats are included in that definition.
To make their case, the Foot Locker plaintiffs include a somewhat tortured definition of the internet—much to this reporter’s delight—stating that “the internet works through a series of networks that connect devices around the world through telephone lines.” We all know that the internet is a series of tubes. More to the point, this isn’t the dial-up era.
Pacific Trial Attorneys: One law firm, many similar lawsuits
It’s not the first time this issue has kicked around in the California courts. In fact, the same law firm that represents Martin, Pacific Trial Attorneys, filed two nearly identical cases about recording customer service chats and allegedly violating CIPA last year: one against Uniqlo and the other against Wolverine Worldwide, a footwear conglomerate that owns companies like Keds, Merrell, and Saucony. (Another shoe company! What’s with all the feet?) Both cases were filed by the same person and then dropped a few months later.
Gizmodo also reached out to Pacific Trial Attorneys, with hopes of asking why there’s so much foot talk in its law practice, among other questions. The law firm didn’t respond. Uniqlo didn’t respond to a request for comment. A Wolverine spokesperson noted the case was dropped.
Attempts to fit CIPA onto the world of online data go back years, with a case against Nickelodeon in 2015, to name an example. The suit accused the kids’ entertainment company of sliming the Video Privacy Protection Act. Nickelodeon won.