Search
BJ’s Wholesale Club Loses Bid to Dismiss Complaint Alleging Massachusetts State Law Claims for Wiretap Violations and Invasion of Privacy Arising from Use of Session Replay Code to Track Website Activity
BJ’s Wholesale Club Loses Bid to Dismiss Complaint Alleging Massachusetts State Law Claims for Wiretap Violations and Invasion of Privacy Arising from Use of Session Replay Code to Track Website Activity

Joe Alves filed a class-action complaint against BJ’s Wholesale Club, alleging that BJ’s uses computer code, called Session Replay Code (SRC), to secretly record consumer activity on BJ’s website. Alves claims that BJ’s conduct violates the Massachusetts Wiretap Statute, G.L. c. 272, § 99, and the Massachusetts Right of Privacy Statute, G.L. c. 214, § 1B. BJ’s moved to dismiss. Judge Krupp, sitting in the Massachusetts Business Litigation Session, denied the motion.

BJ’s sells groceries, electronics, furniture, and other products through its website. According to the complaint, BJ’s embeds SRC on its website. SRC operates in the background unbeknownst to the BJ’s website visitors. SRC tracks mouse movements, clicks, scrolls, zooms, and keystrokes. Third-party service providers, in turn, create video replays of the visitors’ behaviors and provide them to BJ’s for analysis. Alves alleges that when he visited BJ’s website to shop for tires, SRC captured his website activity, and that activity was shared with third-party service providers for BJ’s monetary gain.

Judge Krupp began by analyzing the wiretap claim. BJ’s argued that Alves failed to plausibly allege that its conduct implicated “wire communications.” Judge Krupp rejected the argument. Relying on Webster’s Third New International Dictionary’s definition of “communication,” Judge Krupp reasoned that “mouse movements, clicks, keystrokes, and other browsing activity that SRC records plausibly constitute an exchange of information between the website’s owner and the website user.” BJ’s also argued that Alves failed to plausibly allege an “interception.” Judge Krupp rejected that argument, too. He reasoned that because of the “breadth of the statutory definition” of “contents” (i.e., “any information concerning the identity of the parties to [any wire or oral] communication or the existence, contents, substance, purport, or meaning of that communication”), the complaint “plausibly suggests that keystrokes, clicks, mouse movements, URLs, and other data allegedly recorded by SRC constitute contents.” And as to whether SRC is an “intercepting device,” Judge Krupp relied on “[s]everal other decisions [that] have suggested that SRC may be an intercepting device.”

Judge Krupp then turned to the privacy claim. Although he stated his skepticism about the claim given that Alves “failed to allege clearly that BJ’s was able to connect his identity to the data collected or that the data collected was particularly personal or sensitive,” Judge Krupp denied BJ’s motion. Judge Krupp noted that “the question of whether an intrusion transgresses the privacy statute is a fact question.” He also noted that “what constitutes acceptable data collection on the Internet appears to be evolving.” He then noted that the privacy claim—where the wiretap claim would survive dismissal—would not change the scope of discovery.

You can read the decision here. You can also read more about litigation involving Session Replay Code here.

Suffolk Superior Court

Docket Number: 22-2509-BLS1

Case Name: Joe Alves v. BJ’s Wholesale Club, Inc.

Date of Decision: June 21, 2023

Judge: Judge Krupp

Justice: Justice Krupp

Blog Editors

Recent Posts

Back to Page