SKIMS may be on the hook for upwards of $5 million in damages for allegedly enabling Facebook and Instagram’s parent company to “spy on” consumers’ activity when using the SKIMS website. According to the complaint that they filed in a California federal court on Tuesday, Catherine Porchia and Mathilda Silverstein claim that Kim Kardashian’s brand is actively “aiding, agreeing with, employing, procuring, or otherwise enabling the wiretapping of the electronic communications of visitors to its website” by allowing Meta Platforms (“Meta”) to collect information from visitors to the SKIMS e-commerce site, including site visitors’ communications as they conduct searches for SKIMS products.
Setting the stage in the complaint, Porchia and Silverstein (the “plaintiffs”) allege that SKIMS “enables Meta to eavesdrop on website visitors’ communications” while they search for products on the SKIMS website, which it does “without visitors’ prior consent.” The plaintiffs claim that by making use of Meta’s Business Tools, including its Meta Tracking Pixel, SKIMS makes it possible for Meta to track the users of the SKIMS website and the “type of actions they take” while on the site. This ultimately enables Meta to “capture or otherwise acquire … electronic communications made in response to website visitors’ searches,” which it can then use to boost its “marketing, advertising, and data analytics efforts.”
In short: Thanks to the fact that SKIMS has embedded the Meta Tracking Pixel and similar tracking codes into its website, “when a user communicates with [the SKIMS] website, those communications are simultaneously and contemporaneously duplicated and sent to Meta at the same time as they are being sent to [SKIMS],” Porchia and Silverstein assert.
“After collecting and intercepting this information,” all without consumers’ knowledge or authorization, the plaintiffs claim that Meta, which is not named as a defendant in the complaint, “processes it, analyzes it, and assimilates it into datasets” for the benefit of its advertisers – and thus, itself. And beyond that, Meta can use this data for things like “research and development” and “to personalize the features and content (including ads and recommendations) that [it] shows people on and off [the] Meta [platforms].”
Not finished, the plaintiffs further maintain that in addition to intercepting website users’ communications to SKIMS via its website without first obtaining users’ consent, SKIMS also “enables Meta to pair [that] event data with a user’s identity.” Specifically, they allege that the Meta Pixel “pairs event data with a user’s unencrypted Facebook ID … so [Meta] can later retarget consumers on Facebook.”
TLDR: Porchia and Silverstein claim that they “did not provide their prior consent to Meta’s intentional access, interception, reading, learning, recording, collection, and usage of [their] … electronic communications,” and they similarly did “not provide their prior consent to [SKIMS’] aiding, agreeing with, employing, permitting, or otherwise enabling Meta’s conduct.”
Seemingly looking to get ahead of one potential defense that may be waged by SKIMS, Porchia and Silverstein contend that while SKIMS offers consumers the option to “customize cookie settings, such as selecting to ‘Opt Out of Third-Party Targeting Cookies,’” that is not enough to enable the shapewear/loungewear company to sidestep liability. As an initial matter, they claim that “users are neither on notice of, nor do they consent to [SKIMS’] ‘cookie banner,’ [which] is located at the bottom of the screen, and users are in no way required to engage with the cookie banner in order to use the website.” As such, the “cookie banner” is effectively “non-binding browsewrap,” per Porchia and Silverstein.
At the same time, they argue that “any ‘consent’ ostensibly given by users is an illusion, [as] even when a user clicks on ‘Cookie Settings,’ and toggles for the option to ‘Opt Out of Third-Party Targeting Cookies,’ [SKIMS] continues to share users’ personal browsing data and identifiers with Meta.” As a result, SKIMS “never properly obtains consent from its users to disclose their communications, and any consent allegedly obtained is meaningless and void.”
With the foregoing in mind, Porchia and Silverstein accuse SKIMS of violating sections 631(a) and 632 of the California Invasion of Privacy Act (“CIPA”), which respectively prohibit third-party wiretapping and the recording of confidential communications without consent. In addition to seeking certification of their proposed class action, the plaintiffs are seeking injunctive relief and damages that “are in excess of $5,000,000, exclusive of interest and costs” for the entirety of the proposed class of impacted consumers.
THE BIGGER PICTURE: Hardly the only proposed class action complaint that alleges violations of CIPA, Porchia and Silverstein’s suit comes amid a recent uptick in CIPA-centric class action litigation, which has largely focused on alleged violations of sections 631(a) and 632. To date, courts – including the U.S. District Court for the Southern District of California in a recent decision in a case waged against Kohl’s – have largely found that using third-party entities to collect website visitors’ information without the visitors’ consent could violate state wiretapping statutes, including the CIPA.
A representative for SKIMS did not immediately respond to a request for comment on the lawsuit.
The case is Porchia v. Skims Body, Inc., 3:24-cv-02562 (N.D. Cal.).
Share
