Brief Snapshot: Papa John’s is being sued by a customer – not for its pizza but for allegedly breaking the US Wiretap Act and CIPA by snooping on how he browsed the pie-slinger’s website.

Regulations Involved: Wiretap Law, California Invasion of Privacy Act (CIPA)

Jurisdiction: Federal District Court, Southern California

Issue: The proposed class-action suit accuses Papa John’s of violating both the Wiretap Act and the California Invasion of Privacy Act (CIPA) by going too far with its session replay software.

What is Session replay? Session replay software is part of the usual arsenal of every marketing and IT department and is usually used to monitor and improve the user experience. Papa John’s used a type of spyware to track the online activities of those who visited its website and logged everything a user did on the website. The session replay software recorded information about how visitors used the website, such as mouse movements and clicks, keystrokes, search terms, entered text, and pages and content viewed in an untraceable manner.

Privacy Principle Spotlight: The privacy principle in focus here is Purpose Limitation. The principle says- “Data collected for one specified purpose should not be used for a new, incompatible purpose.”