Arizona Spy Pixel Class Action Litigation Update

Arizona Law

As enacted in 2006, Arizona’s Telephone, Utility and Communication Service Records Act^[1](the “Act”) prohibits a person from:

1. knowingly procuring, attempting to procure, soliciting, or conspiring with another to procure an Arizona resident’s “telephone record” without consent by fraudulent, deceptive or false means;
2. knowingly selling or attempting to sell a “telephone record” without consent; and
3. receiving a “telephone record” by fraudulent, deceptive, or false means.^[2]

The 2006 version of the Act also required telephone companies to establish procedures to protect the unauthorized or fraudulent disclosure of telephone records.^[3]It defined a “telephone record” as information retained by telephone companies relating to “the telephone number dialed by the customer or the incoming number of the call directed to a customer or other data related to such calls typically contained on a customer telephone bill”^[4]and a “telephone company” as any person providing commercial telephone services to a customer.^[5]

A year after its initial enactment, the Act was amended to expand the prohibition on falsely procuring, selling, or receiving telephone records to include “communication service records” and “public utility records.”^[6]A “communication service record” is defined as a record that includes subscriber information, including name, billing or installation address, length of service, payment method, telephone number, electronic account identification and associated screen names, toll bills or access logs, records of the path of an electronic communication between the point of origin and the point of delivery and the nature of the communication service provided, such as caller identification, automatic number identification, voice mail, electronic mail, paging or other service features.^[7]The Act has not been further amended since 2007.

The Act includes a private right of action, which provides a means for consumers to recover actual and punitive damages for violations.^[8]Such an action must be brought within two years from when the customer first discovered, or had a reasonable opportunity to discover, the violation.^[9]

The Act has been addressed in a handful of cases, all of which focused on telecommunication carriers obtaining confidential phone records and personal information under false pretenses. As such, there is limited case law addressing whether a record of when a consumer opens and reads an email constitutes a “communication service record.”

Litigation

Various class action complaints allege that certain common uses of pixel tracking technology in marketing emails violate the Act. The complaints contend that certain information, such as information indicating when an email is opened and read, constitutes a communication service record as defined by the Act.

The defendants in these lawsuits have argued in motions to dismiss that the plaintiffs lack standing because they suffered no injury in fact and failed to state a claim upon which relief may be granted. Specifically, they argue that the plaintiffs failed to identify any private, sensitive, or confidential information procured by the defendants and do not plausibly allege that “communication service records” were procured.

In support of dismissal, defendants have argued that the Act’s legislative history demonstrates Arizona’s concern with telecommunications carriers, rather than generic marketers, obtaining confidential phone records and personal information under false pretenses.^[10]In addition, while the plaintiffs argue that information related to email delivery falls within the Act’s definition of a “communication service record,” the defendant’s position is that the definition does not on its face include records of when an email is opened and read, and Arizona courts have never examined or expanded on the scope of the definition. Indeed, to date, the Act has never been applied in the way the plaintiffs urge.

Takeaways

This wave of litigation brought under the Act is the first time since the Act’s inception and amendment that plaintiffs have invoked a civil action against non-telecommunications carriers or attempted to expand the definition of a communication service record. These lawsuits appear to be part of a larger theme of attempts by the plaintiffs’ bar to apply old but expansively drafted laws to new technologies, thus generating new opportunities for litigation.

Many of these actions are at the motion to dismiss stage, but clients that use embedded trackers in their marketing emails should be aware of the possibility of lawsuits brought on behalf of Arizona consumers.

Clients that are concerned about the possibility of litigation could take the following steps to mitigate risk:

• Audit their use of embedded trackers in marketing emails.
• Determine whether they send marketing emails to Arizona consumers.
• Consider obtaining the informed consent of Arizona consumers before collecting their information via embedded trackers.

Please contact the BCLP Privacy Team if your organization is interested in learning more about mitigating risk under the Act, as well as the potential compliance obligations that may impact your organization.