Bed Bath & Beyond Receives Consumer Surveillance Complaint


A District of Missouri lawsuit filed on Wednesday alleges that Bed Bath & Beyond Inc. makes use of spyware to illegally intercept and wiretap the electronic communications of visitors to its website.

The software, titled “Session Replay,” has been the subject of other lawsuits including some against General Motors, Lululemon, and Nike, that, like the present one, allege invasion of privacy, trespass to chattels, and violation of the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act.

According to this week’s class action, Bed Bath & Beyond is a New York corporation headquartered in New Jersey while the plaintiff is a Missouri resident. The software at issue allegedly records bedbathandbeyond.com website visitors’ “computer-to-computer data communications,” including their mouse movements and clicks, keystrokes, search terms, information inputted into the website, and pages and content viewed.

The suit alleges that session replay is “sophisticated computer spyware … not a traditional website cookie, tag, web beacon, or analytics tool.” The electronic communications are not only recorded but stored using an outside vendor’s services, the complaint said, meaning that Bed, Bath & Beyond can later view what amounts to a video of a visitor’s entire exploration of its website.

The 52-page complaint alleges that the software is used without first obtaining consumer consent and that the plaintiff and putative class members have a reasonable expectation of privacy in their electronic communications.

The suit states ten claims for relief under Missouri and federal law on behalf of nationwide and state classes.

The plaintiff is represented by Consumer Protection Legal LLC, Chestnut Cambronne PA, and Lockridge Grindal Nauen P.L.L.P.