As stated in the filing, at issue is FullStory’s software that provides marketing analytics, particularly its “Session Replay” feature. The plaintiff stated that this feature captures “mouse movements, clicks, typing, scrolling, swiping, tapping, etc.” on a website by using “embedded snippets of code … (that) watch and record a visitor’s every move on a website, in real time” to create a recorded session. Reportedly, the “wiretaps…are used by Defendants to secretly observe and record website visitors’ keystrokes, mouse clicks, and other electronic communications, including the entry of Personally Identifiable Information (‘PII’), in real time.”
The amended complaint noted that FullStory lets users view a list of users who have visited the website and the time that they spend on the website. After clicking on a particular recorded session, FullStory purportedly lets a client “view the video of a user’s interaction with a website” and all of the information captured in said video in order to “see the real customer experience behind the data.” Furthermore, using its “Go Live” feature, Nike can view these sessions in real time. The plaintiff pointed to a 2017 study conducted by Princeton University researchers who examined FullStory and found that “unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.” The plaintiff contended that this exceeds user expectations for information that is collected and monitored.
The plaintiffs are accused of violating the California Invasion of Privacy Act and the plaintiff and putative class’ privacy rights as given in the California Constitution. The plaintiff has sought to certify the class and for the plaintiff and his counsel to represent the class, declaratory judgment in his favor, an award for damages, restitution, prejudgment interest, an injunction, and an award for costs and fees.