Sometimes It Pays Not to Read-Prudential and ActiveProspect Win Important Motion for Summary Judgment!

Add a comment

One of the areas of interest for CIPA claims is third-party services which record website activities.  Just last week, we had a nice case out of California clarifying whether companies can be liable for CIPA claims by using third-party services.

In Torres v. Prudential Financial, 2025 WL 1135088 (ND Cal April 17, 2025), the court granted the Defendant’s motion for summary judgment based on the use of ActiveProspect’s TrustedForm system for recording users’ interaction with webforms.

ActiveProspect is a well-known system which, among other things, creates a TrustedForm certificate which includes “session replays” which are recreations of user’s visit to the website.  The TrustedForm certificate can be claimed and retrieved by clients (in this case, Prudential and Assurance) logging into their accounts and selecting the certificate.

The plaintiffs in this case went to the Prudential websites, filled out a form, and submitted their information to get life insurance quotes.  The website did not expressly disclose they were using ActiveProspect until the forms were completed.  Plaintiffs then sued for CIPA violations. 

Section 631 of CIPA prohibits a party from “willfully and without the consent of all parties to the communications, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transmit.”  Defendants moved for dismissal because (a) ActiveProspect isn’t a third party eavesdropper; and (b) ActiveProspect didn’t read or attempt to read the Plaintiff’s communication while the communication were in transmit.

CIPA Section 631 only applies when a third party is eavesdropping and “not to recording by a participant to a conversation.”  The court stated that an evaluation of “a software provider like ActiveProspect constitutes a third-party listener as opposed to a participant in the conversation, courts assess whether the software service ‘extends beyond the ordinary function of a tape recorded.’”  Further, “if software functions only as a tool that, like a tape recorded, allows participants to record and analyze the contents of their own communications, the software vendor is not a third party and no liability attaches.”

However, some employees CAN access the data and therefore would have the capability to use the data for its own purposes, so the court found there to be a genuine material issue of fact as to “whether ActiveProspect functions as more than a tape recorded.”

Section 631 also requires that third parties read, attempt to read, or learn the contents of communications while they were in transit.  Here, the court found even assuming “TrustedForm software intercepts the contents of the Plaintiffs’ communications in real time and store the recording on an ActiveProspect server that ActiveProspect employees can access, nothing in the record plausibly indicates that ActiveProspect reads or attempts to read the contents of the communication while they are in transit.” (emphasis in original). 

Interestingly, the court went on to say that ActiveProspect isn’t reading the Plaintiffs data because “the session replays on the ActiveProspect server are nothing more than a rote list of the actions that TrustedForm users took while filling out the form….it does not constitute reading under the statute, because reading requires an attempt to understand or interpret the substantive meaning of a communication…Even when a session replay is reassembled, it is done mechanically and without any attempt to decode its underlying meaning.” (emphasis in original).

This is right.  The TrustedForm is very analogous to a tape recorder.  It is just replaying what was done.  There’s no analysis.  There’s no lead scoring.  It’s just a replay of what happened.  And the court found that Plaintiffs had not demonstrated that ActiveProspecit “attempted to understand or decipher the contents of Plaintiffs’ communications” while in transit, then there is no genuine dispute of material fact under Section 631.  Therefore, the court granted Defendants motion for summary judgment.

This is a good win for Defendants.  And a good win for anyone relying on these third party services. 

But, this case again shows how imperative it is that companies understand what third party services are doing with the information they collect.  Are they just tape recorders?  Or are they attempting to decode the underlying meaning of recorded data?  Because any attempt to understand the data could run afoul of CIPA.

Unknown's avatar

Published by John Henson

John Henson joined TroutmanAmin in 2024. Prior to joining the firm, John was General Counsel at ConsumerAffairs.com where he leads the Legal and Compliance function as well as Talent and Culture since 2021. At ConsumerAffairs, he was responsible for all of the company’s legal and compliance matters including, but not limited to, the company’s marketing efforts, financial services verticals, lead generation practices, and reputation management services. Previously, John was at LendingTree for six years, where he assumed a variety of roles including Vice President of Compliance, Interim General Counsel, and Assistant General Manager of LendingTree’s Mortgage vertical. John focuses on lead generation compliance around TCPA, UDAAP, and FTC and CFPB regulations. A native of Tennessee, John lives with his wife and 3 children in Birmingham, Alabama, where he spends his free time barbecuing, watching college football and golfing.

Leave a comment