it's quite far A shadowy figure intercepting late-night phone calls, wiretaps hidden inside martini olives, and the exchange of wiretaps between Cold War spies. But does using AdTech software to monitor the online behavior of public website visitors constitute illegal eavesdropping in Massachusetts?
The state's highest court is considering this new issue thanks to a lawsuit filed against New England Baptist Hospital and Beth Israel Deaconess Medical Center, which The website tracker claims to have “intercepted” Kathleen Vita's “wired communications” with the site.
Both websites that Libyan residents allegedly visited for details about doctors and other health information displayed pop-ups alerting users with the all-too-familiar notice: . our web traffic. ” According to the hospital's brief, the additional information described the scope of data collected by the hospital and its “third-party service providers.”
Because tracking cookies can send personal information to third parties for use in targeted advertising, Vita's lawyers argue that this is not specifically disclosed and constitutes a secret recording. It alleges that this violates the Massachusetts Wiretap Act of 1968. The strictest privacy protection in Japan.
“The interests go far beyond these two institutions,” lawyer David Gatchuk told the Supreme Judicial Court on Wednesday. Hospitals and corporate groups are calling the lawsuit, with no actual allegation that Vita's personal information was shared with third parties like Meta Pixel or Google Analytics, potentially exposing healthcare organizations to millions of dollars in liability based on the ubiquitous technology. It is accused of being an attempt to inflict damage on the government.
Vita's lawsuit is part of a nationwide wave that Congress is carefully balancing between protecting individual privacy and allowing legitimate organizations to operate as usual with standard equipment. It could disrupt conduct, they argue.
“These are two of at least 20 class-action lawsuits that plaintiffs' attorneys have recently launched against hospitals and other organizations in Massachusetts, using wiretapping laws as a weapon against website analytics and advertising technology. “It's ubiquitous in the 2020s,” Gatchuk wrote in the hospital's brief.
General Brigham and Dana-Farber settled a similar lawsuit in 2019 for $18.4 million without admitting wrongdoing.
Attorney Patrick Vallely, representing the plaintiffs, said the hospitals “grossly exaggerated the consequences of enforcing the clear terms of the MWA in order to create a hysterical misconception that these lawsuits threaten all Massachusetts business.” “I am,” he wrote. “The vast majority of Massachusetts businesses that use AdTech do not use AdTech covertly and therefore do not violate the MWA.”
Data privacy collection is a difficult subject, and the latest version of the proposed Massachusetts Information Privacy and Security Act is still in committee. Companies argue that using wiretapping laws to collect data privacy is a significant departure from the law's original purpose of preventing wiretapping.
“Whether we should have a national conversation or a state-level discussion about what kind of data privacy conversations we should be having, that's an interesting debate that's happening right now in many states and at the federal level,” said Deputy Director Chris.・Mr. Eicher said. “But using the courts and wiretapping laws actually means the end of the legislative process,” said the president of government relations for the Greater Boston Chamber of Commerce.
The high court rejected the hospital's motion to dismiss, leaving the SJC with the question of whether the half-century-old wiretapping law allows for civil or criminal lawsuits based on web cookies.
SJC judges grilled lawyers during oral arguments, focusing on the nature of communication and conversation in the 2020s. Justice Frank Gaziano noted that the court recognized changes in technology over the years and determined that cell phone calls and text exchanges could be protected.
“Speaking of eavesdropping, they used things like alligator clips to eavesdrop on wires,” Gaziano said. “And in the old days wiretapping was done by bugs. Those days aren't any more. Police and other people intercept things digitally.”
Medical centers argue that communication between individuals through cell phones and text messages is clearly an extension of the type of communication that Congress intended to protect from secret wiretapping in 1968. By contrast, Gatchok told the court that browsing websites bears little resemblance to conversations between people.
The judges further dug into the hospital's lawyers' argument that “communications” under wiretapping laws must be “personal.” Gaziano asked why someone typing a search query into his website doesn't, in effect, become a conversation between that person and the company.
Justice Elizabeth Dewar said it was common for medical practices to provide a place to request an appointment or provide additional information, and that “it could be used as an alternative to email” to obtain information about potential patients. It's clear that he does.” In that case, “you're communicating,” she said. “You are writing a message to a company and expecting to hear back from them specifically about your issue.”
If a person goes to a medical practice to find a breast cancer doctor, Judge Scott Kafker said, It may not be communication, but it is a start. It's clear Beth he's conveying information that is valuable to Israel and also to these third parties, right?”
Mr. Gachok conceded that asking for information and receiving information in response was “almost as close” to a conversation, but the plaintiff did not allege that he actually did it.
Gacioch compared the interaction to reviewing a catalog. Despite the judges' assumptions, the plaintiffs were only looking for existing information, rather than using the built-in chat feature or sending individual messages, he said.
“It’s like flipping through directories and catalogs of content that already existed in 1968,” he said. “If someone is sitting in a hospital waiting room flipping through a doctor's directory or a Boston Magazine issue of “Best Doctors,'' and a surveillance camera watches them flip through it, that is not a violation of wiretapping laws. Deaf. This is not the case either.”
Valéry offered a wide range of interpretations as the justices tried to determine the limits of communication.
“Whenever you click on a link while browsing and request information, and the website loads normally, that response is a communication,” the plaintiff's attorney said.
Hospitals and business groups argue that the ad tech is so commonly used that it falls under the “ordinary business” exception to wiretapping laws.
Kavker repeatedly took issue with this characterization. A hospital's normal business should be patient health, he said. “It doesn't seem normal to me,” he said of the pursuer. “They appear to be operating for profit.”
At the time of the lawsuit, mass.gov's pop-up notifications regarding ad tech tracking data were “very similar” to hospital notifications, Gatchuk said. He said people who visit state websites, including state hospital sites, will be monitored by the same type of ad tech.
He said the implications if third-party cookies were found to constitute eavesdropping would be extremely devastating, raising the possibility of civil and criminal lawsuits targeting a wide range of institutions.
“This case cannot be decided based on the practical impact on other people,” Wendlandt said. “And we should all check the website.”