Unlike some other states that require all parties to a conversation to consent to being recorded (looking at you California and Pennsylvania), until recently we had not seen a wave of wiretapping lawsuits in Florida.  However, due to a recent decision from a federal court there interpreting Florida’s wiretapping statute (the Florida Security of Communications Act, or “FSCA”), we expect to see a surge of litigation in Florida involving wiretapping claims related to websites’ use of third-party pixels.

We have blogged extensively about California’s wiretapping statute—the California Invasion of Privacy Act (“CIPA”)—including recently about decisions from state and federal courts in California that have been more favorable for defendants.  However, for years the FSCA has flown under the radar.  When courts first began applying the FSCA to emerging technologies (like session replay) the majority of courts declined to find that the FSCA could be applied to third-party technologies that tracked or analyzed website visitor behavior.  This is in large part because of a decision from a state court in Florida in 2021, in the early days of consumer privacy class actions.  In Jacome v. Spirit Airlines Inc., the Circuit Court of Florida granted the defendant airline’s motion to dismiss, and determined that the use of session replay software did not fall under the scope of the FSCA, stating that “Congress did not intend for the Federal Wiretap Act to extend to the use of commonplace analytics software to improve a website browsers’ experience and the FSCA, being modeled after the Federal Wiretap Act, likewise does not extend to the use of commonplace analytics software to improve a website browsers’ experience.”  2021 WL 3087860, at *3 (Fla. Cir. Ct. June 17, 2021).  The Jacome court further held that the mouse clicks/movements, keystrokes, search terms, etc. that was tracked was “precisely the type of non-record information that courts consistently find do not constitute ‘contents’ under the Federal Wiretap Act or any of its state analogs because it does not convey the substance or meaning of any message”, and that “software” does not constitute a “device” under the FSCA.  The Jacome court analyzed the legislative history of the Federal Wiretap Act—which the FSCA was based upon—and concluded that amendments to that statute to include the term “electronic communications” was “to protect private personal and business records (like medical records) from interception on computerized recordkeeping systems.” 

Most of the courts analyzing FSCA cases followed Jacome, declining to find that the FSCA could be applied to emerging third-party technology like session replay.  So, the plaintiffs’ bar focused their efforts and litigation in other states and under other state statutes.  However, that is all about to change.

What Changed?

Here and there over the past couple of years, courts around the country have issued decisions indicating that a change might be coming to interpretations of the FSCA.  For example in Castillo v. Costco Wholesale Corp., No. 2:23-cv-01548, 2024 WL 4785136 (W.D. Wash. Nov. 14, 2024), the court analyzed claims of violations of CIPA, Washington Privacy Act, and the FSCA (among others) related to Costco’s use of third-party pixels (such as the Meta pixel) to collect health data from the plaintiffs’ interactions with the Costco pharmacy website.  The court determined that “the FSCA does not categorically exempt website tracking technologies” and that “the FSCA’s exception of movement tracking information from the definition of ‘electronic communications’ appears to be similar to the Ninth Circuit’s distinction between ‘contents’ of a communication and ‘record’ information.”  That court further held that the plaintiffs’ search terms (for things like patient status, prescriptions, and underlying health conditions) would constitute “contents” of a communication under FSCA. 

What Happened in W.W. v. Orlando Health, Inc., and Why Does it Matter?

In March of this year, a Florida federal court came to a similar conclusion about the FSCA, effectively putting the statute back into play for privacy consumer class actions.  In W.W. v. Orlando Health, Inc., the plaintiff alleged that the defendant, a healthcare organization, installed tracking technologies (pixels from Meta and Google, among others) on its patient portal website, in violation of the FSCA and Federal Wiretap Act, among other claims.  No. No: 6:24-cv-1068, 2025 WL 722892 (M.D. Fla. Mar. 6, 2025).

The court denied Orlando Health’s motion to dismiss the FSCA claim, and held that the plaintiff had adequately alleged that the electronic communications she claimed were intercepted were “contents” under the FSCA.

The Orlando Health court took care to distinguish Jacome in its opinion.  First, the court distinguished the session replay technology at issue in Jacome from the tracking pixels at issue in the case before it, stating that the plaintiff’s “claims are predicated on the tracking tools’ interception of her communication . . . not on the simple fact that her movements on Defendant’s website were tracked.”  The Orlando Health court was particularly concerned with the sensitive health data such as search queries that could divulge a website user’s health condition, and how that data differed from just mouse clicks.  It also noted that the Jacome court had looked to the intent of the Florida and federal legislatures in passing the FSCA and Wiretap Act, and that “the FSCA was designed to protect precisely the information at issue in this case—private medical information”—as opposed to just keystrokes and mouse clicks.  The court also acknowledged how numerous courts in other states had reached similar conclusions in cases involving the same types of third-party technologies—despite the fact that these claims were most often brought under other states’ statutes.

What's Next?

The Orlando Health decision is a perfect example of how the law can change when applied to new or emerging technologies.  It also marks a turning point: federal courts in Florida are now at least open to applying the FSCA to the newer wave of website tracking technologies, and there is now a roadmap for how plaintiffs can succeed on a wiretapping claim.  This makes Florida fertile ground for a surge of pixel-based wiretapping litigation.  We expect to see plaintiffs file complaints in Florida federal courts alleging fact patterns analogous to Orlando Health—especially in sectors where sensitive data or communications may occur.

What Should You Do?

The bottom line is that companies should not become complacent about the third-party technologies they deploy on their websites.  If you have a consumer-facing website, now is the right time to take stock of the third-party technologies you use to analyze or track customer behavior, and develop a plan to identify and mitigate any potential risks.  Make sure your website’s privacy policy and terms of use are reviewed and updated regularly (and, make sure you have an up-to-date understanding of how to actually make these enforceable).  If you have any questions, do not hesitate to reach out to our team of privacy and litigation professionals.