POPA v. HARRIET CARTER GIFTS, INC., 2:19-cv-00450

Ashley Popa, on behalf of herself and similarly situated individuals, sued Harriet Carter Gifts, Inc. and NaviStone, Inc., alleging unauthorized interception of electronic communications while she browsed Harriet Carter’s website.
The case centers on whether the defendants' conduct violated Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (WESCA), particularly regarding interception of web activity by third-party marketing software (NaviStone).
Initially, the district court granted summary judgment for defendants, finding no unlawful interception and that the action was outside WESCA’s territorial reach.
The Third Circuit reversed, holding the direct-party exception did not preclude liability and remanded for fact-finding on (1) whether Popa consented via the website’s privacy policy, and (2) the location of the alleged interception.
On remand, after further discovery, defendants renewed summary judgment focusing on the sufficiency and effect of the privacy policy and consent.
The court ultimately ruled for defendants, holding Popa constructively consented to the data collection disclosed by the Privacy Statement posted on the website.

Issue	Plaintiff's Argument	Defendant's Argument	Held
Did Popa consent to the interception under WESCA?	Popa did not give actual or constructive consent since she never read or agreed to the privacy policy.	Browsing while privacy policy was posted implied consent; reasonable notice was provided.	Popa constructively consented as privacy policy was sufficiently presented and described third-party data collection.
Was NaviStone an "interceptor" under WESCA or simply Harriet Carter’s agent?	NaviStone was a third party she did not knowingly communicate with.	NaviStone acted as Harriet Carter’s agent, so should not be treated as a third-party interceptor.	Third Circuit rejected the agent exception, but held case turned on consent, not party status.
Does the nature of the internet imply broad consent to third-party tracking?	Broad tracking without explicit consent is outside users’ reasonable expectations.	Widespread use of cookies and third-party code means users implicitly consent to such data collection.	Court found no blanket implied consent from internet usage alone, but the privacy policy gave constructive notice.
Was the privacy policy sufficiently conspicuous and accessible to impart constructive notice?	The policy wasn’t adequately prominent or clear to provide notice or consent.	Footer link and dropdown placement were sufficient, matching industry standard, and clearly labeled.	Privacy Statement was reasonably conspicuous and accessible; constructive notice and consent found.

Anderson v. Liberty Lobby, Inc., 477 U.S. 242 (Summary judgment standard—material facts and viewing evidence favorably.)
Celotex Corp. v. Catrett, 477 U.S. 317 (Summary judgment framework.)
Commonwealth v. Byrd, 235 A.3d 311 (Pa. 2020) (Objective standard for consent under WESCA—actual knowledge not required, only reasonable notice.)
Commonwealth v. Proetto, 771 A.2d 823 (Pa. Super. Ct. 2001), aff’d, 837 A.2d 1163 (Pa. 2003) (Implied consent for internet communications under WESCA; reasonable user standard.)
In re Nickelodeon Consumer Priv. Litig., 827 F.3d 262 (3d Cir. 2016) (Internet users’ diminished privacy expectations.)
Nguyen v. Barnes & Noble Inc., 763 F.3d 1171 (9th Cir. 2014) (Enforceability of browsewrap agreements; conspicuousness of terms.)