District Court’s Dismissal For Lack of Article III Standing Affir
District Court’s Dismissal For Lack of Article III Standing Affir
Publish Date: 2026-05-18 14:09:00
Source Domain: natlawreview.com
Hi, CIPAWorld! Kelly Sandberg here, with another case on alleging an injury in fact to meet Article III standing requirements for privacy claims.
In the case of In re BPS Direct, LLC; Cabela’s LLC Wiretapping Litig., eight Plaintiffs brought a putative class action against Bass Pro Shop and Cabela (collectively “BPS”). Plaintiffs alleged that BPS’s use of third-party data tracking software on their websites was a violation of the Wiretap Act and the Computer Fraud and Abuse Act. In re BPS Direct, LLC; Cabela’s LLC Wiretapping Litig., No. 23-3235, 2026 WL 1280969 (3d Cir. May 11, 2026). To sum, the United States Court of Appeals for the Third Circuit affirmed the United States District Court for the Eastern District of Pennsylvania’s dismissal of six Plaintiffs’ claims, and reversed the dismissal as to two Plaintiffs’ claims because only two Plaintiffs had alleged tangible injuries demonstrating they had a “close relationship” to a harm traditionally recognized at common law.
Bass Pro Shop and Cabela are outdoor retailers specializing in hunting, fishing, camping and outdoor recreation gear, and each company operates an applicable website for consumers to browse items and purchase gear for sale. Both companies use a JavaScript computer code known as “Session Replay Code” on their website that was developed by companies such as Microsoft, Quantum Metric, and Mouseflow (“Providers”).
This code captures a website user’s interactions such as their mouse movements, clicks, scrolls, zooms, window resizes, keystrokes and text entries. This data is then used to create a “video replay” of a user’s visit to the website that provides BPS with insight into their company performance and advertising campaigns.
Further, the Providers store this collected data, which includes personally identifying information, called “fingerprints.” The Providers can collect “fingerprints” from any website using the code to match a user’s…
