Peloton Faces New Lawsuit for Third-Party Data Collection Without Consent (Prompting Recent Privacy Policy Update?)

Last month, a new class action lawsuit was brought against Peloton by Plaintiff Julie Jones (on behalf of herself and others affected), alleging Peloton customers were subject to eavesdropping and data recording via a third party, without their consent, during conversations they had on the Peloton website chat.

The lawsuit is alleging that when people used Peloton’s support chat widget, those conversations were then analyzed by a third party software tool, which tried to determine how likely the person chatting was to buy a product from Peloton.

Screenshot of Peloton's online support chat widget.
Screenshot of Peloton’s online support chat widget.

This lawsuit, which has been filed in California federal court, alleges this violates California law, specifically the California Invasion of Privacy Act (“CIPA”), which “prohibits both wiretapping and eavesdropping of electronic communications without the consent of all parties to the communication,” according to the complaint.

The complaint also states that Peloton’s “actions are contrary to industry norms and the legitimate expectations of consumers.”

Jones claims that Peloton has “covertly embedded a third-party’s code into its chat feature that automatically records and creates transcripts of all such conversations.” The alleged Third Party is called “Drift,” and she claims that it can “secretly intercept in real time, eavesdrop upon, interpret, analyze, store, and use…transcripts of…chat communications with unsuspecting website visitors – even when such conversations are private and deeply personal.”

Meanwhile, to the Peloton customer using the chat feature, it appears as though they are only communicating with a Peloton chat representative, because Drift uses its own servers, according to the complaint. But Jones alleges each chat message sent is first routed through Drift’s server, allowing them to “analyze, interpret, and collect customer-support agent interactions in real time.” This data can then be used by Drift “to determine the likelihood they will buy a product or service” from Peloton.

California has passed some of the most in-depth privacy policy laws, which is why the lawsuit was most likely filed in California.

Recently, on July 21st, 2023, Peloton updated their Privacy Policy on the website which applies to all members who continue to use the Peloton services. There is no confirmation of whether this privacy policy update was directly related to this new lawsuit, and Peloton has made updates to their privacy policy every few months recently. The most recent update included text changes and new additions to several parts of the privacy policy.

However, the most recent version of Peloton’s privacy policy did include a new line specifically about the chat service support that was not there previously, saying “Our live chat Service Provider records information submitted in the chat bot, as well as any dialogue with member support. ”

The lawsuit is Julie Jones, et al. v. Peloton Interactive Inc., Case No. 3:23-cv-01082-LAB-BGS, in the U.S. District Court for the Southern District of California.

Want to be sure to never miss any Peloton news? Sign up for our newsletter and get all the latest Peloton updates & Peloton rumors sent directly to your inbox.

Avatar photo
Alyssa Langer
Alyssa Langer is a Peloton enthusiast, freelance writer, registered dietitian, and foodie. When she's not cooking, writing, or working out on her Peloton tread or bike, she can likely be found snuggling on the couch with her two pomeranian Pelopups. Based in the D.C. area, she is always excited to hop on the train to PSNY and take classes in-person. High-five her on the leaderboard: #_MissAlyss

Leave a Reply

Your email address will not be published.