Florida’s Wiretapping Law Under Fire: The FSCA and Data Privacy Litigation

How to Protect Against FSCA Wiretapping Claims

The FSCA’s bite—up to five years in prison and $5,000 fines per criminal violation, plus civil penalties—demands proactive defense. Companies can shield themselves with these steps, rooted in lessons from recent litigation:

1. 1. Get Explicit Consent: Florida’s all-party rule means a vague “we use cookies” banner won’t cut it. Deploy clickwrap agreements—users must click “I Agree” to a policy detailing tracking (e.g., “We record mouse movements via third-party tools”). Courts favor this over browsewrap, per SKN Law’s 2021 analysis. If you’ve followed the Hotjar Lawsuits, Microsoft Clarity, and ECPA claims for Pen and Trap Devices then you should really use our Adaptive Privacy Notice software to protect against these potential claims. Your insurance company will thank you.
   2. Audit Third-Party Tools: Session replay vendors can trigger liability if they use data beyond your instructions. In Goldstein v. Costco (2022), a Florida court dismissed an FSCA claim because the tech didn’t capture “contents”—just behavior. Limit vendor access contractually; ensure they’re your extension, not a rogue actor.
   3. Disclose Everything: List all data collected—IP addresses, clicks, scrolls—in a privacy policy linked prominently on your site. The NFL’s fix with BBB standards hinged on transparency; FSCA cases often falter when users can’t claim surprise.
   4. Leverage Exceptions: The FSCA carves out a 1988 amendment excluding devices tracking “movement of a person or object.” Argue that analytics tools fall here—Jacome v. Spirit Airlines (2021) blessed this defense for session replay.
   5. Arbitration Clauses: Burying a mandatory arbitration provision in terms of service can derail class actions before they start, a tactic the BBB itself recommends.

The FSCA: Florida’s Privacy Sentinel in a Digital Age

Deep in the heart of Chapter 934 of the Florida Statutes lies the Florida Security of Communications Act (FSCA), a law born in the analog era that’s now a linchpin in the state’s fight to protect residents’ privacy. Enacted decades ago to thwart wiretaps and eavesdropping in an age of rotary phones and CB radios, the FSCA prohibits the unauthorized interception and disclosure of wire, oral, or electronic communications—a mandate that’s taken on new urgency as digital tools like session replay software and AI trackers blur the line between convenience and intrusion. In 2025, with Florida courts buzzing over lawsuits tied to website tracking, the FSCA isn’t just a statute; it’s a battleground where old-school privacy clashes with new-school tech.

Unlike its federal cousin, the Wiretap Act, which greenlights one-party consent, the FSCA demands all parties agree before a communication is captured—making it a fiercer guardian of personal data. That distinction has fueled a wave of litigation, with plaintiffs arguing that everything from call recordings to website analytics violates its strict rules. The law’s purpose is unambiguous: to shield Floridians from having their conversations—be it a phone call or a digital footprint—snooped on without their say. But as companies scramble to comply, the FSCA’s exceptions and gray areas offer both pitfalls and lifelines.

           What It Is:

• The Florida Security of Communications Act (FSCA) is a state law under Chapter 934 of the Florida Statutes, designed to safeguard privacy by regulating the interception of communications.
• Enacted in 1969 and amended over time (notably in 1988), it predates the internet but applies to modern tech like smartphones and websites.
  
  Core Protections:
• Protects Florida residents’ privacy rights by prohibiting unauthorized interception and disclosure of wire (e.g., phone lines), oral (e.g., face-to-face talks), or electronic (e.g., emails, app data) communications.
• Requires all parties to a communication to consent before it’s recorded or monitored—unlike the federal one-party consent standard.

What the FSCA Prohibits:

• Intentionally intercepting a communication using any device—say, tapping a phone call or deploying software to log keystrokes on a website.
• Using intercepted data, like sharing a secretly recorded Zoom call with a third party.
• Procuring someone else to intercept, such as hiring a vendor to track users without consent.
• Intentionally disclosing contents of an intercepted communication—think posting a private chat transcript online.
• Attempting any of the above, even if unsuccessful.

Legal Roots:

• Based on the Federal Wiretap Act (Title III of the Omnibus Crime Control and Safe Streets Act of 1968), but Florida amps up the privacy shield with its all-party consent rule.
• Aligns with the state’s broader privacy ethos, reflected in its constitution (Article I, Section 23) guaranteeing a right to privacy.

Examples of Intercepted Communications:

• Telephone calls: Recording a customer service call without notice.
• Satellite video communications: Capturing a Skype or FaceTime session.
• Radio communications: Tapping into ham radio or police scanner chatter.
• Cellular telephone communications: Logging a mobile call or text.
• Cordless telephone communications: Intercepting old-school cordless phone signals.
• Paging service communications: Snagging beeper messages (yes, it’s that vintage).
• Digital interactions*: Modern cases flag website tracking tools (e.g., Hotjar capturing clicks) or app data flows as potential violations.

Key Exceptions:

• Business-use equipment: Devices provided by a service provider—like a telecom furnishing call analytics—in the “ordinary course of business” are exempt (e.g., a phone company’s billing logs).
• Consent: If all parties agree beforehand—say, via a clear “this call may be recorded” warning—it’s fair game.
• Law enforcement: Court-authorized intercepts for investigations dodge the ban.
• Movement tracking: A 1988 amendment excludes devices tracking “movement of a person or object” (e.g., GPS), not contents—used in Jacome v. Spirit Airlines (2021) to defend session replay tech.
• Public communications*: Open broadcasts (e.g., radio waves anyone can tune into) don’t count.

Purpose To Protect Floridians Privacy Will Open The Floodgates With Privacy Lawsuits:

• To protect Floridians’ privacy by ensuring their communications—spoken, wired, or digital—aren’t secretly captured or exploited.
• Balances individual rights with legitimate business and security needs via its exceptions.

Penalties For Violating Florida FSCA:

• Civil: $1,000 per violation minimum, plus actual damages, legal fees, and punitive awards (Fla. Stat. § 934.10).
• Criminal: Third-degree felony for intentional breaches—up to 5 years in prison and $5,000 fines (Fla. Stat. § 934.03).
• Class actions amplify the risk—imagine 10,000 website users at $1,000 each.

Protection Tips: Get explicit opt-in via using the Cookie Consent Software from Captain Compliance—not just “by using this site, you agree with no options to opt in or out.”

Modern Relevance and Challenges:

• Fuels data privacy litigation, with 28 FSCA cases filed in 2024 (up from 5 in 2021), per Carlton Fields, targeting website analytics and call centers.
• Overlaps with laws like GDPR and CCPA but stands out for its consent rigor—think NFL-grade transparency woes, but localized.
• Applies retroactively to tech unforeseen in 1969—courts wrestle with whether “interception” covers mouse-click tracking or AI chatbots.
• Businesses often trip over vague consent banners; “implied consent” rarely holds up (Goldstein v. Costco, 2022).
• Audit third-party tools (e.g., Google Analytics) to ensure they don’t overstep.
• Disclose all tracking upfront-transparency killed claims in recent rulings.

Why It Matters Now With a Florida Privacy Law Enacted

The FSCA’s resurgence isn’t nostalgia—it’s necessity. As Josh Hawley rails against Big Tech in D.C., Florida’s law offers a state-level cudgel for consumers fed up with data grabs. Companies that leaned on flimsy privacy software or advisors—like the many clients that signed up with Captain Compliance only after they were sued for millions of dollars you should act now not later. The law’s broad sweep and stiff penalties mean ignorance isn’t a defense; it’s a liability. With courts still defining its digital reach, the FSCA is both shield and sword—protecting privacy while challenging businesses to step up or pay up. In Florida’s sunlit sprawl, this old statute casts a long, modern shadow.

The FSCA’s revival mirrors a national trend—old wiretapping laws clashing with new tech. California’s CIPA lawsuits paved the way with Swigart law filing thousands of arbitration claims against business owners in Florida and outside of the state, but Florida’s two-party consent rule makes it a fiercer battleground. Companies that once leaned on flimsy software or advisors who underestimated the law—like the NFL’s pre-BBB scramble—are now racing to adapt. The BBB’s voluntary standards offer a playbook, but in Florida, the FSCA’s mandatory bite looms larger. For firms, it’s not just about dodging lawsuits; it’s about trust. As fans and consumers demand control, compliance isn’t a chore—it’s survival. The Sunshine State’s privacy fight is just heating up.