A Florida plaintiffs’ firm is turning a 1960s-era wiretapping statute into a scalpel for modern website tracking — and household-name retailers, mid-market e-commerce brands, and even smaller operators are now in the crosshairs. Here’s what every business with a Florida-facing website needs to know before the next demand letter lands.
Schedule a 15-minute Demo with a Data Privacy Expert
In December 2025, a proposed class-action complaint landed in federal court in West Palm Beach with a defendant that turned heads: Nike, Inc. The claims had nothing to do with sneakers or supply chains. They centered on what happened the instant an ordinary Florida consumer loaded nike.com — invisible code executing in the visitor’s browser, harvesting data, and beaming it to third-party servers without consent.
The firm behind the suit was Salpeter Gitkin, LLP — a South Florida plaintiffs’ practice that has rapidly expanded its consumer-protection and data-privacy docket under the Florida Security of Communications Act (FSCA). The Nike filing was not a publicity stunt. It was the latest in a deliberate pattern of technically precise FSCA “digital wiretapping” cases that demonstrate both sophisticated statutory analysis and the institutional firepower to litigate at scale.
If your business operates a website that serves Florida residents — and if that site runs any third-party analytics, advertising pixels, session-replay tools, chat widgets, or marketing tags — Salpeter Gitkin and firms following the same playbook are already scanning for you.
Who Is Salpeter Gitkin?
Salpeter Gitkin, LLP is a Florida-based plaintiffs’ litigation firm with offices in Hollywood that has built a focused consumer-protection and data-privacy practice, with a growing emphasis on FSCA claims against businesses whose websites deploy unauthorized third-party tracking.
The firm’s approach rewards a rare combination: deep knowledge of Florida’s privacy statutes, technical fluency in how contemporary website infrastructure actually functions, and class-action mechanics capable of scaling individual grievances into high-stakes litigation. Salpeter Gitkin has shown all three.
Attorneys at Salpeter Gitkin
- James P. Gitkin, Founding Partner — Co-founded Salpeter Gitkin, LLP in 2008 and serves as a partner and principal of the firm. He has managed the firm’s Personal Injury Department since inception. Gitkin earned his J.D., cum laude, from the University of Miami School of Law, where he was active in moot court and legal writing. He is admitted to all state and federal courts in Florida and has been recognized by Super Lawyers for personal injury litigation. Gitkin now leads the firm’s expanding consumer class-action and privacy docket.
- Eric T. Salpeter, Founding Partner — Co-founder who manages the firm’s commercial litigation, corporate, and real estate practices while supporting its growth into consumer-protection class actions. He is a University of Miami School of Law graduate and licensed Florida title agent.
- Adam J. Reiss, Special Counsel — Supports the firm’s litigation efforts with a focus on complex civil matters.
- Jane M. Braugh, Special Counsel (California office) — Contributes to the firm’s privacy and class-action practice across jurisdictions.
The Nike Case: A Textbook Example of FSCA Website-Tracking Litigation
The proposed class action filed against Nike on December 16, 2025 — Magenheim et al. v. Nike, Inc., Case No. 9:25-cv-81573-DMM (U.S. District Court, Southern District of Florida, West Palm Beach Division) — perfectly illustrates the firm’s blueprint.
Plaintiffs: Neal Magenheim and Angela Neil, on behalf of themselves and all others similarly situated.
Class definition: All Florida residents who accessed www.nike.com within the two years preceding the filing.
Named tracking tools: The complaint details third-party scripts including The Trade Desk (adsrvr.org), Google Tag Manager, Google AdSense, PubMatic, Index Exchange, and BidSwitch. These tools allegedly fire via Google Tag Manager, collecting IP addresses, User-Agent strings, HTTP headers, cookies, and browsing behavior — even when users enable Global Privacy Control signals or opt-out preferences.
Key allegations (from the complaint): “Defendant triggers the installation of software on that visitor’s web browser without permission.” “Defendant does not seek consent prior to installing software on each visitor’s web browser.” “Even when a user… withholds permission for Defendant to share data with others… Defendant still deploys the software onto the visitor’s website.”
The suit claims violations of Florida privacy and property laws, including FSCA wiretapping, invasion of privacy, trespass to chattels, conversion, and unjust enrichment. It seeks statutory damages, punitive damages, disgorgement of profits, and restitution. The amount in controversy exceeds $5 million.
Attorney statement: “Online privacy is an increasing concern. We’ve all had the experience of visiting a company’s website and then seeing ads for that company everywhere we go online … Our hope is that this case will vindicate the online privacy rights of our clients.”
Pattern of Litigation: Building Momentum Beyond Nike
The Nike suit is part of an emerging docket. In October 2024, Salpeter Gitkin filed Gallo v. WalkingCo LLC (approximately 0:24-cv-62023 in the Southern District of Florida), another FSCA-based class action alleging unauthorized website tracking on a major retail site. These filings signal a strategic expansion into scalable privacy enforcement. We also recently covered how Morgan & Morgan the leading plaintiffs firm is advertising for The Athletic as a violator of data privacy rights and Johnson Dalal another South Florida firm ramping up their litigation claims.
Florida’s FSCA Compared to CIPA and ECPA
The Florida Security of Communications Act (FSCA), enacted in 1969 and codified in Florida Statutes §§ 934.01–934.43, shares roots with federal and sister-state wiretapping laws but has distinct features that make it particularly potent in website-tracking litigation.
Key Comparisons
- Consent Requirement: FSCA is a strict all-party (two-party) consent statute — all parties to the communication must consent to interception. This mirrors California’s CIPA (§ 631) but is stricter than the federal Electronic Communications Privacy Act (ECPA), which generally follows a one-party consent rule for certain interceptions.
- Scope of “Electronic Communication”: FSCA broadly covers wire, oral, or electronic communications, with courts increasingly applying it to browser-based interactions (keystrokes, clicks, form data) when transmitted to third parties. CIPA has similar breadth but has faced more judicial pushback in recent session-replay and pixel cases. ECPA distinguishes more sharply between “content” and “record” information, often excluding routine analytics data.
- Damages and Remedies: FSCA provides statutory damages of $100 per day of violation or $1,000 per violation (whichever greater), plus attorney’s fees and costs — creating powerful class-action economics similar to CIPA. ECPA offers actual damages or statutory damages ($100/day or $10,000, whichever greater) but is harder to apply to commercial website tracking and lacks the same private right of action momentum in this context.
- Third-Party Vendor Liability: Both FSCA and CIPA allow claims against website operators for facilitating third-party interception (e.g., pixels or session replay). Recent Florida federal court decisions have rejected early dismissals, breathing new life into FSCA after initial setbacks, while some California courts have narrowed CIPA’s application in 2025–2026 rulings.
- Practical Impact: FSCA litigation is accelerating in Florida as plaintiffs’ firms like Salpeter Gitkin adopt the California playbook with the benefit of prior testing. Unlike ECPA (primarily federal criminal/civil wiretap law), both FSCA and CIPA enable robust private class actions against everyday website technologies.
5 Immediate Risks and Realities
- Automated scanning tools allow firms to identify vulnerable websites at scale, targeting not just giants like Nike but mid-market retailers with meaningful Florida traffic.
- Third-party tools (advertising pixels, session replay, chat services, marketing tags) create the core vulnerability — interception by non-parties to the consumer-website communication.
- Standard website privacy policies or footer links rarely satisfy FSCA’s strict prior, informed, all-party consent requirement.
- Exposure compounds in sensitive sectors: retail/e-commerce, healthcare, financial services, legal lead-gen, and SaaS — where data sensitivity drives higher settlement pressure.
- Once a demand letter arrives, every additional day of unconsented tracking adds to potential statutory damages, making rapid remediation critical.
Industries in the Crosshairs
- Retail and e-commerce: Heavy use of Meta, Google, TikTok, and The Trade Desk pixels on product pages and checkout flows.
- Healthcare and wellness: Tracking on telehealth or informational sites raises layered risks under FSCA plus health-data rules.
- Financial services: Quote forms, account inquiries, and sophisticated ad stacks create high-value claims.
- Legal services: Lead-generation sites ironically risk intercepting confidential inquiries.
- SaaS and technology companies: Complex multi-tool marketing and analytics stacks amplify exposure.
Closing the Consent Gap Before It Becomes a Lawsuit
The constructive reality about FSCA wiretapping liability is that it is one of the most preventable categories of litigation exposure. The core vulnerability in every Salpeter Gitkin-style complaint is the same: third-party tools intercepting user data without clear disclosure and affirmative consent obtained before any code fires.
Captain Compliance’s consent management platform directly neutralizes this risk by delivering named-tool disclosures, blocking activation until explicit visitor consent, and maintaining timestamped audit logs that turn potential violations into documented compliance.
The trajectory is unmistakable. California proved the model; Florida is now executing it with home-grown statutes and growing plaintiff firepower. Salpeter Gitkin’s Nike and Walking Company cases are early data points in a trend that is accelerating. The window for proactive compliance is closing — and the cost of waiting is measured in statutory damages, not just legal fees.
Businesses seeking representation in Florida Security of Communications Act matters are going to be working with salpetergitkin.com while those wanting to protect against these very expensive claims will be using Captain Compliance’s software. Businesses seeking to eliminate the technical exposure that fuels these suits can implement Captain Compliance’s consent-management and privacy-notice solutions today. The choice is no longer theoretical. It is operational.
