Watched While You Shop: The Court Case That Says Your Privacy Isn’t Worth Protecting
Ashley Popa was just looking for pet supplies. 🛍️
She went to a website, petsuppliesplus.com, and did what millions of us do every day. She clicked. She scrolled. She hovered her mouse over a few products, maybe deciding between a chew toy or a new brand of kibble. It was an ordinary, forgettable moment in the digital age.
Except it wasn’t.
Unbeknownst to her, a piece of software was watching. It was recording her every move. Every click, every swipe, every hesitation was being captured in real-time by a program called “Clarity,” a tool owned and operated by Microsoft.
This “session-replay” technology was essentially creating a video of her entire visit for the website’s owner to analyze later. Popa was a data point, her digital body language captured and cataloged without her ever knowing.
So, what happens when you find out you’re being secretly recorded? Ashley Popa decided to sue. And what happened next says a lot about how little our legal system values our privacy in the modern world.
How They Watch You (And Why)
Let’s be clear about what this tech does. Session-replay software like Microsoft’s Clarity embeds a bit of code onto a website.
Think of it as a hidden camera. Once you land on the page, the code springs to life, intercepting and recording your “electronic communications” with the site. We’re talking mouse movements, clicks, and even the text you type.
Why on earth would a company do this? Well, money, of course.
For a tech corporation like Macrohard, this data is solid gold. It allows them to create “heatmaps” showing where users click most, see how far people scroll down a page, and identify parts of their website that are confusing customers. In short, it helps them figure out how to be more effective at getting you to click that “buy now” button.
Microsoft sells this tool, and companies like the pet supply site use it. It’s a whole ecosystem of surveillance built to optimize profits.
When Popa filed her lawsuit, she argued this was a blatant violation of her privacy. She brought claims under Pennsylvania’s anti-wiretapping law and for the common-law tort of “intrusion upon seclusion.”
It seems like a slam dunk, right? Someone used a device to intercept your electronic communications without your consent. Case closed.
Not so fast!
This is where the story takes a turn, leaving the realm of common sense and entering the bizarre world of legal doctrine.
The Ripple Effect: Your Harm Doesn’t Count
Microsoft didn’t really have to argue about whether it recorded Popa. Instead, the entire case came crashing down on a single, frustrating concept: standing.
To sue someone in federal court, you have to prove you suffered a “concrete” injury. It has to be a real, actual harm, not just a theoretical one.
For generations, that made sense. You can’t sue someone because you’re vaguely annoyed at them. You need to show you were actually hurt.
But what does “harm” look like when the injury is invisible?
The court, following recent Supreme Court precedent, decided that to be “concrete,” an injury needs to have a “close relationship” to a harm that was “traditionally” recognized by American courts. In other words, your 21st-century digital problem needs to look a lot like an 18th-century physical one.
Popa argued that being secretly recorded felt a lot like the old-school privacy tort of “intrusion upon seclusion.” But the court pointed to a dusty legal standard: for an intrusion to count, it has to be “highly offensive to a reasonable person.”
And that there was the rub.
The court decided that Microsoft’s software watching Popa shop for pet food just wasn’t offensive enough. It compared the surveillance to a “store clerk’s observing shoppers in order to identify aisles that are particularly popular.”
The information—her interest in pet products and her street name—wasn’t embarrassing or sensitive enough to trigger legal protection.
The secret recording of her digital movements? The court basically shrugged.
How the Case Unfolded
| Date | Event | Outcome |
| September 2022 | Ashley Popa files her initial complaint in federal court. | The legal battle begins. |
| February 2023 | Popa files an amended complaint, laying out her claims against Microsoft and PSP Group. | The case is transferred to the Western District of Washington. |
| June 2023 | The defendants file motions to dismiss the case. | The core legal challenge is raised: does Popa have standing? |
| August 2023 | The district court dismisses the case, ruling that Popa failed to allege a “concrete harm.” | Popa is told her privacy violation wasn’t “offensive” enough to sue over. |
| August 2025 | The Ninth Circuit Court of Appeals affirms the dismissal. | The higher court agrees, cementing the precedent that this kind of digital surveillance, on its own, isn’t a harm the federal courts will recognize. |
The Bigger Picture: A System Built for Yesterday
This story is ultimately about a legal system that is fundamentally failing to keep up with technology. Corporations have been given a green light to deploy increasingly sophisticated surveillance tools, and the courts have decided that unless you can prove that the surveillance was “highly offensive,” you haven’t been harmed in a way that matters.
The Supreme Court’s decision in TransUnion v. Ramirez, which guided this ruling, has created a bizarre landscape. It insists that new harms must have a “common-law analogue.” But the common law was developed in a world of letters, trespassing, and town gossip. It has no real framework for data brokers, persistent tracking, or the psychological weight of knowing your every digital move is being monetized.
The system is creating a massive gap. Legislatures, like Pennsylvania’s, can pass laws to protect privacy, but federal courts can simply decide those laws don’t count for much unless they fit into a centuries-old box.
It’s a rigged game. The house-in this case- Big Tech- always wins.
No Accountability, No Justice
So what happened to Microsoft? Nothing. The case was dismissed.
They never had to defend their technology’s intrusiveness. They just had to argue that the intrusion didn’t hurt Ashley Popa in a way the court was willing to recognize.
This is the definition of a accountability failure. The court’s decision creates a playbook for any company using session-replay software: just make sure the data you’re collecting isn’t “sensitive.” Track users on a shopping site, a news site, or a hobby forum.
As long as you don’t record them entering their social security number or a credit card, you’re likely in the clear. Your surveillance is just the cost of doing business online—a cost borne by users who have no say in the matter.
It’s a perfect encapsulation of an exploitative economic system that prioritizes corporate innovation in data collection over the fundamental human right to be left alone.
What’s the Solution?
If the courts aren’t going to protect us, who will? The answer has to be a conscious evolution of our laws. This ruling isn’t an endpoint; it’s a call to action.
We need to move beyond legal frameworks that ask judges to find a horse-and-buggy equivalent for a digital problem. Congress and state legislatures need to create privacy laws that are explicit: the unauthorized collection and recording of a person’s digital activity is a concrete harm. Full stop. It shouldn’t be up for debate.
The harm here is the tracking which enables the slow erosion of personal autonomy. It’s the creation of a world where we are all just walking, clicking bundles of data to be analyzed and sold. Ashley Popa’s shopping trip for her pet shows us the stakes. The question now is whether we’re going to do anything about it before we all find ourselves living inside someone else’s spreadsheet.
All factual claims in this article are sourced from the United States Court of Appeals for the Ninth Circuit opinion in Popa v. Microsoft Corp., No. 24-14, filed August 26, 2025.
💡 Explore Corporate Misconduct by Category
Corporations harm people every day — from wage theft to pollution. Learn more by exploring key areas of injustice.
- 💀 Product Safety Violations — When companies risk lives for profit.
- 🌿 Environmental Violations — Pollution, ecological collapse, and unchecked greed.
- 💼 Labor Exploitation — Wage theft, worker abuse, and unsafe conditions.
- 🛡️ Data Breaches & Privacy Abuses — Misuse and mishandling of personal information.
- 💵 Financial Fraud & Corruption — Lies, scams, and executive impunity.
NOTE:
This website is facing massive amounts of headwind trying to procure the lawsuits relating to corporate misconduct. We are being pimp-slapped by a quadruple whammy:
- The Trump regime's reversal of the laws & regulations meant to protect us is making it so victims are no longer filing lawsuits for shit which was previously illegal.
- Donald Trump's defunding of regulatory agencies led to the frequency of enforcement actions severely decreasing. What's more, the quality of the enforcement actions has also plummeted.
- The GOP's insistence on cutting the healthcare funding for millions of Americans in order to give their billionaire donors additional tax cuts has recently shut the government down. This government shut down has also impacted the aforementioned defunded agencies capabilities to crack down on evil-doers. Donald Trump has since threatened to make these agency shutdowns permanent on account of them being "democrat agencies".
- My access to the LexisNexis legal research platform got revoked. This isn't related to Trump or anything, but it still hurt as I'm being forced to scrounge around public sources to find legal documents now. Sadge.
All four of these factors are severely limiting my ability to access stories of corporate misconduct.
Due to this, I have temporarily decreased the amount of articles published everyday from 5 down to 3, and I will also be publishing articles from previous years as I was fortunate enough to download a butt load of EPA documents back in 2022 and 2023 to make YouTube videos with.... This also means that you'll be seeing many more environmental violation stories going forward :3
Thank you for your attention to this matter,
Aleeia (owner and publisher of www.evilcorporations.com)
Also, can we talk about how ICE has a $170 billion annual budget, while the EPA-- which protects the air we breathe and water we drink-- barely clocks $4 billion? Just something to think about....
