Rising Digital Wiretapping Risks in Florida: The Orlando Health Decision

Florida businesses that operate websites or online portals should take note of a recent federal court ruling that expands the scope of the state’s wiretap law in the digital environment. In W.W. v. Orlando Health, Inc., No. 6:24-cv-1068-JSS-RMN (M.D. Fla. Mar. 6, 2025), the court allowed a patient’s claims under the Florida Security of Communications Act (FSCA) and the federal Wiretap Act to proceed. The case focuses on whether common website-tracking tools constitute an unlawful “interception” of electronic communications under Florida law.

The Allegations

The plaintiff, a patient of Orlando Health, alleged that when she used the health system’s public website and patient portal, third-party tracking technologies, such as Meta’s Pixel and Google’s analytics tools, duplicated and transmitted her online interactions to servers outside the health system. She claimed that these transmissions included medical-related searches, appointment requests, and other sensitive data.

According to the complaint, Orlando Health “permitted unauthorized parties to intercept [the patient’s] internet communications while accessing [the website], including the contents thereof, which encompassed the URL visited, the medical conditions and types of doctors searched, and other medical information related to her.” (Orlando Health, slip op. at 4.)

The Court’s Ruling

The court declined to dismiss the FSCA claim, holding that the plaintiff had plausibly alleged an interception of “contents” under the statute. The opinion emphasized that dismissal at this early stage would be premature because “the Rule 8 bar is low.” The court explained that the allegations presented “highly technical questions” about whether these tracking tools capture the contents of a user’s communication and whether such conduct fits within the FSCA’s definition of interception.

The court also allowed the federal Wiretap Act claim to move forward, citing the principle that “a contemporaneous interception — i.e., an acquisition during flight — is required to implicate the Act with respect to electronic communications.” (Id. at 9.)

However, the court dismissed the separate intrusion-upon-seclusion claim, finding that the alleged conduct did not involve an intrusion into a “private place” as required under Florida tort law.

What This Means for Florida Businesses

The Orlando Health decision underscores that Florida’s FSCA can reach beyond traditional wiretapping and may apply to modern web-based interactions. The ruling suggests that if a website transmits substantive user inputs or message content to a third party without consent, the communications could qualify as “contents” under the statute.

For organizations operating websites that handle sensitive data—particularly healthcare, financial, or legal information—the decision should prompt a close review of how third-party analytics, advertising pixels, or plug-ins are implemented. Operators should understand what data these tools capture, whether user inputs are duplicated or transmitted externally, and whether disclosures and consent mechanisms adequately address those practices.

Although Orlando Health was decided at the motion-to-dismiss stage, and no liability finding has been made, it highlights growing judicial attention to digital communications privacy under state law. Businesses in Florida should treat this as a cautionary development and review their tracking and data-sharing frameworks accordingly.