Yes, That Web Link Can Be a Contract: What the Popa Case Means for Online Privacy and Consent

[HEADER block, needs review] Author: Rob Scott, CEO, Monjur, Inc. | Date: May 2025

There’s been a lot of debate, and confusion, about whether website privacy policies or contract terms presented in web links are enforceable. Critics often argue that users don’t read them, so they shouldn’t count. But a recent federal court decision confirms what many legal professionals already knew:

The law has finally caught up to the internet.

In Popa v. Harriet Carter Gifts, Inc., No. 2:2019cv00450 (W.D. Pa. 2025), the court affirmed that users can provide implied consent to web-linked privacy policies, if those policies are clearly presented and sufficiently disclosed.

📚 Case Summary: The Third Party You Didn’t See

Ashley Popa browsed the Harriet Carter Gifts website in 2018 and added an item to her cart. Unknown to her, third-party firm NaviStone was tracking her behavior using embedded code. She filed suit, claiming a violation of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (WESCA).

The Third Circuit reversed an earlier dismissal, holding that Pennsylvania doesn’t recognize a “direct-party exception” to WESCA. The case was sent back to determine whether Popa had given implied consent.

🔍 Did She Consent? The Court Says Yes

• The site’s privacy policy was linked in the footer.
• It clearly explained data sharing with third parties like NaviStone.
• Popa continued browsing the site after being exposed to this disclosure.

That was enough for the court to find implied consent, dismissing the wiretap claim. The court acknowledged that continued use of the website, even without clicking “I Agree,” can still be binding under modern legal standards.

⚖️ Why This Matters for Your Business

This case is a landmark in how courts view online privacy and digital contracts. The takeaways for businesses are clear:

• Transparency matters. Disclose clearly and simply.
• Visibility counts. Make your privacy policy easy to find (e.g., footer link, banner).
• Behavior signals consent. Continued site use can equate to legal acceptance.

Whether you operate an e-commerce store, SaaS platform, or marketing site, your digital policies need to reflect current legal realities.

✅ Free Privacy Policy Review & Consultation

Wondering if your privacy policy is enforceable?

Send it to us for a free legal review and consultation. We’ll assess whether your policies comply with today’s evolving digital standards, and help you close any legal gaps before they become liabilities.

📩 Click here to submit your privacy policy for review 📞 Or email rjscott@scottandscottllp.com directly.

💬 Final Thought: The Clickstream Is the New Handshake

Popa v. Harriet Carter is proof that courts understand how online business works today. Website visitors may not read every word, but if they’re notified and continue interacting, their actions can amount to consent.

At Monjur, we help digital businesses navigate legal risk and compliance with confidence. If you haven’t looked at your policies lately, now’s the time.