• by Wendy Davis , Yesterday

Index Exchange must face a claim that it violated the federal wiretap law by allegedly intercepting information about a web user's activity on the site BibleGateway.com and sending that information to the Chinese e-commerce company Temu, a federal judge ruled this week.

The ruling, issued by U.S. District Court Judge Matthew Kennelly in Illinois, came in a lawsuit brought by Illinois resident John Baker.

He alleged in a 2025 class-action complaint that Index Exchange monitored his activity on BibleGateway.com and transmitted that information -- along with data such as his IP address, cookie identifiers, advertising identifiers, and information about his devices and browsers -- to Temu.

Baker claimed in the complaint that Index Exchange violated the federal Electronic Communications Privacy Act, which generally prohibits companies from intercepting communications unless one party has consented.

Typically, ad-tech companies that are sued for allegedly violating the federal wiretap law argue that at least one party -- the online publisher that allowed the ad-tech company to access data -- consented to any interceptions.

But the wiretap law has an exception to the general rule allowing one party to consent to interceptions: Consent is invalid if the communication was intercepted in order to commit a crime or tort (meaning a civil wrong that carries monetary penalties).

Baker alleged that the interceptions of his communications fell into that exception. He claimed that sending data to Temu violates former President Joe Biden's 2024 executive order banning transfers of sensitive personal data to China and the 2025 implementing regulations (referred to in the complaint as "BSD regulations," with BSD standing for "bulk sensitive data").

Index Exchange sought a fast dismissal of the complaint for several reasons. Among other arguments, the company said that even if the allegations were proven true, BibleGateway.com would have consented to any alleged interceptions "by integrating Index Exchange’s code into its site."

Index Exchange further argued that BibleGateway.com's consent was valid, arguing that any data transmissions to Temu would not have been unlawful. 

The company specifically contended that the alleged data transfers wouldn't have violated any U.S. regulations because those regulations only apply to U.S. entities, and its principal place of business is in Canada. The company also said alleged data transfers to Temu would not have violated the regulations because Temu's parent company, PPD Holdings, is based in Ireland.

Baker countered in a written filing that Index Exchange is only "nominally" a Canadian company, arguing that its "key decisionmakers" are in the United States.

He also noted that the complaint alleges Temu is "at least 50% owned by individuals in China."

Kennelly rejected Index Exchange's bid to dismiss the lawsuit at an early stage, essentially ruling that if the allegations were true, they could support a conclusion that Index Exchange violated the federal wiretap law.

"Even if BibleGateway.com consented to the interception of its communications with Baker, he has sufficiently alleged that the crime/tort exception applies based on Index Exchange's alleged violation of the BSD regulations," Kennelly wrote.

The ruling is only preliminary, and Kennelly noted at one point that there were still unresolved factual questions with regard to whether the ban on data transfers to China applies to Temu.

Index Exchange and Baker are expected to file a status report with Kennelly by June 23.

Index Exchange did not respond to MediaPost's request for comment.