Posts

Showing posts with the label CIPA

California Courts Create Confusion in Digital Tracking Cases: How Businesses Can Navigate Conflicting Rulings

Several recent California state court decisions have thrown companies into a state of confusion about whether they can face claims under the California Invasion of Privacy Act (CIPA) for use of tracking technologies on websites and apps. In two cases, courts dismissed the claims without leave to amend, while a third case – sitting in the same courthouse as one of the first two – allowed the claim to proceed. The two helpful court decisions concluded that CIPA’s “trap and trace” provisions don’t extend to website analytics or similar internet tracking technologies. But the other troubling ruling went the opposite way and said that website cookies might qualify as pen registers or trap and trace devices . These rulings create uncertainty for businesses operating in California and raise many questions about best practices. This Insight will dive into the three cases and provide businesses with a game plan to manage this turbulent time. What Courts Have Decided? Schallert v. Palo Alto N...

AI Notetaking Tools Under Fire: Lessons from the Otter.ai Class Action Complaint

The rapid adoption of AI notetaking and transcription tools has transformed how organizations (and individuals) capture, analyze, and share meeting and other content. But as these technologies expand, so too do the legal and compliance risks. A recent putative class action lawsuit filed in federal court in California against Otter.ai, a leading provider of AI transcription services, highlights the potential pitfalls for organizations relying on these tools. The Complaint Against Otter.ai Filed in August 2025,  Brewer v. Otter.ai  alleges that Otter’s “Otter Notetaker” and “OtterPilot” services recorded, accessed, and used the contents of private conversations without obtaining proper consent. According to the  complaint , the AI-powered notetaker: Joins Zoom, Google Meet, and Microsoft Teams meetings as a participant and transmits conversations to Otter in real time for transcription. Records meeting participants’ conversations even if they are not Otter accountholders ....

New Lawsuit Highlights Concerns About AI Notetakers: 7 Steps Businesses Should Take

A new lawsuit just filed against Otter.ai underscores the legal and compliance risks companies face when using AI notetakers – and serves as a good reminder to deploy best practices to reduce your risks. The August 15 case alleges that Otter’s popular transcription tool secretly records conversations without proper consent and then uses that data to train its machine-learning models. While AI notetakers can boost productivity, they also raise privacy, security, and compliance questions . This Insight reviews the lawsuit, goes over key risks, and outlines seven practical steps businesses should take before relying on AI transcription tools. Case Summary:  Brewer v Otter.ai Court : US District Court, Northern District of California (5:25-cv-06911) Filed:  August 15 Judge:  Hon. Eumi K. Lee Complaint:  Available by  clicking here The consumer filed a proposed class action in California federal court against Otter.ai, maker of the widely used Otter Notetaker. The c...

Healthline to Pay $1.55M for Alleged CCPA Violations: Key Lessons for Businesses from Largest Settlement Yet

Healthline Media has agreed to pay $1.55 million to resolve allegations that it violated the California Consumer Privacy Act (CCPA) – which is the largest settlement to date under the state’s landmark privacy law. The California Attorney General alleged that the company’s health information website, Healthline.com , failed to allow consumers to opt out of targeted advertising and shared data – including information about potential medical conditions – with third parties without proper privacy protections. The settlement, which still needs to be approved by the court, also contains a unique provision: it prohibits Healthline from sharing information with third parties about article titles consumers view that may reveal a medical diagnosis . Here's a breakdown of the allegations and settlement terms, as well as a six-step compliance plan for businesses that operate in California or collect data from California residents. Background and Allegations Healthlin...

California Court Rejects Attempt to Expand Third-Party Eavesdropping Claims to Internet Communications: How Your Business Can Mitigate Risk

Businesses just received some good news when a federal court dismissed a California Invasion of Privacy Act (CIPA) claim that aimed to expand the reach of the state’s wiretapping law to cover internet communications. The April 18 order is the very first ruling to decide, on the merits, whether CIPA could support litigation over the issue of third-party website cookies since CIPA litigation exploded over the last three years. Last week’s decision that granted summary judgment to the defendants keyed in on the fact that the third party’s accessing of internet communications did not occur while the data was “in transit,” but instead involved communications that had already taken place. The big questions we’re all asking now: How will this decision impact current CIPA litigation? Will we start to see the tide turn in businesses’ favor? And what can this decision teach you about risk mitigation of third-party technology you likely use on your website? What Happened? In  Torres v. Prude...

From Search to Share: Court Holds Third-Party Interception of Search Bar Terms Can Support CIPA Claim

  As the privacy litigation landscape continues to take shape, search bars have quietly become a Trojan horse in online data collection, carrying new legal theories into the California Invasion of Privacy Act (CIPA) arena. The legal interpretation of what constitutes “contents” of a communication is evolving under CIPA, and this issue has taken on a greater significance for website owners and operators. So, if your business operates a website with a search bar, you should consider reassessing your website data collection and disclosure practices and implementing compliance measures. Otherwise, you may risk exposure to costly litigation. Here's what you need to know about recent developments in this area. How Did We Get Here? In  Heerde v. Learfield Communications ,   the court held that search terms entered into a search bar constitute “contents of a communication” for the purposes of a CIPA claim , and a third party’s interception of those search terms (through website...