Posts

Showing posts with the label California Invasion of Privacy Act (CIPA)

Courts Still Divided on Whether California Privacy Law Applies to Website Tracking: 4 Rulings in 10 Days Highlight Business Confusion

Image
If you were hoping the courts would offer clarity to the wave of California privacy litigation targeting website tracking technology, four decisions issued in just 10 days this April suggest you may be waiting a while . Four judges recently tackled nearly identical questions about whether the California Invasion of Privacy Act (CIPA) applies to the kind of third-party tracking tools that millions of websites use every day – and reached strikingly different conclusions. Here is what employers and businesses need to know about this eye-opening spate of rulings. The Core Legal Question At the heart of all four cases is the same statute:  CIPA’s pen register and trap and trace provisions . Plaintiffs across the country have been filing suit arguing that common website tools like session replay software, third-party advertising trackers, and analytics platforms constitute illegal “pen registers” or “trap and trace devices” under CIPA because they c apture information about website visi...

Major Win in CIPA Case Signals Higher Hurdles for Privacy Plaintiffs: What You Should Do to Protect Your Organization

In a significant win for businesses fighting CIPA claims, a California federal court just held that searching sensitive health terms and distributing that information to third parties is not a legally protectable privacy interest, foreclosing a plaintiff from pursuing a class action lawsuit. Although the court allowed the plaintiff to amend his complaint and fix its deficiencies, the February 23 decision marks a significant shift in evaluating a plaintiff’s so-called injuries in these cases. Rather than accepting plaintiff’s threadbare allegations of harm, the court in  Maghoney v. Dotdash Meredith Inc.  dug into the allegations of the complaint and questioned whether the plaintiff had actually alleged awareness that his information had been shared with third parties and whether any data shared could have been associated with his name or other personally identifiable information. Here is what you need to know to use this decision to successfully defend against CIPA lawsuits, ...

Digital Risk Report, December 2025

Artificial intelligence (AI) continues to move at a pace that few regulatory frameworks can match. This week alone underscored just how deeply AI is permeating every corner of the business world—from financial services, health care, and data centers to marketing technologies, web analytics, and core infrastructure. On December 11, President Trump issued a sweeping Executive Order aimed at curbing the growing patchwork of state AI laws and signaling a strong federal push toward uniformity, global competitiveness, and innovation-first AI policy. The Order sets the stage for significant legal, political, and constitutional debate, particularly around state enforcement authority, algorithmic accountability, and the future of consumer protections. At the same time, states and regulators are not standing still. Florida's proposed AI consumer protections, California's continued expansion of privacy enforcement under the California Invasion of Privacy Act (CIPA), and aggressive litig...

California Proposal to Curb Website Cookie Litigation Stalls for This Year: What 3 Things Should Your Business Do?

A California bill aimed at curbing the explosion of lawsuits filed against businesses using common website tools like cookies, pixels, and session replay software has stalled out in the 2025 legislative session, meaning your business will remain vulnerable to the newest type of privacy litigation for at least the next year . Despite the Senate unanimously approving SB 690 just a month ago, the bill’s author announced on July 2 that it would be made into a “two-year bill” – meaning it will not advance further this year but may be taken up again in 2026. What does your business need to do to put yourself in the best position to defend against these California Invasion of Privacy Act (CIPA) wiretapping claims? CIPA’s Emergence as a Class Action Weapon CIPA was originally enacted in 1967 to combat traditional wiretapping and eavesdropping, primarily in the context of telephone communications. It was never designed to address the complexities of the digital age or regulate how businesses t...