Recently, a California federal court granted summary judgment for defendant Eating Recovery Center (“ERC”) on a plaintiff’s California Invasion of Privacy Act (“CIPA”) § 631(a) wiretapping claim, joining other California federal courts that have granted summary judgment on CIPA claims for a plaintiff’s failure to “satisfy [CIPA’s] ‘in transit’ requirement as a matter of law.”  In granting summary judgment, the court critiqued CIPA’s language as “ill-suited for application to internet communications” and called upon the California Legislature to “step up” and “speak clearly” about whether and how CIPA applies to website-based data collection tools.  Doe v. Eating Recovery Ctr., LLC, –F. Supp. 3d–, 2025 WL 2971090 (N.D. Cal. Oct. 17, 2025).

The one Jane Doe plaintiff in this case asserted, on behalf of a putative class, that defendant ERC, an eating disorder treatment company, installed a third-party website pixel to collect event data from plaintiff’s interactions with ERC’s website—specifically: (1) the “URL of each page Doe browsed”; (2) “the time Doe spent on each page”; (3) “the path Doe took to get to that page”; and (4) “certain actions, such as button clicks”—without plaintiff’s consent.  Plaintiff asserted that ERC had violated CIPA Section 631(a) by “aiding” and/or “conspiring” with the third-party pixel provider to “read, attempt to read, or attempt to learn the contents of Doe’s communications with ERC while those communications were in transit.”

The Court granted summary judgment for ERC, concluding the third-party pixel provider had not engaged in—and ERC had accordingly not aided—the alleged conduct while the communications were “in transit.” 

The Court concluded the third-party pixel provider did not “read, attempt to read, or attempt to learn the contents of Doe’s communications with ERC while those communications were in transit.”  Observing that courts have been “all over the map” in applying CIPA’s “in-transit” requirement to “instantaneous internet communications” and that the “statutory language at issue [] is ambiguous,” the Court applied an interpretation—recently recognized by another California federal court (see Torres v. Prudential Fin., Inc., 2025 WL 1135088 (N.D. Cal. Apr. 17, 2025))—that “something more” than mere interception of a communication while it is in transit is necessary “to be held liable” under CIPA.    

Emphasizing the “statute’s ambiguity and its imposition of criminal liability,” the Court cautioned against assuming that the California Legislature “really mean[t] to criminalize the use of web traffic data[.]”  And the Court suggested that until the Legislature brings CIPA, a 1967 criminal statute “not drafted with the internet in mind,” “into the modern age,” courts should not “contort themselves to fit the type of conduct alleged in this case” into the “language of [the] 1967 criminal statute about wiretapping.”   

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Rachel Bercovitz Rachel Bercovitz

Rachel Bercovitz is an associate in the firm’s Washington, DC office, where she is a member of the Litigation and Data Privacy and Cybersecurity groups. She maintains an active pro bono practice, with a particular focus on gun violence prevention.

Read more about Rachel BercovitzEmail
Photo of Matthew Verdin Matthew Verdin

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in…

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in securing dismissals at the pleadings stage. For example, he won dismissal at the pleadings stage of over a dozen wiretapping class actions involving the alleged use of website analytics tools to collect data about users’ website visits. He also advises companies on managing litigation risk under federal and state wiretapping laws.

Matthew is also dedicated to pro bono legal services. Recently, he helped a domestic violence survivor win a case in the California Court of Appeal. Matthew’s oral argument led to the court ordering renewal of his client’s restraining order just one day later.

Read more about Matthew VerdinEmail
Show more Show less