Adding to a growing body of case law following the Ninth Circuit’s decision in Popa v. Microsoft Corporation, a California federal court has dismissed for lack of subject matter jurisdiction a privacy suit against a news website, holding that the plaintiffs failed to allege a concrete injury sufficient to establish Article III standing. In Re: USA Today Co., Inc. Internet Tracking Litigation, 2026 WL 932655, at *3 (N.D. Cal. Apr. 6, 2026).

The plaintiffs sued for purported violations of the California Invasion of Privacy Act’s (“CIPA”) trap-and-trace provision, among others, claiming that the defendant installed third-party website technologies that collected IP addresses, location, browser type, and similar information. The court held that the disclosure of this information “would [not] be highly offensive to a reasonable person,” emphasizing that courts have repeatedly found no reasonable expectation of privacy in such “unprotected” disclosures. Although the plaintiffs attempted to broaden their theory by invoking purportedly “unique and persistent identifiers,” the court found these allegations too vague to establish a concrete injury.

The court also rejected the plaintiffs’ alternative theories of harm. Allegations that the defendant was unjustly enriched by the economic value of user data similarly failed because plaintiffs did not plausibly allege collection of data in which they had a protected privacy interest. And, citing Popa, the court reiterated that a bare CIPA statutory violation, standing alone, is insufficient to confer Article III standing absent a concrete injury. The court granted the plaintiffs leave to file an amended complaint.

This decision reinforces the need, as the Ninth Circuit identified in Popa, for plaintiffs in privacy cases to plead facts showing that “embarrassing, invasive, or otherwise private information” was collected to have Article III standing to pursue those claims.

Tags: privacy
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Thea McCullough Thea McCullough

Thea McCullough counsels national and multinational companies across industries as a member of the Data Privacy and Cybersecurity, Litigation, and Public Policy practice groups.

Thea advises clients on a broad range of privacy issues, such as privacy policies and data practices, responses to…

Thea McCullough counsels national and multinational companies across industries as a member of the Data Privacy and Cybersecurity, Litigation, and Public Policy practice groups.

Thea advises clients on a broad range of privacy issues, such as privacy policies and data practices, responses to regulatory inquiries, and compliance obligations under federal and state privacy regulations, including biometric privacy laws. She also represents clients before the Federal Trade Commission in privacy enforcement actions and in consumer protection litigation.

Thea draws on her past experience across all branches of government to inform her practice and to advise clients on public policy matters. Most recently, Thea served as a clerk for the U.S. District Court for the Eastern District of Texas. Prior to beginning her legal career, Thea served as the communications director for the White House National Space Council, where she spearheaded messaging campaigns for Presidential Space Policy Directives and the administration’s civil, commercial, and defense space policy initiatives, and previously as the communications director for the U.S. House Committee on Science, Space, and Technology, where she managed the communications team and developed messaging strategies for policy and legislation covering several issue areas, including cybersecurity, advanced technologies, space, energy, environment, and oversight. She also served as a national spokesperson for President Trump’s 2020 campaign.

Thea is admitted to the DC Bar under DC App. R. 46-A (Emergency Examination Waiver); Practice Supervised by DC Bar members.

Read more about Thea McCulloughEmail
Show more Show less
Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Action Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. A highly skilled litigator, she defends clients in complex, high-stakes class action disputes, securing significant victories across various industries, including technology…

Kate Cahoy co-chairs the firm’s Class Action Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. A highly skilled litigator, she defends clients in complex, high-stakes class action disputes, securing significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate also plays a key role in the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Kate’s exceptional legal work has earned widespread recognition. The Daily Journal named her successful defense of Meta and Microsoft cases described below as among its Top Verdicts, recognizing some of the largest and most impactful verdicts in California.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. (Daily Journal, Top Verdicts of 2021. Law.com recognized Kate with a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws. (Daily Journal, Top Verdicts of 2024.)

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal, was recognized by the Daily Journal as a Top Attorney Under 40, and also was named to Bloomberg Law’s They’ve Got Next: The 40 Under 40 list.

Read more about Kathryn CahoyEmail
Show more Show less