User consent bars website wiretapping claims brought under the California Invasion of Privacy Act (“CIPA”). As we reported on here, one way users may consent to the use of third-party website technologies is during a checkout process, such as via a checkbox indicating agreement to a website’s privacy policy. But is consent negated if a 10-minute timer begins counting down the moment a user enters that checkout process? A California court answered no in Washington v. Flixbus, Inc., 2025 WL 1592961 (S.D. Cal. June 5, 2025), rejecting a plaintiff’s argument that a countdown timer “imposes undue pressure that negates any consent.”Continue Reading User Consent Provided Under Time Pressure Is Still Consent Barring CIPA Suit

Matthew Verdin
Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in securing dismissals at the pleadings stage. For example, he won dismissal at the pleadings stage of over a dozen wiretapping class actions involving the alleged use of website analytics tools to collect data about users’ website visits. He also advises companies on managing litigation risk under federal and state wiretapping laws.
Matthew is also dedicated to pro bono legal services. Recently, he helped a domestic violence survivor win a case in the California Court of Appeal. Matthew’s oral argument led to the court ordering renewal of his client’s restraining order just one day later.
Collection of Website Visit Time Stamp Not Enough to Confer Article III Standing
Capture of personal or private information is a prerequisite to Article III standing in wiretapping cases brought under the California Invasion of Privacy Act (“CIPA”). As we reported on here, when a plaintiff fails to plead the capture of any such information, courts have dismissed the plaintiff’s complaint for…
Continue Reading Collection of Website Visit Time Stamp Not Enough to Confer Article III StandingHome Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
Health-related websites are increasingly targeted with wiretapping suits if they use pixels or other third-party technologies to power their websites. A few months ago, a California court dismissed on multiple grounds one such suit challenging the use of website pixels by Clearblue, a company that offers home pregnancy and fertility test kits. Saedi v. SPD Swiss Precision Diagnostics d/b/a Clearblue, 2025 WL 1141168 (C.D. Cal. Feb. 27, 2025).Continue Reading Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPA
“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”). Last month, a California federal court confirmed one of the many reasons why the use of this software does not violate CIPA section 631: A defendant cannot “read” (or attempt to read) session replay data “in transit,” as CIPA requires, because “events recorded by” this software “do not become readable content until after they are stored and reassembled into a session replay.” Torres v. Prudential Financial, Inc., 2025 WL 1135088 (N.D. Cal. Apr. 17, 2025). Continue Reading Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPA
“Tester” Plaintiff Who “Actively Seeks Out Privacy Violations” Lacks Standing to Pursue CIPA Claim
Lawsuits targeting businesses’ use of website tools under the California Invasion of Privacy Act (“CIPA”) increasingly are filed by so-called “tester” plaintiffs. These plaintiffs seek out websites to “test” for potential CIPA violations and then file lawsuits seeking damages for those alleged violations. A California federal court recently confirmed that…
Continue Reading “Tester” Plaintiff Who “Actively Seeks Out Privacy Violations” Lacks Standing to Pursue CIPA ClaimImplied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim
Does a plaintiff’s use of a website constitute consent to a privacy policy linked in the website’s footer? A Pennsylvania federal court answered yes in Popa v. Harriet Carter Gifts, Inc., 2025 WL 896938 (W.D. Pa. Mar. 24, 2025), granting summary judgment in favor of an online retailer (Harriet Carter Gifts) and its marketing partner (NaviStone) accused of collecting data about plaintiff’s website visit in violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”).Continue Reading Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim
Another California Court Rejects Privacy Claims Targeting Online Chat Feature
Plaintiffs’ lawyers have continued to bring privacy claims targeting businesses that use vendors to help provide beneficial chat features on their website, as we last reported here. Late last year, a Southern District of California judge dismissed another set of privacy claims challenging the routine use of these vendor services by Tonal, a popular smart home gym company named as the sole defendant in the lawsuit. Jones v. Tonal Systems, Inc., 751 F. Supp. 3d 1025 (S.D. Cal. 2024).
Plaintiff Julie Jones, a California resident, claimed that she had visited Tonal’s website and used its chat feature to communicate with a Tonal customer service representative. This chat feature allegedly incorporated an API run by another company to create and store transcripts of website visitors’ chats with Tonal’s customer service representatives. According to the complaint, this alleged conduct constituted wiretapping, which Tonal purportedly aided and abetted in violation of Sections 631 and 632.7 of the California Invasion of Privacy Act (“CIPA”). Plaintiff also asserted other privacy claims based on the same alleged conduct, including the California Unfair Competition Law (“UCL”) and the California Constitution’s right to privacy provision.
The Court granted Tonal’s motion to dismiss each of plaintiff’s claims on multiple grounds.Continue Reading Another California Court Rejects Privacy Claims Targeting Online Chat Feature
California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel
Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.” Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025). Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. Continue Reading California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel
Recording of Customer Service Call “Not Private or Personal Enough” to Confer Article III Standing
Many businesses use customer support software that may include call recording features to help ensure a better customer service experience. A California federal court dismissed a wiretapping lawsuit filed against a software company offering this software tool (TalkDesk), holding that TalkDesk’s alleged recording of customers’ conversations with clothing retailers “is simply not private or personal enough to confer [Article III] standing.” See Lien, et al., v. Talkdesk, Inc., No. 24-CV-06467-VC, 2025 WL 551664 (N.D. Cal. Feb. 19, 2025).Continue Reading Recording of Customer Service Call “Not Private or Personal Enough” to Confer Article III Standing
Courts Hold CIPA’s Pen Register Provision Does Not Apply to Internet Communications or to Alleged Data Collection “About Visitors’ Devices, From Visitors’ Devices”
Court decisions addressing “pen register” claims brought under the California Invasion of Privacy Act (“CIPA”) have started trickling in after last year saw an uptick in these claims targeting businesses’ use of website tools. Two more California courts recently joined a growing trend dismissing pen register claims, but they did so on new grounds: one confirmed that CIPA’s pen register provision was not intended to cover “internet communications,” and another held that a website tool that allegedly collected “identifying information about visitors’ devices, from visitors’ devices” does not constitute a “pen register” or “trap and trace device.” See Aviles v. Liveramp, Inc., 2025 WL 487196 (Cal. Super. Jan. 28, 2025); Sanchez v. Cars.com Inc., 2025 WL 487194 (Cal. Super. Jan. 27, 2025).Continue Reading Courts Hold CIPA’s Pen Register Provision Does Not Apply to Internet Communications or to Alleged Data Collection “About Visitors’ Devices, From Visitors’ Devices”