Recently, a California federal court granted summary judgment for defendant Eating Recovery Center (“ERC”) on a plaintiff’s California Invasion of Privacy Act (“CIPA”) § 631(a) wiretapping claim, joining other California federal courts that have granted summary judgment on CIPA claims for a plaintiff’s failure to “satisfy [CIPA’s] ‘in transit’ requirement as a matter of law.”  In granting summary judgment, the court critiqued CIPA’s language as “ill-suited for application to internet communications” and called upon the California Legislature to “step up” and “speak clearly” about whether and how CIPA applies to website-based data collection tools.  Doe v. Eating Recovery Ctr., LLC, –F. Supp. 3d–, 2025 WL 2971090 (N.D. Cal. Oct. 17, 2025).Continue Reading California Court Grants Summary Judgment for Defendant, Urging the California Legislature to “Bring CIPA”—“A Total Mess”—“Into the Modern Age”

Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.”  Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025).  Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. Continue Reading California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel

Court decisions addressing “pen register” claims brought under the California Invasion of Privacy Act (“CIPA”) have started trickling in after last year saw an uptick in these claims targeting businesses’ use of website tools.  Two more California courts recently joined a growing trend dismissing pen register claims, but they did so on new grounds: one confirmed that CIPA’s pen register provision was not intended to cover “internet communications,” and another held that a website tool that allegedly collected “identifying information about visitors’ devices, from visitors’ devices” does not constitute a “pen register” or “trap and trace device.”  See Aviles v. Liveramp, Inc., 2025 WL 487196 (Cal. Super. Jan. 28, 2025); Sanchez v. Cars.com Inc., 2025 WL 487194 (Cal. Super. Jan. 27, 2025).Continue Reading Courts Hold CIPA’s Pen Register Provision Does Not Apply to Internet Communications or to Alleged Data Collection “About Visitors’ Devices, From Visitors’ Devices”