Adding to a growing body of case law following the Ninth Circuit’s decision in Popa v. Microsoft Corporation, a California federal court has dismissed for lack of subject matter jurisdiction a privacy suit against a news website, holding that the plaintiffs failed to allege a concrete injury sufficient to establish Article III standing. In Re: USA Today Co., Inc. Internet Tracking Litigation, 2026 WL 932655, at *3 (N.D. Cal. Apr. 6, 2026).
Continue Reading Another Court Dismisses Website Privacy Suit for Lack of Article III StandingData Privacy and Cybersecurity
Sensitive Search Terms Not Enough To Establish Article III Standing Under Popa
A recent decision from the Southern District of California underscores a point courts have made increasingly clear after the Ninth Circuit’s precedential decision in Popa v. Microsoft: alleging the disclosure of online activity—even activity touching on sensitive health topics—is not enough, by itself to establish Article III standing. As the Court put it, the mere allegation that a defendant disclosed “sensitive health related” search terms, without any indication in the search terms that they “were tied to his personal medical history,” cannot establish a concrete injury. Maghoney v. Dotdash Meredith, Inc., 2026 WL 497402 (S.D. Cal. Feb. 23, 2026) (emphasis added).
Continue Reading Sensitive Search Terms Not Enough To Establish Article III Standing Under PopaSeventh Circuit Holds that BIPA Amendment Applies Retroactively
By Inside Privacy on
Posted in Data Privacy and Cybersecurity, Seventh Circuit
In a new post on the Inside Privacy blog, our colleagues discuss the Seventh Circuit’s recent Clay v. Union Pacific Railroad Company holding that a 2024 amendment to the Illinois Biometric Information Privacy Act (BIPA) limiting damages to a per-person basis applies retroactively to cases pending when the amendment…
Continue Reading Seventh Circuit Holds that BIPA Amendment Applies RetroactivelyStand Aside: Third Circuit Throws Out Harriet Carter Gifts Federal Wiretapping Case On Standing Grounds
We have routinely highlighted the proliferation of wiretapping class actions, and the variety of approaches courts have taken to address them. One common pitfall for plaintiffs in these types of cases is standing, an issue highlighted in a recent Third Circuit case throwing out a proposed federal class action against Harriet Carter Gifts and NaviStone Inc., and remanding it to state court.
The case, Popa v. Harriet Carter Gifts, Inc., No. 25-1760 (3d. Cir. 2026), involved plaintiff’s allegations that Harriet Carter Gifts and NaviStone tracked her browsing activity on Harriet Carter’s website while she shopped for pet stairs, purportedly in violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act. After removal, the district court twice granted summary judgment for the defendants, and both decisions were appealed to the Third Circuit.
Continue Reading Stand Aside: Third Circuit Throws Out Harriet Carter Gifts Federal Wiretapping Case On Standing GroundsFederal Court Rejects Claim that Cookies Are Illegal Trap and Trace Devices
By Erin Moore & Megan Rodgers on
Posted in Data Privacy and Cybersecurity
Many California-based privacy claims have turned on the application of longstanding statutes to modern technologies, with courts frequently holding that certain online tracking technologies can qualify as impermissible trap-and-trace devices in violation of California Penal Code section 638.51, part of the California Invasion of Privacy Act (CIPA). A recent decision from the Central District of California, however, signals that these arguments will not always succeed.
Continue Reading Federal Court Rejects Claim that Cookies Are Illegal Trap and Trace DevicesPennsylvania Court Dismisses WESCA Suit Alleging Use of Analytics Tools Against Health System, Requiring “Specifics” for an “Actionable Dispute”
By Kathryn Cahoy & Rachel Bercovitz on
Recently, a Pennsylvania federal judge dismissed a suit challenging the use of a third-party website analytics tool by defendant Highlands Healthcare, Inc., an integrated health system with eight hospitals in Pennsylvania. The Court concluded plaintiffs had failed to plead the “specifics” of their interactions with defendant’s website, which were “essential to convert [the] case” from a “law-school hypothetical to an actionable dispute” under the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”), the state law analog to the Federal Wiretap Act. Muraski v. Penn Highlands Healthcare, Inc., 2026 WL 353041 (W.D. Pa. Feb. 9, 2026).
Continue Reading Pennsylvania Court Dismisses WESCA Suit Alleging Use of Analytics Tools Against Health System, Requiring “Specifics” for an “Actionable Dispute”Another Federal Court Dismisses Wiretapping Claims Premised on Crime-Tort Exception
By Vivian Wen, Jordan Joachim & Kathryn Cahoy on
Posted in Data Privacy and Cybersecurity
Another recent federal court decision endorsed the “heightened intent requirement” for satisfying the crime-tort exception of the federal Wiretap Act. Progin v. UMass Mem’l Health Care, Inc., 2026 WL 632770, at *4–5 (D. Mass. Mar. 6, 2026).
In Progin, the plaintiffs claimed that the defendants, healthcare and hospital…
Continue Reading Another Federal Court Dismisses Wiretapping Claims Premised on Crime-Tort ExceptionCourt Dismisses Federal Wiretap Claim Premised on Crime-Tort Exception, Rejects Aiding-and-Abetting Liability
By Kathryn Cahoy & Thea McCullough on
Posted in Data Privacy and Cybersecurity
A recent Washington federal court decision emphasizes two key federal Wiretap Act principles. First, the Act’s crime-tort exception only applies if there are plausible allegations that a party to the communication intercepted communications specifically to commit a separate wrongdoing. Second, the statute does not allow secondary liability for “procuring” an interception by a third party. Nichols v. PeaceHealth Networks on Demand LLC, 2026 WL 607763, at *3-4 (W.D. Wash. Mar. 4, 2026).
Continue Reading Court Dismisses Federal Wiretap Claim Premised on Crime-Tort Exception, Rejects Aiding-and-Abetting LiabilityUse of AI Call Center Without Consent Not a Federal Wiretap Violation, Court Holds
By Kathryn Cahoy, Libbie Canter & Thea McCullough on
Posted in Data Privacy and Cybersecurity
As businesses increasingly deploy AI-powered call centers to streamline customer service, plaintiffs have turned to decades-old wiretapping laws to challenge these tools. In a recent decision, however, an Illinois federal district court held that use of an AI call analysis platform without caller consent does not violate the federal Wiretap Act because it falls within the statute’s ordinary course of business exception. Lisota v. Heartland Dental, LLC, 2026 WL 91667, at *6 (N.D. Ill. Jan. 13, 2026).
Continue Reading Use of AI Call Center Without Consent Not a Federal Wiretap Violation, Court HoldsSanctions Order in Website Wiretapping Suit Reinforces Importance of Early Fact Investigation
By Rachel Lia, Thea McCullough & Matthew Verdin on
Posted in Data Privacy and Cybersecurity, Litigation
In an effort to overcome hurdles to Article III standing, many website wiretapping suits today accuse businesses of unlawfully sharing sensitive health or financial data with third parties. However, Federal Rule of Civil Procedure 11(b) requires plaintiffs’ lawyers to ensure that these “factual contentions” in a complaint “have evidentiary support.” A California federal judge gave teeth to this requirement in a recent sanctions order, admonishing the plaintiff’s lawyers for “advancing unfounded and irrelevant allegations” about a business’s sharing of “health information.” Mitchener v. Talkspace Network LLC, No. 2:24-CV-07067-JAK (BFMX), 2026 WL 84466, at *3-4 (C.D. Cal. Jan. 7, 2026).
Continue Reading Sanctions Order in Website Wiretapping Suit Reinforces Importance of Early Fact Investigation