Technology

A recent decision from the Southern District of California underscores a point courts have made increasingly clear after the Ninth Circuit’s precedential decision in Popa v. Microsoft: alleging the disclosure of online activity—even activity touching on sensitive health topics—is not enough, by itself to establish Article III standing.  As the Court put it, the mere allegation that a defendant disclosed “sensitive health related” search terms, without any indication in the search terms that they “were tied to his personal medical history,” cannot establish a concrete injury.  Maghoney v. Dotdash Meredith, Inc., 2026 WL 497402 (S.D. Cal. Feb. 23, 2026) (emphasis added).

Continue Reading Sensitive Search Terms Not Enough To Establish Article III Standing Under Popa

We have routinely highlighted the proliferation of wiretapping class actions, and the variety of approaches courts have taken to address them.  One common pitfall for plaintiffs in these types of cases is standing, an issue highlighted in a recent Third Circuit case throwing out a proposed federal class action against Harriet Carter Gifts and NaviStone Inc., and remanding it to state court.  

The case, Popa v. Harriet Carter Gifts, Inc., No. 25-1760 (3d. Cir. 2026), involved plaintiff’s allegations that Harriet Carter Gifts and NaviStone tracked her browsing activity on Harriet Carter’s website while she shopped for pet stairs, purportedly in violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act.  After removal, the district court twice granted summary judgment for the defendants, and both decisions were appealed to the Third Circuit. 

Continue Reading Stand Aside:  Third Circuit Throws Out Harriet Carter Gifts Federal Wiretapping Case On Standing Grounds

Recently, a Pennsylvania federal judge dismissed a suit challenging the use of a third-party website analytics tool by defendant Highlands Healthcare, Inc., an integrated health system with eight hospitals in Pennsylvania.  The Court concluded plaintiffs had failed to plead the “specifics” of their interactions with defendant’s website, which were “essential to convert [the] case” from a “law-school hypothetical to an actionable dispute” under the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”), the state law analog to the Federal Wiretap Act.  Muraski v. Penn Highlands Healthcare, Inc., 2026 WL 353041 (W.D. Pa. Feb. 9, 2026).

Continue Reading Pennsylvania Court Dismisses WESCA Suit Alleging Use of Analytics Tools Against Health System, Requiring “Specifics” for an “Actionable Dispute”

Are AI prompts, and their generative outputs, discoverable in litigation? A handful of recent district court cases suggest the answer depends on whether the AI prompts and outputs constitute attorney work product.

In Tremblay v. OpenAI, Inc., 2024 WL 3748003 (N.D. Cal. Aug. 8, 2024), the court held that AI prompts written by lawyers can constitute opinion work product when used for litigation-related purposes. The court explained that AI “prompts were queries crafted by counsel and contain counsel’s mental impressions and opinions about how to interrogate [an AI tool], in an effort to vindicate Plaintiffs’ copyrights against the alleged infringements.” In so doing, the court squarely rejected defendant’s argument that AI prompts and outputs only rise to the level of fact work product as opposed to opinion work product. That distinction is important, as opinion work product is offered near-absolute protection from disclosure whereas fact work product is discoverable upon a showing of substantial need for the materials and an inability to secure a substantial equivalent without undue hardship.

Continue Reading A Closer Look: The Discoverability of Artificial Intelligence Prompts

In 2025, courts continued to issue significant decisions concerning the application of wiretap and privacy laws to pixels, session replay, and other website technologies. Over the past year, we have featured posts discussing claims regarding website analytics and advertising tools brought under the federal Wiretap Act, the California Invasion of Privacy Act (“CIPA”), the Video Privacy Protection Act (“VPPA”), and other laws.  A selection of posts highlighting important developments in this area is below. 

Continue Reading Website Wiretapping Roundup: 2025 Decisions and Developments 

In many privacy and other technology-related class actions, the question of whether consumers consent to the practice at issue is central.  In these cases, class action defendants have defeated motions for class certification by successfully arguing that consent is an individualized issue that is not susceptible to common proof.  And though class action plaintiffs may try and avoid this problem by excluding consenting individuals from their class definition, that solution can create new problems, including impermissible “fail-safe” classes—i.e., classes that cannot be defined until a case is resolved on the merits.

Continue Reading Sixth Circuit Denies Permission to Appeal Class Certification Order Raising Questions of Consent and Fail-Safe Classes

The Eighth Circuit recently affirmed dismissal of a putative class action asserting that defendant Cinema Entertainment Corporation, a regional movie theater chain, violated the Video Privacy Protection Act (“VPPA”) by disclosing website visitors’ information through a third-party pixel.  See Christopherson v. Cinema Ent. Corp., No. 24-3042, 2025 WL 3512393 (8th Cir. Dec. 8, 2025). 

Continue Reading Eighth Circuit Affirms Dismissal of VPPA Claim

Last week, the Third Circuit affirmed dismissal of a putative class action asserting that defendant Quest Diagnostics violated the California Invasion of Privacy Act (“CIPA”) and the Confidentiality of Medical Information Act (“CMIA”) by employing a website pixel to track and collect data about their website activity for advertising purposes.  See Cole v. Quest Diagnostics Inc., No. 25-1449, 2025 WL 3172640 (3d Cir. Nov. 13, 2025).  The Third Circuit held that Quest was not liable under CIPA for aiding and abetting wiretapping because no wiretapping had occurred, nor under CMIA because Plaintiffs had not alleged the disclosure of protected “medical information.”

Continue Reading Third Circuit Affirms Dismissal of CIPA and CMIA Claims

Recently, a California federal court granted summary judgment for defendant Eating Recovery Center (“ERC”) on a plaintiff’s California Invasion of Privacy Act (“CIPA”) § 631(a) wiretapping claim, joining other California federal courts that have granted summary judgment on CIPA claims for a plaintiff’s failure to “satisfy [CIPA’s] ‘in transit’ requirement as a matter of law.”  In granting summary judgment, the court critiqued CIPA’s language as “ill-suited for application to internet communications” and called upon the California Legislature to “step up” and “speak clearly” about whether and how CIPA applies to website-based data collection tools.  Doe v. Eating Recovery Ctr., LLC, –F. Supp. 3d–, 2025 WL 2971090 (N.D. Cal. Oct. 17, 2025).

Continue Reading California Court Grants Summary Judgment for Defendant, Urging the California Legislature to “Bring CIPA”—“A Total Mess”—“Into the Modern Age”

On October 20, a California trial court granted summary judgment in favor of defendants in Mach v. Yardi Systems, Inc., rejecting class plaintiffs’ claims that defendants violated California’s antitrust law, the Cartwright Act, through their common use of rental pricing software.  The decision, which relied on “critical” evidence produced

Continue Reading California Court Rejects First Algorithmic Price Fixing Case to Reach Summary Judgment