California Invasion of Privacy Act (CIPA)

Subscribe to California Invasion of Privacy Act (CIPA) via RSS

Website tracking litigation continues to generate high stakes compliance risk, but not all privacy statutes are moving through the courts at the same pace. A notable divergence is emerging between the Video Privacy Protection Act (VPPA) and the California Invasion of Privacy Act (CIPA). Where the first is rapidly heading toward definitive interpretation by the

California resident Nathaniel Bee filed a lawsuit this week alleging that the ATP Tour’s website used third-party tracking technology that captured details on how visitors interacted with the site, including what content they viewed; how they navigated the website; and what type of device they used, without user consent in violation of the California Invasion

Until California’s legislature provides clearer guardrails, companies should expect continued class action activity under the California Invasion of Privacy Act (CIPA), targeting common website tracking technologies. Plaintiffs’ firms are actively testing how far this decades-old statute extends in the modern web environment, and courts have not reached a consensus. That uncertainty creates real litigation risk

Businesses that run consumer-facing websites have spent the past several years contending with a steady stream of California Invasion of Privacy Act (CIPA) demands and class actions aimed at everyday digital tools such as cookies, pixels, and analytics scripts. A recent decision from the Southern District of California, Camplisson v. Adidas Am., Inc., 2025

A new California trial court decision offers website operators some long-awaited relief in the ongoing wave of website privacy suits under the California Invasion of Privacy Act (CIPA). In early December, the Los Angeles County Superior Court, rejected an increasingly common theory that routine website analytics and tracking tools function as illegal “pen registers” or “trap

California’s strict privacy laws, particularly the California Invasion of Privacy Act (CIPA), are fueling a surge in class action lawsuits against major companies over their use of online tracking technologies. In recent weeks, prominent brands including Estée Lauder, Nike, and Luxottica have been hit with proposed class actions in the Northern District of California, all

The recent decision in Wiley v. Universal Music Group highlights how courts are scrutinizing website operators’ privacy controls and representations, particularly regarding cookie banners and opt-out tools. 2025 WL 3654085 (N.D. Cal. Dec. 17, 2025). In a recent decision, although Universal Music Group (UMG) dodged most of the putative class claims over its handling of

Overview of Commonwealth v. Kurtz

On December 16, 2025, the Pennsylvania Supreme Court held that individuals do not have a reasonable expectation of privacy in general, unprotected Google search records. Commonwealth v. Kurtz, No. 98 MAP 2023 (Pa. Dec. 16, 2025). In this criminal case, law enforcement obtained a so-called “reverse keyword search warrant” from

A recent federal court decision in Adam v. CaringBridge, Inc., No.  25-cv-06042-WHO, 2025 WL 3493565 (N. Cal. Dec. 5, 2025), offers a cautionary tale for plaintiffs in privacy class actions, and a strategic playbook for defendants. Even where a case is properly filed in California (the home turf for many privacy statutes and plaintiffs)

The 2025 California legislative session ended without passing critical reforms to the California Invasion of Privacy Act (CIPA), leaving businesses vulnerable and scrambling to manage escalating compliance challenges and legal exposure on their own.

Why Was Reform Needed?

CIPA, originally enacted in 1967 to protect against telephone wiretapping, has recently been used to challenge how websites collect