Until California’s legislature provides clearer guardrails, companies should expect continued class action activity under the California Invasion of Privacy Act (CIPA), targeting common website tracking technologies. Plaintiffs’ firms are actively testing how far this decades-old statute extends in the modern web environment, and courts have not reached a consensus. That uncertainty creates real litigation risk
terms of use
Can Law Enforcement Access Google Search Data Without a Warrant? Pennsylvania Says Yes
By Roma Patel on
Posted in Enforcement + Litigation
Overview of Commonwealth v. Kurtz
On December 16, 2025, the Pennsylvania Supreme Court held that individuals do not have a reasonable expectation of privacy in general, unprotected Google search records. Commonwealth v. Kurtz, No. 98 MAP 2023 (Pa. Dec. 16, 2025). In this criminal case, law enforcement obtained a so-called “reverse keyword search warrant” from…
VPPA Class Action Plaintiffs May Not Waive Arbitration Goodbye
By Roma Patel on
Posted in Enforcement + Litigation
On June 13, 2025, a federal court in the Northern District of California held that a putative Video Privacy Protection Act (VPPA) class action lawsuit belonged in arbitration, thanks to the defendant company’s arbitration clause.
If you’ve been following our blog, you’ve seen the rise in VPPA class action litigation against companies that provide video…
Is Your Business Trapped? The Rise of “Trap and Trace” Litigation
By Kathryn Rattigan on
Posted in Data Privacy
Almost every business has a website; every website should have a privacy policy, terms of use, and, in some cases, a consumer privacy rights notice—if certain state consumer privacy rights laws apply to your business, such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively CCPA). What about a…