The ‘Long Arm’ of CIPA and Its Newfound Pen-Trap Claims
Online privacy litigation continues to surge—and professional sports is one of its most visible battlegrounds. In the past two years, the NBA fought a data-sharing lawsuit, the Chicago Cubs faced biometric privacy claims over...more
The Association of Corporate Counsel (ACC) is urging the California Court of Appeal to resolve growing questions around whether the California Invasion of Privacy Act (CIPA) should be applied to commonplace technologies like...more
Most companies want to understand how visitors interact with their websites. That insight supports better user experiences, improved conversion rates and more effective marketing. However, practices that were once routine are...more
Companies are increasingly turning to AI to support or run their customer service operations and potentially opening the door to significant legal risks. Few states have AI-specific laws on the books but regulators and...more
What began as a niche theory in California privacy litigation has, by early 2026, become a fast-moving plaintiff playbook. For in-house counsel at companies that collect consumer data through websites—retail, ad tech,...more
A recent ruling against CNN illustrates how courts beyond California continue to grapple with that state’s wiretap law: the California Invasion of Privacy Act (“CIPA”). Among other things, CIPA regulates use of “pen...more
Welcome to Part Two of our series that examines the ECPA as a private right of action for privacy policy inaccuracies. In Part One of this series, we examined how a wave of state-law wiretapping litigation — predominantly...more
A recent decision from the Northern District of California reminds corporate defendants in Internet tracking cases that strategies to defeat class certification based on individualized issues can be just as critical as...more
Website advertising technology has been the subject of much recent litigation. While California plaintiffs have sought to reframe website cookies as illegal "trap and trace" devices in violation of the California Invasion of...more
If you were hoping the courts would offer clarity to the wave of California privacy litigation targeting website tracking technology, four decisions issued in just 10 days this April suggest you may be waiting a while. Four...more
On January 13, 2025, we published a client alert in which we warned that the plaintiffs’ bar had begun adapting theories used in a wave of healthcare website-tracking class actions to target financial institutions, and...more
A federal judge has ruled that CNN must face a proposed class action alleging that its website shared consumers’ personal information with Microsoft and adtech firms without consent, in alleged violation of the California...more
An August 2025 federal court ruling has opened the door for plaintiffs to use alleged inaccuracies or misrepresentations in a company’s privacy policy and other privacy disclosures as the basis for a federal wiretapping claim...more
A popular digital ed-tech platform recently paid $17.25M to settle a class action lawsuit filed by Chicago’s Board of Education that alleged it illegally tracked confidential student information through third-party analytics...more
A new putative class action in the Northern District of California (Case No. 3:26-cv-01133) targets Lenovo’s use of third‑party tracking pixels on its U.S. website, advancing a novel “bulk transfer” theory that links routine...more
Has your company received a CIPA demand letter or been sued in court or arbitration for alleged CIPA violations? If not, you are one of the lucky few. Plaintiffs’ firms and pro se individuals are sending demand letters and...more
A broad coalition of California businesses, nonprofits, healthcare providers, and community organizations formally launched a campaign this week to push for reform of the state law being weaponized against businesses that use...more
“This call may be monitored or recorded for quality assurance purposes” – ever wonder where this came from? That script is a practical result of California’s Invasion of Privacy Act (CIPA)—a Cold War–era wiretap law now being...more
In 2025 alone there were over 1,000 lawsuits filed alleging violations of the California Invasion of Privacy Act (CIPA). Plaintiffs typically allege that third-party cookies, pixels, or other tracking mechanisms violate...more
This alert summarizes several new areas of litigation that online retailers who market to consumers in Washington and California, and/or whose websites are accessible to consumers in these two states, should understand and...more
Several recent California state court decisions have thrown companies into a state of confusion about whether they can face claims under the California Invasion of Privacy Act (CIPA) for use of tracking technologies on...more
A federal court in the Southern District of California declined to dismiss wiretapping and eavesdropping claims tied to Skullcandy Inc.’s alleged use of online trackers on its retail website, allowing the lawsuit to move...more
The use of email-tracking technology is drawing heightened regulatory scrutiny and has become a growing target of litigation. For many organizations, these technologies, which could be in the form of a “pixel,” “beacon” or...more
Almost three years ago, we warned of class action lawsuits being filed against entities in certain industries, such as health care. Fast forward to today, where companies in a variety of industries, including construction and...more
The Law Conference of Champions brings together leading voices from government, industry, and the legal community to engage in practical, forward-looking discussions on advertising law, consumer protection, data privacy, and...more