Litigation

“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”).  Last month, a California federal court confirmed one of the many reasons why the use of this software does not violate CIPA section 631: A defendant cannot “read” (or attempt to read) session replay data “in transit,” as CIPA requires, because “events recorded by” this software “do not become readable content until after they are stored and reassembled into a session replay.”  Torres v. Prudential Financial, Inc., 2025 WL 1135088 (N.D. Cal. Apr. 17, 2025). Continue Reading Court Grants Summary Judgment: Website Vendor Cannot Read “Session Replay” Data “In Transit” Under CIPA

Does a plaintiff’s use of a website constitute consent to a privacy policy linked in the website’s footer?  A Pennsylvania federal court answered yes in Popa v. Harriet Carter Gifts, Inc., 2025 WL 896938 (W.D. Pa. Mar. 24, 2025), granting summary judgment in favor of an online retailer (Harriet Carter Gifts) and its marketing partner (NaviStone) accused of collecting data about plaintiff’s website visit in violation of the Pennsylvania Wiretapping and Electronic Surveillance Control Act (“WESCA”).Continue Reading Implied Consent to Privacy Policy in Webpage Footer Forecloses Website Wiretapping Claim

Plaintiffs’ lawyers have continued to bring privacy claims targeting businesses that use vendors to help provide beneficial chat features on their website, as we last reported here.  Late last year, a Southern District of California judge dismissed another set of privacy claims challenging the routine use of these vendor services by Tonal, a popular smart home gym company named as the sole defendant in the lawsuit.  Jones v. Tonal Systems, Inc., 751 F. Supp. 3d 1025 (S.D. Cal. 2024).

Plaintiff Julie Jones, a California resident, claimed that she had visited Tonal’s website and used its chat feature to communicate with a Tonal customer service representative.  This chat feature allegedly incorporated an API run by another company to create and store transcripts of website visitors’ chats with Tonal’s customer service representatives.  According to the complaint, this alleged conduct constituted wiretapping, which Tonal purportedly aided and abetted in violation of Sections 631 and 632.7 of the California Invasion of Privacy Act (“CIPA”).  Plaintiff also asserted other privacy claims based on the same alleged conduct, including the California Unfair Competition Law (“UCL”) and the California Constitution’s right to privacy provision.

The Court granted Tonal’s motion to dismiss each of plaintiff’s claims on multiple grounds. Continue Reading Another California Court Rejects Privacy Claims Targeting Online Chat Feature

Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.”  Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025).  Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. Continue Reading California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel

A fan of celebrity LL Cool J filed a wiretapping suit against Community.com (“Community”), claiming that Community accessed her text message to LL Cool J in violation of the federal Wiretap Act and the California Invasion of Privacy Act (“CIPA”).  In an unpublished opinion highlighting that Section 632 of CIPA does not protect communications that are by nature a recorded medium, the Ninth Circuit affirmed dismissal of the plaintiff’s claims. See Boulton v. Community.com, Inc., No. 23-3145, 2025 WL 314813 (9th Cir. Jan. 28, 2025).Continue Reading Ninth Circuit Affirms Dismissal of CIPA and Wiretap Act Claims Against Celebrity Platform

Likely spurred by plaintiffs’ recent successes in cases under Illinois’s Biometric Information Privacy Act (“BIPA”), a new wave of class actions is emerging under Illinois’s Genetic Information Privacy Act (“GIPA”). While BIPA regulates the collection, use, and disclosure of biometric data, GIPA regulates that of genetic testing information. Each has a private right of action and provides for significant statutory damages, even potentially where plaintiffs allege a violation of the rule without actual damages.[1] From its 1998 enactment until last year, there were few GIPA cases, and they were largely focused on claims related to genetic testing companies.[2] More recently, plaintiffs have brought dozens of cases against employers alleging GIPA violations based on allegations of employers requesting family medical history through pre-employment physical exams. This article explores GIPA’s background, the current landscape and key issues, and considerations for employers.Continue Reading Employers Beware: New Wave of Illinois Genetic Information Privacy Act Litigation

The Ninth Circuit recently held that the Children’s Online Privacy Protection Act, which gives the Federal Trade Commission  authority to regulate the online collection of personal information from children under the age of 13, does not preempt consistent state law, potentially increasing the risk of class action litigation based on

Continue Reading Ninth Circuit Holds COPPA Does Not Preempt Consistent State Law Claims Premised on COPPA Violations

In a new post on the Inside Class Actions blog, our colleagues discuss a recent Third Circuit decision reinstating the putative class action Clemens v. ExecuPharm Inc., concluding there was sufficient risk of imminent harm after a data breach to confer standing on the named plaintiff when the

Continue Reading Data Breach and the Dark Web: Third Circuit Allows Class Action Standing With Sufficient Risk of Harm

After several twist and turns, on July 7th Intel Corp. succeeded in achieving final dismissal of class claims alleging that Intel knew about purported security vulnerabilities in its microprocessors and failed to disclose or mitigate those vulnerabilities.  The case, In Re Intel Corp. CPU Marketing, Sales Practices and Products

Continue Reading Court Dismisses Class Claims Related to Cyber Vulnerability Embargo

Last week, an Illinois federal district court granted the defendant’s motion to stay in Stegmann v. PetSmart, No. 1:22-cv-01179 (N.D. Ill.).  The case implicates the evolving law surrounding the scope of the Illinois Biometric Information Privacy Act (“BIPA”) and  a pending Illinois Supreme Court case that could provide an important defense to certain BIPA suits.Continue Reading Federal Court Stays Suit Implicating Accrual of Claims Under the Illinois Biometric Information Privacy Act