ARTICLE
29 January 2025

Can't Teach An Old Dog New CIPA Claim Tricks

KM
Klein Moynihan Turco LLP

Contributor

Klein Moynihan Turco LLP (KMT) maintains an extensive practice, with an international client base, in the rapidly developing fields of Internet, telemarketing and mobile marketing law, sweepstakes and promotions law, gambling, fantasy sports and gaming law, data and consumer privacy law, intellectual property law and general corporate law.
Despite some favorable rulings, lawsuits alleging California Invasion of Privacy Act ("CIPA") claims against companies that use third-party tracking technology...
United States Privacy

Despite some favorable rulings, lawsuits alleging California Invasion of Privacy Act ("CIPA") claims against companies that use third-party tracking technology to collect consumer data on their websites show no signs of slowing down. This fact is illustrated by two recent California State court lawsuits which allege CIPA claims for Defendants' alleged use of third-party tracking technology on their websites.

CIPA Claims Continue To Be Filed

In Tulin v. Spark Fun Electronic Inc., Plaintiff asserted CIPA claims against Defendant for its alleged use of third-party tracking software and code to "create a unique digital profile of each individual website visitor." Specifically, Plaintiff alleges that Defendant secretly attaches a "tracking beacon" to the devices of those who visit Defendant's website to collect, among other things, the user's: (1) IP address; (2) operating system and browser information; (3) geolocation data; and (4) email address. Collection of this information allegedly allows Defendant to "digitally fingerprint" users who visit Defendant's website. Use of these "tracking beacons," according to the Complaint, violates CIPA because they constitute trap and trace devices or pen registers and are used without a visitor's consent. The Complaint further alleges that Defendant illegally wiretaps website visitor communications by: (1) using session replay code to "intercept, record, save, and replay website visitors' interactions"; and (2) sending this information to a third-party who stores and replays the collected data.

Similarly, in Garcia v. Everquote, Inc., Plaintiff asserted a CIPA claim on behalf of himself and a purported class of consumers. The Complaint alleges that Defendant utilizes third-party software that "gathers device and browser information, geographic information, referral tracking, and url tracking by running code or 'scripts' on the Website to send user details . . ." to the third-party software provider. Plaintiff further alleges that the third-party software violates CIPA because it is tantamount to a "trap and trace device," a device which captures incoming dialing, routing, addressing, and signaling information. According to the Complaint, the third-party software begins collecting consumer information the moment a consumer visits the website and before Defendant obtains consumer consent to this data collection.

What Should You Do If You're Facing CIPA Claims?

As our readers know, CIPA claims can be expensive. The statute allows for a private right of action and the recovery of: (1) $5,000 per violation; or (2) three times the amount of actual damages, if any; and (3) injunctive relief. As such, the plaintiffs' bar will continue to file lawsuits alleging CIPA claims against businesses until California courts stop entertaining them.

Similar Blog Posts:

CIPA and Trap and Trace Devices

Help! I Was Served With A CIPA Lawsuit

Federal Wiretapping Claims – The Next Frontier? 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More