On April 29, 2025, the Senate Public Safety Committee voted 6-0 to advance legislation that would exempt processing of personal information for a commercial business purpose from coverage by the California Invasion of Privacy Act (CIPA). Three years after extensive wiretapping litigation first emerged targeting the use of website pixels or similar technologies, the amendment could mark the end of the road for a large swath of wiretap litigation in the state and potentially nationwide.
Why is the California legislature considering amending CIPA?
In recent years, companies that host session replay software, chat bots, advertising pixels or similar technologies, search bar URLs, and other data collection technologies on their websites have been inundated with lawsuits from multiple jurisdictions claiming the technologies "intercept" the communications from visitors without consent in violation of decades old state and federal wiretap laws, including CIPA. While most wiretap laws predate the modern internet, private litigants have increasingly brought claims rooted in the idea that consumer actions on websites are "communications" and that in collecting data about these actions for advertising, analytics, or customer support functions, websites are listening in on these "communications" illegally.
Some courts have rejected this argument – including in Vita v. New England Baptist Hospital, where the Massachusetts Supreme Judicial Court held that web browsing data does not constitute a communication under the Massachusetts Wiretap Act. However, the results have been inconsistent across the U.S., making it difficult for businesses to form a cohesive national approach to compliance.
How would S.B. 690 stop wiretap litigation?
S.B. 690 purports to amend CIPA by permitting businesses to process personal information for a "commercial business purpose," in two key ways:
- First, S.B. 690 exempts businesses from liability under CIPA if their conduct is for a commercial business purpose.
- Second, S.B. 690 makes plain that a "pen register" and "trap and trace device"—both the subject of wiretap litigation—exclude a device or process that is used in a manner consistent with a commercial business purpose.
What are eligible commercial business purposes under the CIPA amendment?
The bill defines a "commercial business purpose" broadly.
It includes the processing of personal information in furtherance of a business purposes under the CCPA, which includes operational purposes such as auditing ad impressions, ensuring security and integrity of networks or information systems, detection of security incidents, performing services on behalf of another business, and providing advertising and marketing services (other than targeted advertising). This category reasonably covers processing of data by a service provider.
In addition, a commercial business purpose includes any processing of personal information subject to a consumer's right to opt out, such as a sale or share of personal information, or the use or disclosure of sensitive data to infer characteristics about a consumer. This category reasonably covers most targeted advertising services that constitute a sale of personal information under the CCPA.
How would S.B. 690 impact existing litigation or threatened litigation?
As currently drafted, the bill includes a provision stating that it is retroactive and applies to any case pending as of January 1, 2026. At the April 29th hearing, Senators Scott Weiner and Sasha Renée Pérez called to remove the bill's retroactive application, although the bill was voted out of committee with the provision intact.
What comes next for S.B. 690?
At the April 29th hearing, S.B. 690 passed out of the Public Safety Committee and now moves through the Senate's Appropriations Committee process. At the hearing, Senators who voted to advance the legislation expressed concern that the legislation could remove a check on 'big tech' companies. As the legislation advances, we'll continue to monitor for any amendments that potentially narrow the applicability of the bill.
The California Senate has until June 6, 2025 to pass legislation.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
