- within Compliance, Consumer Protection, Government and Public Sector topic(s)
- with readers working within the Banking & Credit, Business & Consumer Services and Construction & Engineering industries
On Friday, October 17, 2025, U.S. District Court Judge Vince Chhabria issued a biting Order granting defendant Eating Recovery Center, LLC's ("ERC") motion for summary judgment on the plaintiff Jane Doe's California Invasion of Privacy Act (CIPA) claims, a law enacted in 1967 to address the increasing use of wiretapping to eavesdrop on private phone conversations. In particular, Judge Chhabria found it "undisputed" that the alleged Meta Pixel did not read, attempt to read or attempt to learn the contents of Doe's communications with ERC while the communications were in transit as is required by the statute, and thus Doe's CIPA claims failed.
More notable were Judge Chhabria's thoughts on the state of recent plaintiffs' attempts to apply CIPA's "already obtuse language" to website activity and online technologies. Calling the statute "a total mess," Judge Chhabria opined that it "was a mess from the get-go, but the mess gets bigger and bigger as the world continues to change." As a result, Courts are now faced with the "borderline impossible" task of determining whether website operators' conduct falls under the ambit of the CIPA statute.
He further noted that the CIPA language at issue is "ambiguous," acknowledging that there was at least an interpretation wherein ERC's alleged online conduct violates CIPA. However, because CIPA is a criminal statute imposing criminal liability and punitive civil penalties, the "Rule of Lenity" of applies, even when invoked in a civil action. Under the Rule of Lenity, Courts must narrowly construe civil statutes that impose punitive civil penalties. That narrower interpretation does not cover ERC's alleged conduct.
In his final call to action, Judge Chhabria called on the California Legislature to "step up" and "bring CIPA into modern age" to address whether such online activity should be covered by the statute. California courts are consistently issuing conflicting rulings in CIPA cases, which leaves businesses and practitioners equally confused. Judge Chhabria urged the Legislature to not only go back to the drawing board, but to "erase the board entirely and start writing something new."
Senate Bill 690, which failed to advance out of committee in the California State Assembly, would not have erased the drawing board entirely but did attempt to clarify that CIPA would not apply when used for "a commercial business purpose." The bill unanimously passed the Senate in June 2025; however, as a result of being stalled in the Assembly, will not move forward until 2026 at the earliest (if at all).
Key Considerations
With the ongoing uncertainty surrounding CIPA exposure, companies should give careful thought to their cookie banner / consent management practices, including conducting regular testing to ensure operation is consistent with expectations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
