Class Action Review: What We're Seeing With CIPA Class Actions In California Challenging Website Tracking Tools

Until the California legislature takes action, the plaintiff's bar will continue filing lawsuits challenging companies' website tracking tools under the California Invasion of Privacy Act, or CIPA. As of now, courts don't agree on how far this old California privacy law actually goes, which means companies should take action.

The CIPA was passed in 1967 to stop secret wiretapping by law enforcement and individuals. Today, the plaintiff's bar has seized on the CIPA to file class actions that challenge modern website tools like chat features, session-replay software, and analytics code, arguing that these tools violate the CIPA by secretly recording how visitors interact with a company's website. One of the primary issues that litigants grapple with is whether these tools actually "listen in" on confidential communications without proper consent when, in fact, many companies disclose the use of these tools in their Terms of Use or Privacy Policies, or both. Some courts have said yes, while others have said no, and thus, what action litigants should take in response to lawsuits has become hard to predict. Many companies simply settle and walk away.

In some cases, courts have allowed CIPA claims to proceed, concluding that website visitors could reasonably expect their chats, form entries, or clicks to be private, regardless of company disclosures. But in other cases, courts have dismissed CIPA claims, holding that website interactions aren't confidential if users are clearly told that their use and data may be collected or tracked. While this split remains unresolved, CIPA class actions surge on. And because CIPA violations call for damages of up to $5,000 per violation, even routine website activity tracking can be costly.

TAKEAWAY: Companies should review their Privacy Policies to ensure they are properly disclosing the tools they may use to track user information. Companies should also consider adding or redesigning their consent banners and reevaluating their use of website tracking tools altogether. Another good idea to consider is adding conspicuous arbitration clauses with class action waivers to Terms of Use. This may not stop the plaintiff's bar, but it should certainly give plaintiff's lawyers pause. Until the legislature steps in, CIPA class actions will continue.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.