- within Intellectual Property and International Law topic(s)
- with readers working within the Basic Industries and Law Firm industries
There may be light at the end of the tunnel for California’s businesses, agencies, and non-profits who are facing claims under the California Invasion of Privacy Act (“CIPA”). On July 1, 2026, the California State Assembly Committee on Privacy and Consumer Protection held a hearing on Senate Bill 690 (“SB 690”) and discussed how to stop vexatious CIPA lawsuits while protecting Californians’ privacy rights.
Background
CIPA claims have been on the rise over the last two years with a handful of law firms and serial plaintiffs filing thousands of claims and sending even more demands against businesses, public agencies, and non-profits. CIPA was designed to stop wiretapping telephones in 1967, but these law firms and plaintiffs now claim that website trackers are like wiretaps or “pen registers” and thus violate sections 631 and 638.51 of CIPA. State and federal courts have made inconsistent rulings on these claims, and there are no appellate rulings yet. Many businesses opt to pay a settlement amount to avoid litigation. While a CIPA settlement or litigation costs may be an annoyance for some large businesses, it can be devastating for medium and small businesses, agencies, and non-profits.
The California State Senate attempted to end these CIPA claims by proposing SB 690 on February 21, 2025. The proposed bill would have created an exception for pen registers (section 638.51), wiretapping (section 631), and recording (section 632) used for “commercial business purposes.” Opponents objected that the language was too broad and could create genuine privacy issues. For example, would the bill allow a company to record conversations secretly (such as by turning on the microphone of a device or switching a Zoom setting) as long as the company identified a commercial business purpose? Though the bill passed in the Senate, the Assembly determined it needed more work and sent it to the Committee on Privacy and Consumer Protection for review and revision.
2026 Proposed Amendments
On June 30, 2026, SB 690’s authors proposed amendments to the bill. The Synopsis of the Proposed Amendment notes that the bill was “too blunt of a solution” as originally drafted and that the currently proposed amendments seek to respond “directly and surgically to the most pressing problem at hand.” The key proposed amendments are listed below:
- SB 690 now only limits the private right to bring an action for pen registers (section 638.51) under section 637.2. The bill makes no changes to the private right to bring an action for wiretapping (section 631) or recording (section 632) under section 637.2.
- Only the California Attorney General may bring an action for violations of the pen register statute arising from “conduct occurring on an internet website, online application, or mobile application.”
- SB 690 is retroactive for two years before the operative date of the bill.
Committee Hearing
At the committee hearing on July 1, 2026, both the proponents and the opponents of SB 690 recognized that the Legislature must take action to stop these vexatious and abusive lawsuits. The opposition specifically expressed sympathy for the targets of the CIPA lawsuits, though they remained concerned about protecting Californians’ privacy rights.
Speaking in favor of SB 690, Senator Anna M. Caballero explained that the goal of SB 690 is to “protect California businesses from a new wave of abusive lawsuits” seen so far from four law firms and a few serial plaintiffs. She discussed the recent explosion of CIPA litigation, noting that there were 600 cases when SB 690 was written and that there are now 4,000 lawsuits – a huge increase that does not even include the unknown number of demand letters that led to private settlements. Senator Caballero noted that even though CIPA became law “way before the internet was a twinkle in anyone’s eye,” anyone with a functioning website in California is a target for CIPA litigation.
Jeff Glasser (the General Counsel of the Los Angeles Times) and Usama Kahf (a partner at Fisher Phillips) also spoke in favor the bill. Mr. Glasser discussed his paper facing a class action for its advertisements and called for the loophole that allows shakedown lawsuits to be closed while protecting consumers. Mr. Kahf estimated that 50,000 websites have been targeted and noted that all businesses with a website presence in California are being targeted, even those in full compliance with CIPA. For the opposition, Dolores Huerta (the President of the Dolores Huerta Foundation) stated that privacy is a human right and a civil right, not a luxury. Citing examples of tech companies using or sharing private information, Ms. Huerta stated that SB 690 would make privacy abuses easier and would particularly harm immigrants seeking safety, women seeking health care, and members of the LGBTQ community seeking resources. Ms. Huerta also expressed concern that the retroactivity provision would affect meritorious cases.
Samantha Gordon (the Chief Advocacy Officer at TechEquity) stated that her organization was reviewing CIPA cases to see if any meritorious cases would be harmed by retroactivity. She repeated her organization’s concerns with the prior version of SB 690 and stated that TechEquity would withdraw its opposition if sufficient changes were made to protect Californians’ privacy.
The committee passed SB 690 as amended and referred it to the California State Assembly Committee on Appropriations. While the Assembly has more work to do on the language of the bill, it was clear that both sides want to pass a bill to stop abusive CIPA claims. While the timeline is not certain, businesses, agencies, and non-profits may rightfully be optimistic that SB 690 will pass.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
[View Source]