Old Law, New Tech: CIPA Lawsuits Spark Urgent Call for Reform

SACRAMENTO, Calif. – April 06, 2026 – A California law written in 1967 to stop clandestine wiretapping has become the unlikely epicenter of a modern digital war, spawning tens of thousands of legal claims against businesses and non-profits for using common website features like chat bots and analytics. Now, a broad coalition of organizations is pushing back, arguing these “predatory lawsuits” are exploiting an outdated statute, driving up costs for consumers, and draining resources from vital community services.

The battle has crystallized around a legislative proposal, Senate Bill 690, and the formation of a new group, ReformCIPA.com, which launched this month. The coalition, comprised of businesses, healthcare providers, and community organizations, contends that trial lawyers are weaponizing the California Invasion of Privacy Act (CIPA) in a way its creators never intended, creating a cottage industry of legal shakedowns that function as a hidden tax on an already strained California economy.

The 1960s Law on a 21st Century Battlefield

At its core, CIPA was designed to protect the sanctity of confidential conversations over the telephone. The law requires all parties to consent to the recording or monitoring of a communication. In the internet age, however, plaintiffs' attorneys are creatively arguing that standard website technologies constitute a form of illegal eavesdropping.

Their claims often target tools that are ubiquitous across the modern web: session replay software that helps developers find bugs, analytics pixels that measure website traffic, and third-party chat features that allow customers to ask questions. The legal argument posits that when a third-party vendor provides this technology, it is illegally “intercepting” the communication between the user and the website. With statutory damages set at $5,000 per violation—and no requirement to prove actual harm—the potential liability for a company with a high-traffic website can quickly escalate into the millions.

This legal theory has created a patchwork of conflicting court rulings, leaving businesses in a state of costly uncertainty. The Ninth Circuit’s decision in Javier v. Assurance IQ, for example, allowed a case to proceed by finding that session replay software could constitute an illegal “interception.” In contrast, other rulings, like Thomas v. Papa John's, have dismissed similar claims, stating that a company cannot be liable for eavesdropping on a conversation it is a party to. This inconsistency has fueled the litigation surge, as many businesses opt to pay hefty settlements rather than risk a financially devastating court judgment.

A 'Hidden Tax' on California's Economy

The economic fallout from this legal ambiguity is significant, according to the Reform CIPA coalition. They argue the wave of demand letters and lawsuits disproportionately harms small businesses, non-profits, and healthcare providers who lack the resources for protracted legal fights.

"At a time when affordability is one of the biggest challenges facing California families and California is facing budget deficits, we should not allow predatory lawsuits to drive up costs," said Robert Rivinius, President of the Family Business Association of California, in a statement. "Amending CIPA will protect consumers while stopping legal shakedowns that hurt small businesses and the communities they serve."

These legal costs, the coalition argues, are inevitably passed on to consumers through higher prices for goods and services, exacerbating an affordability crisis that already has families struggling with high housing, food, and energy costs. For non-profits and community-based organizations, the impact is more direct. Funds that could be used for food banks, housing assistance, or patient care are instead diverted to legal defense, weakening the social safety net.

"SB 690 helps protect patient privacy while stopping the misuse of an outdated law against providers using standard technology," stated Soua Vang, President & CEO of the California Association for Health Services at Home. "It is a first step to restoring clarity and fairness, and keeps the focus where it should be - on patient care."

The Legislative Push: Can SB 690 Bridge the Gap?

The proposed legislative fix, SB 690, authored by Senator Anna Caballero, seeks to thread the needle between protecting privacy and curbing abusive litigation. The bill’s central provision would amend CIPA to exempt activities performed for a “commercial business purpose,” as already defined under the state’s flagship privacy law, the California Consumer Privacy Act (CCPA).

Proponents argue this would harmonize the state’s privacy laws, clarifying that routine business operations like website analytics, security monitoring, and customer service are not illegal wiretaps. By aligning CIPA with the more modern and comprehensive CCPA, the bill aims to eliminate the legal loophole that has fueled the current litigation boom while leaving robust consumer privacy protections intact.

SB 690 found strong bipartisan support, passing the State Senate with a unanimous 35-0 vote in 2025. However, its momentum stalled in the Assembly. Faced with opposition from consumer privacy advocates and trial lawyer associations, the bill was designated a “two-year bill,” pushing any further consideration into the 2026 legislative session.

A Debate Over Privacy and Protection

Opponents of SB 690, including groups like the ACLU California Action and the Electronic Frontier Foundation, argue that the bill goes too far. They contend that the “commercial business purpose” exemption is overly broad and would effectively gut a crucial tool for holding companies accountable for surreptitious online tracking.

These advocacy groups argue that CIPA remains a vital protection for consumers in an era of rampant data collection. They point to CIPA’s private right of action as a powerful enforcement mechanism that the CCPA, which has a more limited private right to sue, lacks for most violations. Weakening CIPA, they claim, would give companies a green light to deploy invasive tracking technologies with little fear of consequence.

As the legislative process paused, the lawsuits have continued unabated. Businesses across the state remain caught between the threat of litigation and the need to use standard digital tools to operate. With SB 690 now waiting for its next hearing, all eyes are on the California Legislature to decide the future of digital privacy and commerce in the Golden State.