“Untenable.” Federal California District Court Calls For Legislative Action On CIPA – Privacy Protection

Seyfarth Shaw LLP are most popular:

within Compliance, Consumer Protection, Government and Public Sector topic(s)
with readers working within the Banking & Credit, Business & Consumer Services and Construction & Engineering industries

On Friday, October 17, 2025, U.S. District Court Judge Vince
Chhabria issued a biting Order granting defendant Eating Recovery
Center, LLC’s (“ERC”) motion for summary judgment on
the plaintiff Jane Doe’s California Invasion of Privacy Act
(CIPA) claims, a law enacted in 1967 to address the increasing use
of wiretapping to eavesdrop on private phone conversations. In
particular, Judge Chhabria found it “undisputed” that the
alleged Meta Pixel did not read, attempt to read or attempt to
learn the contents of Doe’s communications with ERC while the
communications were in transit as is required by the statute, and
thus Doe’s CIPA claims failed.

More notable were Judge Chhabria’s thoughts on the state of
recent plaintiffs’ attempts to apply CIPA’s “already
obtuse language” to website activity and online technologies.
Calling the statute “a total mess,” Judge Chhabria opined
that it “was a mess from the get-go, but the mess gets bigger
and bigger as the world continues to change.” As a result,
Courts are now faced with the “borderline impossible”
task of determining whether website operators’ conduct falls
under the ambit of the CIPA statute.

He further noted that the CIPA language at issue is
“ambiguous,” acknowledging that there was at least an
interpretation wherein ERC’s alleged online conduct violates
CIPA. However, because CIPA is a criminal statute imposing criminal
liability and punitive civil penalties, the “Rule of
Lenity” of applies, even when invoked in a civil action. Under
the Rule of Lenity, Courts must narrowly construe civil statutes
that impose punitive civil penalties. That narrower interpretation
does not cover ERC’s alleged conduct.

In his final call to action, Judge Chhabria called on the
California Legislature to “step up” and “bring CIPA
into modern age” to address whether such online activity
should be covered by the statute. California courts are
consistently issuing conflicting rulings in CIPA cases, which
leaves businesses and practitioners equally confused. Judge
Chhabria urged the Legislature to not only go back to the drawing
board, but to “erase the board entirely and start writing
something new.”

Senate Bill 690, which failed to advance out of committee in the
California State Assembly, would not have erased the drawing board
entirely but did attempt to clarify that CIPA would not apply when
used for “a commercial business purpose.” The bill
unanimously passed the Senate in June 2025; however, as a result of
being stalled in the Assembly, will not move forward until 2026 at
the earliest (if at all).

Key Considerations

With the ongoing uncertainty surrounding CIPA exposure,
companies should give careful thought to their cookie banner /
consent management practices, including conducting regular testing
to ensure operation is consistent with expectations.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.