Repurposing old laws to challenge new technologies has become the new normal in the privacy space. Plaintiffs continue to bring a kaleidoscope of privacy claims against companies in the tech age, reviving laws like the California Invasion of Privacy Act of 1994 (“CIPA”), Video Privacy Protection Act (“VPPA”), Telephone Consumer Protection Act (“TCPA”), Pennsylvania Wiretapping and Electronic Surveillance Control Act, and Arizona Telephone, Utility, and Communication Service Records Act.

  • Central District of California dismisses lawsuit alleging that a third-party’s interception of communications over a website’s live chat feature violated California’s wiretapping and eavesdropping prohibitions.  
  • Important to the Court’s holding was its finding that the code used by the third party to acquire and transmit the contents of the chat communications was not necessarily used to intercept the communications while they were “in transit” but rather to store them after they were received.

While French skincare company L’Occitane (the “Company”) successfully thwarted a mass arbitration effort by plaintiffs’ firm Zimmerman Reed and approximately 3,000 customers (the “Claimants”), the Southern District of California Court presiding over the matter indicated that the Company’s case against them was on the verge of dismissal. L’Occitane v. Zimmerman Reed, et al., No. 2:24-cv-01103 (C.D. Cal. April 15, 2024).

  • Over a hundred cases are pending from the wave of privacy class actions that commenced last year alleging violations of state wiretap statutes based on use of website session replay, chatbot and pixel technologies.
  • Plaintiffs’ firms are continuing to file new cases based on chatbot and pixel tech despite an increasing number of dismissals while also trying new approaches focused on email marketing tech and identity graphing.

Increasing oversight of tech companies, particularly in the realm of consumer privacy, has been a rare example of bipartisan agreement. Despite data privacy being a growing concern for consumers, however, there has been relatively little federal policymaking. To counteract this lack of action, some states have stepped in to fill

As summer nears its end, uncertainty and complexity lie ahead for many companies as they evaluate how to operationalize compliance with the California Privacy Rights Act (CPRA), existing California employment laws and potentially the passage of a federal privacy law, the American Data Protection and Privacy Act, H.R. 8152

On August 24, 2022, California Attorney General (AG) Rob Bonta announced a settlement with beauty products retailer, Sephora USA, Inc. (“Sephora”), resolving claims that Sephora violated the California Consumer Privacy Act (CCPA) for, among other things, failing to disclose to consumers that it was selling their personal information (including precise

Qualifying businesses have another year to complying with certain, major provisions of the CCPA. The CCPA, or the California Consumer Privacy Act of 2018, is a California law that gives California consumers, defined broadly to encompass all California residents, certain rights with respect to their personal information. Namely, it gives consumers the right to know about the personal information that businesses collect about them; the right to know what businesses do with that information; and, the right opt out of the sale of certain personal information if a business sells that personal information. In turn, qualifying businesses that do business in California must institute certain policies, practices, and methods that allow consumers to effectuate those rights.