New Year, Same CIPA Uncertainty – When Will the Appellate Courts Enter the Chat?

California state and federal courts continue to see extensive litigation involving the California Invasion of Privacy Act (“CIPA”). When enacted in 1967, CIPA targeted traditional telephone wiretapping. However, its reach has expanded as new technologies enter the market. Today, private CIPA claims often concern website tracking and a business’s choice to embed analytic tools on its website.

As Crowell has previously analyzed, mixed results persist in CIPA cases at the motion to dismiss stage. Appellate guidance would provide valuable insight into how new technologies, such as website analytic tools and generative artificial intelligence applications, are addressed by this pre-internet statute.

As background, CIPA Section 631(a) prohibits intentional wiretapping, attempting to read or learn the contents or meaning of a communication in transit over a wire, attempting to use or communicate information obtained as a result of engaging in either of the previous two activities, or aiding and abetting any of these violations. 

Recent CIPA Litigation

Perez v. Romantix Online, Inc.

On October 27, 2025, U.S. District Judge Noël Wise of the Northern District of California granted the defendants’ motions to dismiss a CIPA complaint with partial leave to amend.

The court dismissed the CIPA claims because plaintiffs failed to adequately allege that they did not consent to the collection and disclosure of their personal information. The court concluded that the complaint did not adequately allege that plaintiffs lacked knowledge of, or did not consent to, the data collection practices disclosed in defendants’ privacy policy.

This decision affirms that, in CIPA cases that involve website tracking, plaintiffs must plead more than conclusory assertions that they did not consent to the tracking devices.

Apaydin v. Move, Inc.

On October 29, 2025, U.S. District Judge Percy Anderson of the Central District of California denied the defendant’s motion to dismiss, concluding that the plaintiff had alleged sufficient facts at that stage to state a plausible CIPA claim.

The plaintiff alleged defendant’s website installed third-party tracking technologies that intercepted electronic communications when visitors viewed video content.

The defendant asked the court to take judicial notice of Facebook’s terms of service, which disclose Facebook’s use of analytic tools and information from third-party websites (such as defendant’s), to establish that the plaintiff had consented to the interception of information obtained from her use of defendant’s website.

The court declined, reasoning it could not take judicial notice that the plaintiff had consented when the complaint alleged otherwise.

Judge Anderson noted that it may turn out that the contents of the plaintiff’s communications on defendant’s website were not intercepted, but the court could not conclude that the plaintiff had failed to plausibly allege that the contents of her communications were intercepted at the pleading stage.

Casillas v. Six Flags Entertainment Corporation

On December 15, 2025, U.S. District Judge Consuelo B. Marshall of the Central District of California denied Six Flags’ motion to dismiss.

The court held that the second clause of § 631(a) applies to internet communications and that the plaintiff had pleaded sufficient facts for CIPA and other privacy claims to proceed.

The complaint sufficiently alleged that despite the plaintiff’s express rejection of cookies, the defendant enabled third parties to place tracking technologies that collected users’ personal information.

The court also held that the plaintiff sufficiently pleaded that defendant’s third-party trackers were pen registers or trap and trace devices under § 638.51, as they collected real-time data on visitors’ behaviors, communications, and personal information.

Conclusion

Consent has proven to be fatal for plaintiffs alleging that their electronic communications were intercepted or collected by third parties under CIPA. Yet, how plaintiffs can sufficiently demonstrate this to survive the motion to dismiss stage remains unclear.

Future appellate guidance will be critical in shaping the contours of CIPA liability and providing clarity for both plaintiffs and defendants navigating this rapidly changing area of law.

Crowell & Moring will continue to monitor developments and advise clients on technology-related issues such as website code and the use of generative AI.