Court Revives Wiretap and CDAFA Claims Against Retailer Over Use of Embedded Website Tracking Code

A California federal court has allowed privacy claims to proceed against Rack Room Shoes based on its use of embedded tracking tools on its website—signaling that companies may face liability under both state and federal privacy laws, even where data collection is disclosed in a privacy policy. In Smith v. Rack Room Shoes, Inc. (2025 WL 2210002), decided August 4, 2025, Judge Rita Lin of the Northern District of California declined to dismiss claims brought under the federal Wiretap Act and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA). Read the full Alert on the Duane Morris website.

District Court Rejects CIPA Lawsuit, Setting a Higher Standard for Privacy Plaintiffs

In some positive news for companies facing privacy claims over marketing and tracking technologies, Judge Haywood S. Gilliam Jr. of the Northern District of California has dismissed a putative class action brought under the California Invasion of Privacy Act (CIPA) against the Gap Inc. The case, Ramos v. The Gap, Inc., No. 4:23-cv-04715-HSG, challenged Gap’s use of Bluecore Inc.’s email marketing technology, which tracks whether a customer opens a marketing email, clicks a link and later interacts with the website. The court’s ruling, issued on July 29, 2025, adds to the growing body of federal precedent pushing back on expansive interpretations of Section 631(a) of CIPA in the digital context. Read the full Alert on the Duane Morris website.

Game Over for Ownership? UK Petition Pushes Back on Digital Shutdowns

UK government petition demanding changes to consumer law around the sale of video games has passed 100,000 signatures. This milestone triggers consideration for a debate in Parliament and throws the spotlight on a growing international issue. The petition calls for a change in the law to prevent publishers from disabling or removing access to games after they have been sold, unless consumers are given the right to retain or repair them.

It is part of the wider Stop Killing Games campaign, a grassroots consumer movement gaining traction globally. Alongside the UK petition, a European Citizens’ Initiative has also surpassed the required one million signatures, meaning it will now be formally reviewed by the European Commission (subject to verification) and brought before the European Parliament for a public hearing. Read the full post on the Duane Morris London Blog.

How Are Courts Approaching Copyrighted Materials and Artificial Intelligence?

Two groundbreaking decisions from the Northern District of California—Kadrey v. Meta Platforms, Inc. and Bartz v. Anthropic PBC—shed light on how courts are approaching the use of copyrighted materials in training large language models (LLMs). Both cases involved authors alleging copyright infringement based on the use of their books to train generative AI models, and both courts held that use of the copyrighted materials to train the AI models was transformative. The court in Anthropic held, however, that copying pirated books constitutes copyright infringement and the transformative nature of the use did not rescue such infringement. Conversely, the Meta court held that copying from pirate sites to train AI is fair use, but only because the plaintiffs failed to submit evidence of market harm, which the court believed to be the most relevant factor. As such, while use of copyrighted works to train AI may be fair use, copying works without permission carries the risk of infringement. Read the full Alert on the Duane Morris website.

Webinar: A Guide on Cybersecurity and Other Controlled Information Compliance for Gov’t Contractors

Duane Morris will present a webinar, Navigating the False Claims Act for Government Contractors: A Guide on Compliance with Requirements Relating to Cybersecurity and Other Controlled Information, on Tuesday, July 15 at 12:00 p.m. Eastern. 

REGISTER

Our speakers will discuss:

  • Steps contractors need to take in order to get ahead of the wave of cybersecurity regulations coming later this year.
  • The Cybersecurity Maturity Model Certification compliance framework being implemented by the DOD;
  • The data security program that the DOJ has implemented this year and what entities need to know and do to comply with its requirements;
  • An overview of key Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity compliance requirements that companies must follow in order to be awarded new DOD contracts;
  • Existing cybersecurity and export control requirements rules that federal government contractors must abide by; and
  • Steps contractors need to take in order to get ahead of the wave of cybersecurity regulations coming later this year.

The Convergence of Artificial Intelligence & Crypto

This article, authored by Duane Morris partner Agatha Liu, was originally published by the California Lawyers AssociationThis article has been reprinted with permission.

The nation is well positioned to further develop artificial intelligence (AI) and promote its application, while the government renews its interest in cryptocurrency (crypto) as a significant part of digital assets. Both AI application and crypto hold huge potential to advance collective prosperity, yet they are rooted in complex, disruptive technologies that pose significant challenges for policymakers. Traditionally, the two fields have followed separate trajectories, but their convergence is increasingly evident.

Read the full article on the Duane Morris website.

© 2009-2025 Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress