Category: Privacy

Posted on by Duane Morris

Webinar: Website Accessibility & Legal Risk

Website accessibility is no longer a technical or marketing issue—it is an enterprise risk with growing regulatory and litigation exposure. Federal investigations and private lawsuits are increasing and becoming more costly, and post-hoc remediation is rarely a defensible position.

Join Colin Knisely, partner at Duane Morris LLP, on March 11 at noon (ET) for an executive-level briefing on the May 11, 2026, HHS Section 504 compliance deadline. This session will examine how accessibility risk materializes in enforcement actions, investigations, and oversight inquiries, and what boards and senior leaders should expect. Attendees will gain practical insight into governance structures, documentation, and cross-functional accountability measures that leadership should be implementing now to mitigate risk, demonstrate good-faith compliance, and fulfill fiduciary oversight responsibilities. REGISTER FOR THE WEBINAR.

Posted on by Duane Morris

First Consumer-Facing AI Governance Rules Enacted in U.S.

As an important development in U.S. AI regulation, California enacted its automated decisionmaking technology (ADMT) rules in September 2025. These are the first enacted, broadly scoped, consumer-facing AI governance rules in the country. They offer opt-out rights and logic disclosures for AI-driven significant decisions affecting consumers. The rules took effect on October 1, 2025, with compliance required by January 1, 2027, for covered businesses that use ADMT in significant decisions before that date. Read the full Alert on the Duane Morris website.

Posted on by Duane Morris

Northern District of California Allows CIPA Claims Against AI Pizza Ordering Assistant to Proceed

On August 11, 2025, Judge Susan Illston of the Northern District of California denied a motion to dismiss in Taylor v. ConverseNow Technologies, Inc. (Case No. 25-cv-00990-SI), allowing claims under California’s Invasion of Privacy Act (CIPA) Sections 631 and 632 to move forward against an AI voice assistant provider. ConverseNow provides artificial intelligence voice assistant technology that restaurants, including Domino’s, use to answer phone calls, process orders and capture customer information. The plaintiff alleged that when she placed a pizza order by phone, her call was intercepted and routed through ConverseNow’s servers, where her name, address and credit card details were recorded without her knowledge or consent. Read the full Alert on the Duane Morris website.

Posted on by Duane Morris

Third Circuit Clarifies Standing Requirements for Session Replay Privacy Claims

The United States Court of Appeals for the Third Circuit issued a decision on August 7, 2025, in Cook v. GameStop, Inc. that provides important guidance on Article III standing for session replay technology challenges, affirming dismissal of a putative class action. The ruling offers clarity for companies deploying website analytics tools while establishing clearer pleading requirements for privacy plaintiffs. Read the full Alert on the Duane Morris website.

Posted on by Duane Morris

Northern District of California Dismisses CIPA “Trap and Trace” Claim Over TikTok Tracking Code

On August 6, 2025, in Mitchener v. CuriosityStream, Inc., Judge Noël Wise of the U.S. District Court for the Northern District of California dismissed with prejudice a putative class action alleging that CuriosityStream’s use of TikTok tracking software on its website violated the California Invasion of Privacy Act’s “trap and trace” provisions. The ruling follows Judge Wise’s June 24, 2025, decision in Kishnani v. Royal Caribbean Cruises Ltd., which dismissed a substantively identical complaint brought by the same plaintiffs’ counsel. The Kishnani matter is currently on appeal to the Ninth Circuit, but Judge Wise declined to delay ruling in Mitchener pending the outcome of that appeal. Read the full Alert on the Duane Morris website.

Posted on by Duane Morris

Court Revives Wiretap and CDAFA Claims Against Retailer Over Use of Embedded Website Tracking Code

A California federal court has allowed privacy claims to proceed against Rack Room Shoes based on its use of embedded tracking tools on its website—signaling that companies may face liability under both state and federal privacy laws, even where data collection is disclosed in a privacy policy. In Smith v. Rack Room Shoes, Inc. (2025 WL 2210002), decided August 4, 2025, Judge Rita Lin of the Northern District of California declined to dismiss claims brought under the federal Wiretap Act and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA). Read the full Alert on the Duane Morris website.

Posted on by Duane Morris

District Court Rejects CIPA Lawsuit, Setting a Higher Standard for Privacy Plaintiffs

In some positive news for companies facing privacy claims over marketing and tracking technologies, Judge Haywood S. Gilliam Jr. of the Northern District of California has dismissed a putative class action brought under the California Invasion of Privacy Act (CIPA) against the Gap Inc. The case, Ramos v. The Gap, Inc., No. 4:23-cv-04715-HSG, challenged Gap’s use of Bluecore Inc.’s email marketing technology, which tracks whether a customer opens a marketing email, clicks a link and later interacts with the website. The court’s ruling, issued on July 29, 2025, adds to the growing body of federal precedent pushing back on expansive interpretations of Section 631(a) of CIPA in the digital context. Read the full Alert on the Duane Morris website.

© 2009- Duane Morris LLP. Duane Morris is a registered service mark of Duane Morris LLP.

The opinions expressed on this blog are those of the author and are not to be construed as legal advice.

Proudly powered by WordPress