On August 11, 2025, Judge Susan Illston of the Northern District of California denied a motion to dismiss in Taylor v. ConverseNow Technologies, Inc. (Case No. 25-cv-00990-SI), allowing claims under California’s Invasion of Privacy Act (CIPA) Sections 631 and 632 to move forward against an AI voice assistant provider. ConverseNow provides artificial intelligence voice assistant technology that restaurants, including Domino’s, use to answer phone calls, process orders and capture customer information. The plaintiff alleged that when she placed a pizza order by phone, her call was intercepted and routed through ConverseNow’s servers, where her name, address and credit card details were recorded without her knowledge or consent. Read the full Alert on the Duane Morris website.
Third Circuit Clarifies Standing Requirements for Session Replay Privacy Claims
The United States Court of Appeals for the Third Circuit issued a decision on August 7, 2025, in Cook v. GameStop, Inc. that provides important guidance on Article III standing for session replay technology challenges, affirming dismissal of a putative class action. The ruling offers clarity for companies deploying website analytics tools while establishing clearer pleading requirements for privacy plaintiffs. Read the full Alert on the Duane Morris website.
Northern District of California Dismisses CIPA “Trap and Trace” Claim Over TikTok Tracking Code
On August 6, 2025, in Mitchener v. CuriosityStream, Inc., Judge Noël Wise of the U.S. District Court for the Northern District of California dismissed with prejudice a putative class action alleging that CuriosityStream’s use of TikTok tracking software on its website violated the California Invasion of Privacy Act’s “trap and trace” provisions. The ruling follows Judge Wise’s June 24, 2025, decision in Kishnani v. Royal Caribbean Cruises Ltd., which dismissed a substantively identical complaint brought by the same plaintiffs’ counsel. The Kishnani matter is currently on appeal to the Ninth Circuit, but Judge Wise declined to delay ruling in Mitchener pending the outcome of that appeal. Read the full Alert on the Duane Morris website.
Court Revives Wiretap and CDAFA Claims Against Retailer Over Use of Embedded Website Tracking Code
A California federal court has allowed privacy claims to proceed against Rack Room Shoes based on its use of embedded tracking tools on its website—signaling that companies may face liability under both state and federal privacy laws, even where data collection is disclosed in a privacy policy. In Smith v. Rack Room Shoes, Inc. (2025 WL 2210002), decided August 4, 2025, Judge Rita Lin of the Northern District of California declined to dismiss claims brought under the federal Wiretap Act and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA). Read the full Alert on the Duane Morris website.
District Court Rejects CIPA Lawsuit, Setting a Higher Standard for Privacy Plaintiffs
In some positive news for companies facing privacy claims over marketing and tracking technologies, Judge Haywood S. Gilliam Jr. of the Northern District of California has dismissed a putative class action brought under the California Invasion of Privacy Act (CIPA) against the Gap Inc. The case, Ramos v. The Gap, Inc., No. 4:23-cv-04715-HSG, challenged Gap’s use of Bluecore Inc.’s email marketing technology, which tracks whether a customer opens a marketing email, clicks a link and later interacts with the website. The court’s ruling, issued on July 29, 2025, adds to the growing body of federal precedent pushing back on expansive interpretations of Section 631(a) of CIPA in the digital context. Read the full Alert on the Duane Morris website.
District Court Reaffirms Dismissal of Wiretapping Claims Under California Invasion of Privacy Act
On the heels of holding that defendants’ use of session replay software did not constitute a violation of the California Invasion of Privacy Act, Judge William Alsup in Williams v. What If Holdings LLC and ActiveProspect Inc. has now denied the plaintiff’s request for leave to amend. In doing so, the court reaffirmed its previous holding that the plaintiff’s allegations only established that ActiveProspect’s use of session replay software functioned as a tool that supported What If’s management of its own website data, and not as a means of eavesdropping and aggregating information for ActiveProspect’s own purposes.
Read the full Alert on the Duane Morris LLP website.
Will Website Chat Feature Wiretapping Lawsuits Rise?
Entering the conversation, the United States District Court for the Central District of California recently denied a motion to dismiss claims alleging that a website’s chat features and use of session replay software violate the California Invasion of Privacy Act (CIPA). Notably, this court rejected a forum selection clause in the website’s terms of use and went on to hold that allegations that the plaintiff shared “personal information” in the chat were sufficient to maintain a claim.
Read the full Alert on the Duane Morris LLP website.
30-Year-Old Video Tape Statute Fueling New Class Action Lawsuits
Perhaps you are old enough to recall when consumers used to have to go to video stores like Blockbuster Video to rent a movie. And perhaps you recall the excitement of scoring a copy of the always limited “new release.” It was during these “archaic” times that Congress passed the federal Video Privacy Protection Act in response to a newspaper publishing Robert Bork’s video rental history during his U.S. Supreme Court nomination.
Read the full Alert on the Duane Morris LLP website.
Website Tracking Technology Risks
As companies take advantage of new technologies in their interactions with customers and employees, they need to be mindful of the risks associated with implementation of those types of systems. This is especially true in the realm of federal and state privacy statutes, which in some instances have been created recently to address privacy concerns. There are also existing laws that are now being applied in a different context.
Read the Law360 article on the Duane Morris LLP website.
Does Tracking User Activity on Websites Violate Electronic Interception Laws?
A new wave of class action lawsuits filed in California, Pennsylvania and Florida target companies that use technologies to track user activity on their websites, alleging such practices, when done without obtaining a user’s consent, violate electronic interception provisions of various state laws. The two technologies at issue are: 1) session replay software and 2) coding tools embedded in chat features. Session replay software tracks a user’s interactions with the website—their clicking, scrolling, swiping, hovering and typing—and creates a stylized recording of those interactions and inputs. Coding tools create and store transcripts of the conversations users have in a website’s chat feature. The plaintiffs in this new string of class actions allege that recording their interactions with a website and sending that recording to a third party for analysis without their consent is an illegal invasion of their privacy.
Read the full Alert on the Duane Morris LLP website.