Enacted in 1967, CIPA is a Cold War era wiretap law designed to protect individuals from unauthorized recording or eavesdropping on telephone calls.
On June 3, 2025, the California Senate unanimously passed Senate Bill 690 (SB 690), which would amend the California Invasion of Privacy Act (CIPA). The bill would provide a “commercial business purpose” exception to CIPA and would change the landscape of data privacy litigation in the state, preventing what many consider to be “abusive lawsuits.”
Enacted in 1967, CIPA is a Cold War era wiretap law designed to protect individuals from unauthorized recording or eavesdropping on telephone calls. In recent years, however, plaintiffs have leveraged CIPA to file lawsuits against businesses employing standard online technologies, such as session replay, chatbots, cookies and pixels. Plaintiffs argue that these tools violate various sections of CIPA.
SB 690 would exempt the use of such tracking technologies from CIPA, provided these technologies are used for “a commercial business purpose” and comply with existing laws like the California Consumer Privacy Act (CCPA). The bill defines “commercial business purpose” as the processing of personal information either to further a business purpose, as defined in the CCPA, or when the collection of personal information is subject to a consumer’s opt-out rights under the CCPA.
If enacted, SB 690 would have a significant impact on data privacy litigation in California, where CIPA litigation has exploded in recent years. The “commercial business” exception would limit the scope of CIPA, reducing the number of lawsuits filed against businesses for their use of standard online technologies. This change in the law could provide greater legal clarity for businesses operating on the internet, aligning CIPA more closely with the CCPA and other privacy regulation.
One important note to SB 690 is that, just prior to passage in the Senate, it was amended to apply only prospectively, not retroactively—and if signed into law, it would not become effective until January 2026. This means it would not affect any lawsuits filed before its enactment or prior to its effective date. That could mean a major uptick in CIPA claims and lawsuits during the remainder of 2025 as plaintiffs scramble to bring claims prior to any change in the law.
Not surprisingly, a number of consumer privacy groups have warned that the bill puts the safety and privacy of millions of Californians at risk.
The bill now moves to the California State Assembly, where it was read for the first time on June 4, 2025. The bill’s bipartisan support in the Senate suggests a favorable outlook in the Assembly. However, the bill will undergo further scrutiny in the Senate and potential amendments. Governor Gavin Newsom’s position on SB 690 remains to be seen. Although the governor has previously supported privacy protections, some recent statements and actions suggest a more nuanced approach to privacy legislation, balancing consumer rights with business interests.
SB 690 represents a significant development in California’s data privacy litigation landscape. By narrowing the scope of CIPA, the bill seeks to reduce the substantial burden of litigation on businesses using standard online technologies while still upholding consumer privacy protections under laws like the CCPA. We will be closely monitoring this bill has it makes its way through the Assembly.
For More Information
If you have any questions about this Alert, please contact J. Colin Knisely, Michael S. Zullo, any of the attorneys in our Privacy and Data Protection Group or the attorney in the firm with whom you are regularly in contact.
Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.