In her ruling, Judge Illston adopted the "capability" over the “extension” approach to determining third-party status under Section 631. 

On August 11, 2025, Judge Susan Illston of the Northern District of California denied a motion to dismiss in Taylor v. ConverseNow Technologies, Inc. (Case No. 25-cv-00990-SI), allowing claims under California's Invasion of Privacy Act (CIPA) Sections 631 and 632 to move forward against an AI voice assistant provider.

ConverseNow provides artificial intelligence voice assistant technology that restaurants, including Domino's, use to answer phone calls, process orders and capture customer information. The plaintiff alleged that when she placed a pizza order by phone, her call was intercepted and routed through ConverseNow's servers, where her name, address and credit card details were recorded without her knowledge or consent. She further claimed that ConverseNow benefited from these calls not only by servicing Domino's, but also by using the recordings to continuously refine and improve its AI product, thereby helping to expand its business operations.

In her ruling, Judge Illston adopted the "capability" over the “extension” approach to determining third-party status under Section 631. The court reasoned that ConverseNow was not simply an extension of Domino's but was plausibly a third party because it allegedly used caller data to improve its own products. The court also held that the allegations supported a claim of real-time interception, noting that customers believed they were speaking directly with Domino's while their calls were actually redirected and managed by ConverseNow's AI system. The intent element was likewise satisfied at the pleading stage because ConverseNow's technology was specifically designed to capture and analyze calls, making it implausible that any interception was accidental.

The court rejected ConverseNow's “flippant” argument that pizza orders carried no reasonable expectation of privacy since “there is no privacy or confidentiality interest in pepperoni, sausage, or mushrooms.” Because the plaintiff provided personally identifiable and financial information, including her name, address and credit card details, the court concluded that the communications could reasonably be deemed confidential under Section 632, at least at this early stage of the case.

This decision highlights growing judicial skepticism toward the view that AI service providers are merely extensions of their business clients. When vendors use communications to train or improve their own technology, courts are increasingly willing to treat them as independent actors subject to CIPA's requirements. The ruling also underscores that even routine customer interactions may qualify as confidential communications if they involve personal or financial data and serves as another reminder that deploying AI or third-party tools to handle customer communications carries significant privacy risks. Courts are paying close attention to whether vendors make independent use of the data they capture, making robust disclosures and consent mechanisms critical defensive measures.

For More Information

If you have any questions about this Alert, please contact J. Colin Knisely, Michael S. Zullo, any of the attorneys in our Website Accessibility and Privacy Compliance Litigation Group, any of the attorneys in our Technology, Media and Telecom Industry Group or the attorney in the firm with whom you are regularly in contact.

Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.