In the past two years, hundreds of cases have been filed in California targeting businesses using web analytics software based on the theory that tools like tracking pixels and cookies violate Section 638.51(a) of the California Invasion of Privacy Act (CIPA). Despite the influx of cases, there’s no definitive answer on whether these tools breach CIPA, with recent conflicting rulings adding to the confusion.
In 2023, two notable cases in Los Angeles County Superior Court—Jose Licea v. Hickory Farms LLC and Daryl Levings v. Choice Hotels International Inc.—illustrated this divide.
In March, businesses saw hope when Judge Stephen P. Pfahler sustained a demurrer in Hickory Farms, dismissing the CIPA claim and outlining five defenses: internet communications are not covered by CIPA, user consent is implied by visiting a website, public policy opposes extending CIPA to web communications, tracking pixels do not involve third parties, and a company’s capture of IP addresses is not comparable to law enforcement’s capture of fingerprints. The plaintiff in Hickory Farms eventually dismissed the complaint, suggesting amendments would be futile.