Skip to main content

 California Invasion of Privacy Act (CIPA)

Class Action Privacy Lawyer Reviewing Data Privacy Violations for Plaintiffs Nationwide
Nationwide Success

California Data Privacy Lawyers

Reviewing consumer wiretapping offenses and violations of CIPA

The Lyon Firm represents individuals in a wide variety of plaintiff invasion of privacy lawsuits. If you have been a victim of wiretapping, eavesdropping or another breach of personal privacy, contact an online privacy lawyer to investigate your claim.

For moderate to serious invasion of privacy offenses, it is not advisable to resolve claims without professional counsel. We work on a contingency fee basis, and assume all financial risk so you will not pay any fees unless The Lyon Firm is able to reach a settlement and compensate you fully for damages.

Joe Lyon is a highly-rated Class Action Privacy Lawyer representing individuals in Data Privacy Lawsuits in California and nationwide.

The Lyon Firm is investigating new invasion of privacy claims for California residents and plaintiffs nationwide. Recent class action lawsuits have been filed, citing consumer privacy violations. Several website operators may be violating the California Invasion of Privacy Act (CIPA) and other state statutes by using session replay tools and other online recording software.

What is Consumer Wiretapping?

For many years, American businesses have regularly monitored and recorded phone calls with customers to ensure order accuracy or to review employee performance. This is legal as long as the consumer is notified that the interaction is being recorded.

The same largely applies to online browsing. Websites must tell consumers if they are monitoring online activities, or recording and storing your “live chat” interactions.

California Privacy Law forbids anyone from illegally wiretapping a conversation without a court order. While the law specifically addresses the tapping of telephonic devices, consumer privacy lawyers have begun to cite the same statute in online privacy cases. California Penal Code 631 lists the following as potential CIPA violations:

  • Using any machine, instrument, or contrivance to intentionally tap or make any unauthorized connection to a telephone conversation
  • Trying to read any communication without the consent of all the parties participating in the conversation
  • Using any information obtained through a wiretapped conversation
  • Conspiring with another person to commit a wiretapping offense

California is a two-party consent state, which means that everyone involved in the call or “live chat” must agree to it being recorded. If just one party does not provide consent, then recording the conversation constitutes a violation of the CIPA and can result in legal action.

It is also important to note that out-of-state businesses still have to respect and comply with California privacy law. Even if the website or individual you interact with is located elsewhere, consumers can still file a lawsuit under the California Invasion of Privacy Act if they were in the state at the time of any CIPA violation.

Understanding The California Invasion of Privacy Act (CIPA)

The CIPA is the California statute that makes it illegal for businesses to wiretap consumer communications or record individual interactions without prior consent. Businesses that violate the CIPA may be subject to both criminal and civil penalties. Consumers who have been wiretapped or recorded without permission have already cited this statute and filed several invasion of privacy consumer class action lawsuits.

California has worked to strengthen consumer protection law in recent years, including passing the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the California Consumers Legal Remedies Act. Under the California Invasion of Privacy Act, it is illegal for companies to wiretap or record conversations unless all participants have clearly consented to the recording. This applies to telephone conversations and any online communications.

A website’s use of session replay, keystroke logging, or third-party chat-bot technology without consent can constitute an unlawful wiretap or eavesdropping offense under CIPA. The potential recovery of statutory damages can reach $5,000 per violation.

What Are Some Potential CIPA Violations?

In the age of data collection, with data brokers buying and selling huge amounts of personal information, it has been beneficial and extremely profitable for websites to keep records of online interactions and communications with customers.

However, as defined by California’s wiretap law, this could be problematic. If a company uses session replay software or other tracking tools to capture visitor behavior, it may constitute an unlawful intercept of the communication.

Many website operators have installed session replay and “live chat” applications onto their site in which a third-party vendors have real-time access to the chat communications. Session replay software allows websites to monitor how a user interacts with the website. Because it is a machine being used to intercept  and record communications possibly makes this a violation of the CIPA.

This may only be lawful if such web operators adequately disclose this and acquire the user’s consent.  

What are Pen Register Cases?

One of the means by which websites capture digital fingerprints is by deploying pen register and trap and trace spyware. Some companies have been able to record location, event, and data tracking on smart phones. The FTC recently ruled that many widely used location data tracking tools used by data brokers constitute an invasion of consumer privacy.

The term “pen register” has long referred to devices that record outgoing phone numbers dialed on a telephone. Trap and trace devices, conversely, record incoming phone numbers. The definition has evolved over time, and now the term “pen register” is often used to refer to certain software or fingerprinting tools used to track users’ online activity.

California law specifically prohibits the installation of a pen register without first obtaining a court order. The CIPA defines “pen register” as “a device or process that records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, but not the contents of a communication.”

The CIPA states: “Advances in science and technology have led to the development of new devices and techniques for the purpose of eavesdropping upon private communications and that the invasion of privacy resulting from the continual and increasing use of such devices and techniques has created a serious threat to the free exercise of personal liberties and cannot be tolerated in a free and civilized society.” § 630 (California Penal Code: Part 1, Title 15, Chapter 1.5 “(Invasion of Privacy”) Cal. Penal Code §§ 630-638).

Personal privacy should remain a basic, protected individual right for American consumers. Big Tech and data brokers, however, have continually pushed the limits on what it means to respect consumer privacy and operate within ethical and legal boundaries.

Any violation of the right to privacy is grounds for legal action. Thus, to further ensure the privacy of consumers, California passed the California Invasion of Privacy Act (CIPA). CIPA reviewed existing federal privacy law, added further consumer protection, and strengthened the definitions of privacy to adapt to modern digital technologies.

New technologies have made it extremely simple for companies to eavesdrop on private consumer communications. In a rush to collect data, which can be very valuable, some companies have violated federal and state consumer privacy laws.

In recent consumer privacy lawsuits filed in California, plaintiffs allege instances of illegal wiretapping and eavesdropping on their online communications. Complaints have noted that certain websites are recording live chats and using session replay software without consumers’ consent. Privacy lawyers have interpreted such actions as  wiretapping offenses.

invasion of privacy

Invasion of Privacy Damages

Individuals suffer a great deal of emotional distress in times of private uncertainty. CIPA lawsuits can recover compensation for the following:

  • Emotional pain and suffering
  • Disgorgement of any illicit monetary gains
  • Punitive Damages

As technology enters into almost every aspect of our daily life, we are seeing our privacy diminish. Instances of invasions of privacy are reported in many corporate and private affairs. The loss of private data can lead to identity theft and fraud, and require legal action. 

CIPA Statute of Limitations

A Statute of limitations refers to the period of time a plaintiffs has to file a lawsuit before legal action is no longer possible. These time period differ based on practice area, location and circumstance.

Plaintiffs generally have one year from the date of the act to contact an attorney and file a CIPA claim.  Settlements are likely in pen register and consumer wiretapping cases where there is clear and preserved evidence.

photo of invasion of privacy attorney Joe Lyon
voice icon

Give Yourself a Voice


Get Justice

proven results

Gain Recovery

client focused

Generate Awareness

Consumer Wiretapping Cases & CIPA FAQ

Can I File a Consumer Wiretapping Lawsuit?

Courts generally rule favorably on expectations of consumer privacy. Potential plaintiffs can safely ground their invasion of privacy claims by referencing state law such as the California Invasion of Privacy Act, the Pennsylvania Wiretapping and Electronic Surveillance Act and the Florida Security of Communications Act.

When websites and companies invade your personal privacy by collecting data without your consent, you may be able to take legal action. You may be eligible to file a CIPA violation claim if you can establish the following:

  • The defendant intentionally used a software or electronic tool (keystroke log or session replay) to record your browsing session or conversation
  • You had no reason to believe that the conversation would be recorded
  • You did not consent to having a conversation recorded
  • You suffered some harm or injury as a result of your privacy being violated

In some cases, it is obvious when a website is monitoring and recording your call or chat. In other cases, lawyers must investigate illegal wiretapping during the discovery process when a defendant is forced to turn over company records.


Why Hire an Invasion of Privacy Lawyer?

Due to the CIPA statutory penalties amounting to $5,000 for each illegally recorded conversation, consumer wiretapping lawsuits can result in large settlements and verdicts.

While the law is meant to protect consumers, consumer wiretapping litigation is complex and still requires a dedicated legal team to build the strongest case possible. Our class action attorneys have experience in several areas of consumer privacy law. We believe very strongly that American consumers have a right to online privacy, and we will fight to that end.

It is important, however, that you take immediate action and speak with an online privacy attorney as soon as you suspect that a company is violating your consumer privacy rights. The California Invasion of Privacy Act requires plaintiffs to file suit within one year of the date on which the violation occurred. The statute of limitations period usually begins when the plaintiff learns about the alleged illegal wiretapping.

Contact our invasion of privacy lawyers to discuss possible legal action. We represent plaintiffs in California and nationwide, and work diligently on your behalf to recover compensation and hold any negligent party accountable for personal privacy violations. Call to learn more about existing class action lawsuits or to file a new claim. Free and confidential consultations available.

What is Eavesdropping vs. Wiretapping?

While both are illegal (and often related), the difference between the two is that eavesdropping does not necessarily involve wiretapping.  California privacy law defines eavesdropping as the use of a hidden electronic device to listen to a confidential communication. The law is not limited to phone conversations, and can include computer communications.

The California Invasion of Privacy Act gives victims of both wiretapping and eavesdropping the ability to bring a civil suit against any individual  or entity that illegally recorded the conversation. If a third-party tech company provides the chat software, plaintiffs can name them in the complaint for eavesdropping.

What is the Legal Process?

Pre-Suit Investigation and Negotiations: Wiretapping lawsuits are unique and require a thorough investigation before a lawsuit is filed. An initial investigation involves gathering all relevant information. Preservation letters are drafted to notify the defendant of the case. The duty to preserve electronic evidence is critical in most cases to prevent spoliation.

Filing a Privacy Lawsuit in California: If pre-suit negotiations are unsuccessful, then a lawsuit must be filed to preserve the statute of limitations.  Filing a lawsuit early in the process is often necessary to begin gathering evidence while the witnesses memories are fresh and documents remain available.

Once a privacy suit is filed by your attorney, the court will set a case management schedule and the parties will begin exchanging information in the formal process of discovery. Depositions will be taken to preserve testimony for trial and to understand what certain witnesses are likely to say at trial.

Proving Negligence, Causation and Damages: In addition to lay witness testimony and other documentary evidence, data theft and privacy claims rely upon evidence to prove negligence, causation and damages. 

What is the Federal Wiretap Act?

In 1986, congress passed the Electronic Communications Privacy Act (ECPA), better known as the Wiretap Act. The statute prohibits the intentional use of wiretaps to intercept or attempt to intercept electronic communications.

The ECPA predates the digital age, but recent invasion of online privacy cases have given rise to new interpretations on how the Electronic Communications Privacy Act applies to modern technology. 

What Are Some Examples of Wiretapping Lawsuits?

  • Google recently settled a $5 billion class action complaint after plaintiffs claimed the company violated federal wiretap law when it collected information about user behavior in Incognito Mode. Consumers believed they were browsing in a “private” browsing mode. The complaint stated that even when users opted for private browsing, Google used tracking tools to follow what websites they visit
  • Several class action complaints have named Social media app TikTok as a defendant in wiretapping lawsuits. Plaintiffs claim the TikTok in-app browser illegally tracks users’ clicks and keystrokes in violation of a federal wiretap law.
  • A 2023 class action alleges that Carnival secretly records the electronic communications of consumers who visit the cruise ship company’s website. The plaintiff claims violations of state and federal consumer privacy Carnival allegedly uses third-party vendors to embed session replay computer code on its website for the purpose of intercepting and recording the actions of consumers. Attorneys say Carnival violated the California Invasion of Privacy Act and the federal Wiretap Act.