Photo of Owen Davis

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues. Owen also represents employers before state and federal courts as well as administrative agencies on matters related to discrimination, retaliation, harassment, and wage and hour violations.

Keypoint: Twenty-five (25) privacy decisions from October-December show a significant uptick in the number of pixel-based wiretapping decisions issued from courts nationwide.

Welcome to the nineteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. We are covering decisions from three months in this “holiday edition” update that covers decisions from October, November, and December 2024. Our holiday edition post covers the chat, session replay, and VPPA decisions just like our normal posts but also includes pixel-based wiretapping claims and pen registry/tap and trace decisions that are normally accessibly only by Byte Back + members. Interested in learning more about Byte Back+? Contact the authors or click here.

We are covering twenty-five (25) decisions in this holiday edition post, including four (4) chat-wiretapping decisions, four (4) SRT-wiretapping decisions, ten (10) pixel-wiretapping decisions, five (5) pen registry/ tap and trace (“PRTT”) decisions, and two (2) VPPA decisions. With that, let’s get to it.

Before we do, however, a quick disclaimer. There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: California state courts weigh in on what does, and does not, qualify as a “pen registry” or “tap and trace” device while one California federal court raises whether a wiretapping claim can also allow for a CCPA privacy right of action.

Welcome to the eighteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we examine two decisions from California Federal District Courts that dismissed chat-based wiretapping claims. We also look at four VPPA decisions (three from the same jurisdiction) that all dismissed VPPA claims under Rule 12(b)(6), showing courts’ growing lack of patience for plaintiffs’ attorneys who fail to plead such claims with specificity and under the standards established by past VPPA decisions.

Byte Back + members also get access to coverage of four pen registry decisions, one (substantial) pixel decision, an email tracking decision, plus and our coverage of oral argument in the Ninth Circuit’s Briskin v Shopify decision. Interested in learning more about Byte Back+? Contact the authors or click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: Of the ten privacy- and AI-related bills passed by the California legislature in the 2024 legislative session, Governor Newsom signed seven into law and vetoed three by the September 30 deadline.

Throughout the 2024 legislative session, we have been tracking numerous privacy- and AI-related bills pending in California. Ten of those bills passed the state legislature before the legislative session ended on August 31 (nine of which passed in the final week of August). Governor Newsom had a deadline of September 30 to sign or veto the bills that passed. Of the ten total bills, he signed seven into law and vetoed three bills. Those seven bills scheduled to go into effect consist of four laws related to privacy and three laws related to AI.

The below article provides a summary of the ten bills that Governor Newsom either signed into law or vetoed.

Keypoint: California district courts continue to split over whether “knowledge” is required to plead liability under Section 631(a)’s fourth prong while two decisions show courts taking different approaches to VPPA claims at the pleading stage.

Welcome to the seventeenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, California district courts continue to disagree over whether “knowledge” that the third party’s actions violated the law is required to prove liability under the fourth prong of Section 631(a), with the most recent court to address the question holding such knowledge is required. These district courts also continue to apply different standards to determine whether a third party has the capability to use intercepted communication-content for its own purpose. One court found the plaintiff’s allegations conclusory and dismissed a complaint while another court found the plaintiff sufficiently alleged a third-party had the capability to use the intercepted information for its own purpose when the plaintiff alleged the third party used the communications to train its AI model.

Although we only examine one SRT decision this month, the decision examines wiretapping law in California, Maryland, Minnesota, and Florida. The decision addresses issues of consent, standing, and our more “traditional” reasons for dismissal. We also look at two VPPA decisions that illustrate how courts in different circuits are handling Rule 12(b)(6) motions to dismiss.

Byte Back + members also get a look at two pixel-based wiretapping claims, two pen registry decisions, and two other privacy litigation decisions. Interested in learning more about Byte Back+? Contact the authors or click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: The California legislature closed its 2024 session by passing five privacy-related bills and four AI-related bills.

On Saturday, August 31, the California legislature closed its 2024 session. During the past calendar year, we tracked numerous privacy and AI-related bills with fourteen of them passing out of their chamber of origin prior to the legislative deadline. For the past month, we have been tracking thirteen of those bills with weekly updates (the fourteenth bill already having passed through the legislature). Of the six privacy-related bills we have been tracking, five ultimately passed the legislature during the final week of the session. Four of the seven AI-related bills also passed. 

The below article first provides a summary of the bills that passed during the final week of the session. The article then provides an overview of all fourteen bills.

Keypoint: The California legislature enters into the final week of its session with many bills still under consideration.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.

Keypoint: Courts have started to issue Pixel-based wiretapping decisions, the Seventh Circuit weighs in on when a manufacturer can be forced to pay arbitration fees, and three courts showed different approaches to dismissing VPPA claims at the pleading stage.

Welcome to the sixteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we are covering two wiretapping decisions based on chat services on website and one based on use of SRT.

If you are a Byte Back+ member, you will also see our coverage on the recent trend of cases brought under pen registry laws and—new this month—multiple “pixel” cases that are disconnected from session replay or chat-based theories and an update regarding an arbitration defendant can be forced to pay arbitration fees. Members also get access to our “other lawsuits” section, where this month we are covering one decision that involves an AI/machine learning based technology used to provide customer support agents with suggested responses to common questions from customers and two decisions from the Seventh Circuit that consider whether a large manufacturer can be forced to pay arbitration fees for thousands of arbitration demands when the manufacturer withheld payment after disagreeing with the merits of the demands.

Interested in learning more about Byte Back+? Click here.

We are also covering four VPPA decisions resolving motions to dismiss that illustrate a plaintiff’s prima facie burden at the pleading stage and the potential for joint and several liability under the statute.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: Although not nearly as far-reaching as the Colorado AI Act, the Illinois law adds to the growing patchwork of state laws that regulate artificial intelligence.

On August 9, Illinois Governor J.B. Pritzker signed HB 3773 into law. The bill, which goes into effect January 1, 2026, amends the Illinois Human Rights Act to regulate the use of artificial intelligence in certain employment settings. In the below article, we provide a summary of the law and its provisions.

Keypoint: Companies onboarding AI products and services need to understand the potential risks associated with these products and implement contractual provisions to manage them.

With the rapid emergence of artificial intelligence (AI) products and services, companies using these products and services need to negotiate contractual provisions that adequately address the unique issues they present. However, given that this area is new and rapidly emerging, companies may not appreciate that the use of AI may raise unique contractual issues. Even if companies do realize it, they may not know what those provisions should state. In addition, many AI-related contractual terms are complicated and confusing, oftentimes containing new terms and definitions that companies are unfamiliar with handling. 

In the below article, we identify key considerations when reviewing or preparing AI-related contracts. Although there may be other considerations depending on the specific use case, the below considerations should provide the reader with a useful starting point for how to address this issue.

Keypoint: Last week, several privacy and AI bills passed out of committee (with some receiving amendments) while two bills died in committee.

We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior to the legislative deadline. With the California legislature closing on August 31, we will be providing weekly updates on the progress of these bills.