Keypoint: In this post: (1) California considers a “commercial exception” to wiretapping and pen registry laws; (2) a rise in federal wiretapping claims against websites; (3) more courts impose “knowledge or intent” requirement for Section 631(a); and (4) the Ninth and Seventh Circuits limit and expand the VPPA’s application.

This is our twenty-second installment in our data privacy litigation report covering decisions from the previous month. If you have any thoughts on what you’d like to see (either in content or form) from these posts, please don’t hesitate to reach out and let us know.

Will you be at the IAPP Global Privacy Summit 2025 in Washington DC on April 23-24? If so reach out!

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: In this post: (1) How a privacy policy can defeat a plaintiff’s “delayed discovery” argument; (2) Two CA state courts reject plaintiffs’ allegations concerning personal jurisdiction; (3) Three courts dismiss PR/TT claims due to lack of harm; (4) Two courts diverge on certifying VPPA classes; and (5) First MHMD case filed in Washington.

This is our twenty-first installment in our monthly data privacy litigation report. As we forecast last month, we are tweaking the format of these posts to hopefully provide readers with the most helpful information in the easiest to digest manner. If you have any thoughts on what you’d like to see (either in content or form) from these posts, please don’t hesitate to reach out!

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: Five Takeaways from Privacy Litigation Decisions in January 2025

Welcome to the twentieth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. After our expansive “holiday edition” post last month we are changing things up a bit with this month’s post. Instead of providing case summaries on multiple decisions we are providing five takeaways from cases in the past month. Our hope is this provides a more practical post for in-house counsel and business owners facing the quickly changing world of privacy litigation.

Do you find these posts helpful? Wish we would cover another privacy trend or provide more information? If so – we want to hear from you! Please reach out and let us know what you would like to see in future privacy litigation updates.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: Twenty-five (25) privacy decisions from October-December show a significant uptick in the number of pixel-based wiretapping decisions issued from courts nationwide.

Welcome to the nineteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. We are covering decisions from three months in this “holiday edition” update that covers decisions from October, November, and December 2024. Our holiday edition post covers the chat, session replay, and VPPA decisions just like our normal posts but also includes pixel-based wiretapping claims and pen registry/tap and trace decisions that are normally accessibly only by Byte Back + members. Interested in learning more about Byte Back+? Contact the authors or click here.

We are covering twenty-five (25) decisions in this holiday edition post, including four (4) chat-wiretapping decisions, four (4) SRT-wiretapping decisions, ten (10) pixel-wiretapping decisions, five (5) pen registry/ tap and trace (“PRTT”) decisions, and two (2) VPPA decisions. With that, let’s get to it.

Before we do, however, a quick disclaimer. There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: California state courts weigh in on what does, and does not, qualify as a “pen registry” or “tap and trace” device while one California federal court raises whether a wiretapping claim can also allow for a CCPA privacy right of action.

Welcome to the eighteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we examine two decisions from California Federal District Courts that dismissed chat-based wiretapping claims. We also look at four VPPA decisions (three from the same jurisdiction) that all dismissed VPPA claims under Rule 12(b)(6), showing courts’ growing lack of patience for plaintiffs’ attorneys who fail to plead such claims with specificity and under the standards established by past VPPA decisions.

Byte Back + members also get access to coverage of four pen registry decisions, one (substantial) pixel decision, an email tracking decision, plus and our coverage of oral argument in the Ninth Circuit’s Briskin v Shopify decision. Interested in learning more about Byte Back+? Contact the authors or click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Keypoint: California district courts continue to split over whether “knowledge” is required to plead liability under Section 631(a)’s fourth prong while two decisions show courts taking different approaches to VPPA claims at the pleading stage.

Welcome to the seventeenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, California district courts continue to disagree over whether “knowledge” that the third party’s actions violated the law is required to prove liability under the fourth prong of Section 631(a), with the most recent court to address the question holding such knowledge is required. These district courts also continue to apply different standards to determine whether a third party has the capability to use intercepted communication-content for its own purpose. One court found the plaintiff’s allegations conclusory and dismissed a complaint while another court found the plaintiff sufficiently alleged a third-party had the capability to use the intercepted information for its own purpose when the plaintiff alleged the third party used the communications to train its AI model.

Although we only examine one SRT decision this month, the decision examines wiretapping law in California, Maryland, Minnesota, and Florida. The decision addresses issues of consent, standing, and our more “traditional” reasons for dismissal. We also look at two VPPA decisions that illustrate how courts in different circuits are handling Rule 12(b)(6) motions to dismiss.

Byte Back + members also get a look at two pixel-based wiretapping claims, two pen registry decisions, and two other privacy litigation decisions. Interested in learning more about Byte Back+? Contact the authors or click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.