CIPA Wiretap Lawsuits Surge Past 800 Over Website Tracking in 2025

3 min readSources: National Law Review

More than 800 federal claims accused websites of CIPA wiretap violations in 2025.

Why it matters: Lawyers advising websites face a surge of claims alleging illegal interception via common tracking tools. This raises urgent compliance challenges under the decades-old California privacy law CIPA.

  • Over 800 federal CIPA wiretap claims were filed nationwide in 2025, a significant rise from previous years.
  • Common website tools flagged include tracking pixels (small images tracking visits), cookies (data storage files), session replay (recordings of user visits), and keystroke monitoring.
  • CIPA, enacted in 1967, allows statutory damages up to $5,000 per violation, attracting extensive litigation.
  • California lawmakers are reconsidering S.B. 690 in 2026 to narrow CIPA’s scope and reduce litigation burdens, with hearings scheduled this year.

The California Invasion of Privacy Act (CIPA), enacted in 1967 to ban unauthorized interception of electronic communications, is now fueling growing litigation against websites using common tracking technologies. In 2025, federal courts saw more than 800 claims alleging CIPA violations by websites employing techniques like tracking pixels—which are tiny images that track user visits—cookies that store user data, session replay scripts that record visitor actions, and keystroke monitoring tools capturing typed input.

This surge reflects sharper scrutiny on standard digital tracking methods. Industry experts highlight that plaintiffs argue these tools intercept communications without proper user consent, a core prohibition under CIPA.

CIPA’s penalty framework allows plaintiffs to seek up to $5,000 per violation, making it attractive for lawyers filing pre-suit notices, arbitration demands, and class actions. As legal analysis from Loeb & Loeb LLP explains, the main contention centers on whether tracking technologies activate before users give explicit consent on websites. The debate also focuses on whether opt-out methods like cookie banners or Global Privacy Control are respected immediately, as detailed by attorney Allison Cohen.

In light of this litigation increase, California lawmakers are actively reconsidering S.B. 690 during 2026. This bill proposes clarifying CIPA’s application to digital tracking and aims to reduce excessive lawsuits against website operators. Michael W. McTigue Jr. of Skadden LLP describes CIPA today as "a mess," underscoring tensions between a law designed before the internet and modern data practices (Skadden legal insight).

For corporate counsel and privacy professionals, these developments highlight the importance of ensuring real-time user consent before activating tracking tools and maintaining vigilance over CIPA interpretations. Failure to comply could lead to costly statutory damages and reputational risks.

By the numbers:

  • 800+ — federal CIPA claims filed in 2025 nationwide
  • $5,000 — maximum statutory damages per CIPA violation
  • 2026 — year California is reconsidering S.B. 690 to clarify CIPA

Yes, but: The interpretation of what constitutes interception under CIPA remains unsettled, leading to legal uncertainty despite legislative efforts.

What's next: California lawmakers will hold hearings on S.B. 690 throughout 2026, with potential amendments aimed at limiting CIPA’s scope for web tracking.