Ninth Circuit Report

• Publication year: 2024
• Citation: Vol. 49 No. 1
• Author: Anne-Marie Dao

NINTH CIRCUIT REPORT

AUTHORS

Anne-Marie Dao
Sheppard Mullin

Wynter Deagle
Sheppard Mullin

Dane Brody Chanove
Sheppard Mullin

Happy Spring, Ninth Circuit Report readers! By the time this issue of New Matter comes out, hopefully the rainy season is behind us and we can enjoy some sunshine. This issue of the Report features guest co-authors, Wynter Deagle and Dane Brody-Chanove, and discusses one of the plaintiff's bar's newest privacy litigation theories.

BACKGROUND

The past year has seen plaintiffs breathe new life into old privacy statutes. One such statute is the California Invasion of Privacy Act (CIPA), which is a privacy law from 1967. Innovative arguments for civil liability under CIPA are being made by the plaintiffs' bar based on businesses' utilization of common internet technologies. The focus was first on website chatbots and third-party vendors intercepting the contents of consumer communications. Then, the focus shifted to the idea that the internet technology illegally eavesdrops upon and wiretaps website consumers. Next, CIPA cases filed argued that online targeted advertising technology exposes the identities of anonymous consumers, constituting illegal "doxing."

The newest CIPA litigation trend has been concentrated on an obscure CIPA provision, California Penal Code § 638.51. This provision prohibits the installation or use of a pen register—a device traditionally used by law enforcement officers that allows them to record all outgoing numbers from a particular telephone line without a court order. Legislative history demonstrates that Section 638.51 aimed to establish a legal framework for law enforcement to obtain warrants.

INTERNET TECHNOLOGY, AND PLAINTIFFS' NEW THEORY

With respect to CIPA cases, internet technology refers to the use of cookies, web beacons, pixels, script, or software code to gather information about users and their devices as they interact with websites or mobile applications. Website operators and vendors will then use this information gathered to generate insights about users' online behaviors.

The new CIPA litigation trend directly challenges the ability of website owners to use these common internet technologies,

[Page 45]

asserting that the technologies qualify as an illegally installed "pen registers." Section 638.50(b) of CIPA defines a pen register as a "device or process that records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic...