Websites and Wiretap Laws: Emerging Trends in Privacy Class Action Litigation Risks
As an onslaught of recent class actions allege, companies may be liable for eavesdropping and wiretapping based on the use of common analytics software on their platforms.
For instance, in California, plaintiffs have filed hundreds of lawsuits against a broad range of businesses, alleging that using common online software or technologies like chatbots and cookies on their websites without express consumer consent constitutes unlawful eavesdropping or wiretapping under the California Invasion of Privacy Act (“CIPA”), Cal. Penal Code §§ 630, et seq. This 1967 law, enacted in the era of rotary telephones, is now being used to challenge the use of common third-party software that aids businesses in analyzing consumer activity and engagement with their websites. Because CIPA provides for statutory damages of $5,000 per violation, companies run the risk of significant exposure if CIPA claims are ultimately successful.
California courts have diverged in their approach to these CIPA cases: Courts following Graham v. Noom, 533 F. Supp. 3d 823 (N.D. Cal. 2021) and its progeny have required plaintiffs to plausibly allege that the third-party software (e.g., chatbot) provider uses purportedly intercepted information for its own purpose to support claims that the third-party provider is an unlawful eavesdropper. By contrast, courts relying on Javier v. Assurance IQ, LLC, 649 F. Supp. 3d 891 (N.D. Cal. 2023) and related cases merely require plaintiffs to claim that the software provider has the capability for such use. The California Supreme Court has yet to decide the issue.
Across the country, the Massachusetts Supreme Court is poised to rule on whether the use of analytics software to collect website browsing activity constitutes eavesdropping under the Massachusetts Wiretap Act. The court recently heard oral argument in Vita v. New England Baptist Hospital, et al., Case No. SJC-13542, in which the plaintiff alleged that multiple companies unlawfully eavesdropped on her communications when she browsed the websites of several hospitals that used such software without obtaining consumer consent. Like California courts, the Massachusetts justices appeared particularly concerned that the hospitals could “sell” purportedly intercepted information to advertisers or otherwise profit from such information without the consent of the website visitors. A decision from the court is forthcoming.
Ultimately, state legislatures may need to weigh in on whether decades-old wiretap laws apply to modern communications technology. Until then, companies would be wise to provide explicit disclosures and obtain express consent when utilizing analytics software on their consumer-facing platforms.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Related Attorneys
Related Articles
Related Capabilities
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
As an onslaught of recent class actions allege, companies may be liable for eavesdropping and wiretapping based on the use of common analytics software on their platforms.
For instance, in California, plaintiffs have filed hundreds of lawsuits against a broad range of businesses, alleging that using common online software or technologies like chatbots and cookies on their websites without express consumer consent constitutes unlawful eavesdropping or wiretapping under the California Invasion of Privacy Act (“CIPA”), Cal. Penal Code §§ 630, et seq. This 1967 law, enacted in the era of rotary telephones, is now being used to challenge the use of common third-party software that aids businesses in analyzing consumer activity and engagement with their websites. Because CIPA provides for statutory damages of $5,000 per violation, companies run the risk of significant exposure if CIPA claims are ultimately successful.
California courts have diverged in their approach to these CIPA cases: Courts following Graham v. Noom, 533 F. Supp. 3d 823 (N.D. Cal. 2021) and its progeny have required plaintiffs to plausibly allege that the third-party software (e.g., chatbot) provider uses purportedly intercepted information for its own purpose to support claims that the third-party provider is an unlawful eavesdropper. By contrast, courts relying on Javier v. Assurance IQ, LLC, 649 F. Supp. 3d 891 (N.D. Cal. 2023) and related cases merely require plaintiffs to claim that the software provider has the capability for such use. The California Supreme Court has yet to decide the issue.
Across the country, the Massachusetts Supreme Court is poised to rule on whether the use of analytics software to collect website browsing activity constitutes eavesdropping under the Massachusetts Wiretap Act. The court recently heard oral argument in Vita v. New England Baptist Hospital, et al., Case No. SJC-13542, in which the plaintiff alleged that multiple companies unlawfully eavesdropped on her communications when she browsed the websites of several hospitals that used such software without obtaining consumer consent. Like California courts, the Massachusetts justices appeared particularly concerned that the hospitals could “sell” purportedly intercepted information to advertisers or otherwise profit from such information without the consent of the website visitors. A decision from the court is forthcoming.
Ultimately, state legislatures may need to weigh in on whether decades-old wiretap laws apply to modern communications technology. Until then, companies would be wise to provide explicit disclosures and obtain express consent when utilizing analytics software on their consumer-facing platforms.
This article is available in the Jenner & Block Japan Newsletter. / この記事はJenner & Blockニュースレターに掲載されています。
Related Attorneys
Related Articles
Related Capabilities
© 2026 Jenner & Block LLP. Attorney Advertising. Jenner & Block LLP is an Illinois Limited Liability Partnership including professional corporations. This publication, presentation, or event is not intended to provide legal advice but to provide information on legal matters and/or firm news of interest to our clients and colleagues. Readers or attendees should seek specific legal advice before taking any action with respect to matters mentioned in this publication or at this event. The attorney responsible for this communication is Brent E. Kidwell, Jenner & Block LLP, 353 N. Clark Street, Chicago, IL 60654-3456. Prior results do not guarantee a similar outcome. Jenner & Block London LLP, an affiliate of Jenner & Block LLP, is a limited liability partnership established under the laws of the State of Delaware, USA and is authorised and regulated by the Solicitors Regulation Authority with SRA number 615729. Information regarding the data we collect and the rights you have over your data can be found in our Privacy Notice. For further inquiries, please contact dataprotection@jenner.com.
News and Insights
Publications
Emily Loeb Discusses Congressional Oversight Preparedness in Bloomberg Law
Partner Emily Loeb, co-chair of Jenner & Block's Congressional Investigations Practice, spoke with Bloomberg Law article about how companies can prepare for potential oversight exposure ahead of this fall's midterm elections.
July 7, 2026
Publications
In New York Law Journal, The True Lender Doctrine and the OppFi Decision
Partners Jeremy Creelan, Michael Ross, Megan Poetzel, and Laurel Loomis Rimon, and Associate Molly Oberstein-Allen authored an article for the New York Law Journal examining the "True Lender" doctrine in light of a May 2026 California decision that provides the most detailed judicial framework to date for evaluating bank-nonbank lending partnerships.
July 1, 2026
Event
Partner Michael Vernick to Speak at NACUA's 2026 Annual Conference
On July 1, Partner Michael Vernick will speak on a panel at the National Association of College and University Attorneys (NACUA) 2026 Annual Conference in Nashville.
July 1, 2026
Publications
In Employee Relations Law Journal: What Happens When ERISA Disability Deadlines Slip
Partner Joseph Torres along with Associates Emma O'Connor and Christopher LeWarne, authored an article for the Employee Relations Law Journal analyzing a significant Fourth Circuit decision with substantial consequences for ERISA disability plan administrators.
June 23, 2026