We are pleased to report that California SB 690 received a favorable unanimous vote during a California Senate Public Safety Committee hearing held on April 29, 2025.  The hearing represented a vital step in advancing SB 690. The EIA was present, represented by a member company, voicing strong support for the bill. The committee heard testimony from both supporters and opponents, underscoring the significance and complexity of this issue for California businesses and consumers.

The Problem: CIPA Lawsuits Threatening Ecommerce

As discussed in a previous blog post, small and mid-sized ecommerce members of the EIA are facing a troubling surge of lawsuits filed under California Invasion of Privacy Act (CIPA). These lawsuits allege that common website technologies like cookies and pixels, often essential for online operations, constitute illegal “pen registers” or “trap and trace” devices if explicit “opt-in” consent was not obtained. Trial lawyers are utilizing a wiretapping statute, originally designed for telephones, to target modern online activities.

During the hearing, Senator Anna M. Caballero, the bill’s author, clearly articulated the issue: a handful of trial lawyers are using a 1967 criminal wiretapping statute to send thousands of demand letters and sue over 1500 businesses. These lawsuits claim that typical online activities such as website analytics or online advertising constitute illegal wiretapping or pen registers. Plaintiffs’ attorneys argue businesses need opt-in consent for activities like saving a shopping cart or showing an ad. These attorneys are reportedly suing businesses for $5,000 for every visit to their website.

This interpretation is deeply problematic for several reasons highlighted by supporters during the hearing and in previous EIA communications:

• It Circumvents the CCPA: The California Consumer Privacy Act (CCPA) is California’s comprehensive data privacy law. Enacted in 2018 and strengthened in 2020 via ballot initiative, the CCPA requires businesses to disclose data practices and provides consumers with opt-out rights regarding the sale of their personal information. Businesses have invested heavily to comply with the CCPA’s framework. The CCPA was specifically designed as a civil law to govern online privacy and consumer data control using an opt-out regime. Suing under CIPA for behavior regulated or permitted by CCPA short circuits this legislative intent. As Senator Caballero noted, if changes are needed regarding current online practices, the appropriate place is through CCPA reform, a complex process of negotiation and democratic accountability, not by shoehorning them into an old eavesdropping statute.
  
• It Targets Standard Business Practices: Common online activities are fundamental to modern ecommerce. Businesses rely on these technologies to operate effectively. Brandon Riley, a partner at Manat Phelps and Phillips specializing in privacy law, confirmed that if a company has a website, it has likely received a demand letter or will soon, affecting small businesses, startups, nonprofits, and health providers. Third-party cookies, targeted by these suits, ensure websites run properly, provide smooth user experiences, report traffic, and allow cost-effective outreach.
  
• It Leads to “Shakedown Lawsuits”: Lawsuits often result in demand letters and threats of costly litigation, with potential statutory damages of $5,000 per violation. Trial lawyers are suing businesses for $5,000 for every website visit. Faced with expensive legal battles, businesses are pressured to settle for significant costs, often between $10,000 and $50,000 for smaller businesses, simply to make the case “go away”. As the Senator pointed out, these settlements do not fix anything or create clearer rules; they just end one case. This abusive litigation is described as doing “nothing to help consumer privacy”. Senator Caballero also noted the Attorney General has not brought claims under CIPA, but rather under CCPA for non-compliance with its detailed opt-out provisions.
  
• It Contradicts CIPA’s Intent: CIPA was designed for telephone wiretapping, not the internet. Chris Argentieri, President of the Los Angeles Times, testified that lawyers are “stretching a 1967 criminal statute beyond recognition”. The multi-billion dollar liability claims resulting from this interpretation could amount to an “extinction level event” for many publishers and a level of bankruptcies “unlike the state has ever seen”. For smaller sites, defense costs alone can be catastrophic.

SB 690: The Proposed Solution

SB 690 offers a common-sense solution by clarifying that business activities already regulated by the CCPA are not within the scope of CIPA. It seeks to exempt commercial business purposes, narrowly defined to include standard internal business operations tied to the CCPA’s definition and activities subject to the CCPA’s opt-out requirements.

Supporters emphasized the benefits of SB 690:

• Provides Legal Certainty: It will offer much-needed clarity for California businesses.
• Protects CCPA Compliance: Businesses complying with CCPA will not be penalized under an outdated statute.
• Supports Small and Mid-Sized Businesses: It helps protect businesses from exploitative lawsuits and unaffordable costs.

Beyond the EIA, the bill garnered broad support from numerous organizations representing media, retailers, insurance agents, and more.

Concerns and Committee Discussion

Not surprisingly, opponents of the bill, primarily consumer attorneys and privacy groups, voiced concerns about the bill and tried to defend the flood of litigation. Key opposition points included:

• The bill is an “overreaction” that could exempt technology companies from anti-surveillance laws.
• It might affect litigation against “tech giants and data brokers,” not just everyday businesses. Melissa Gardner from Consumer Attorneys of California suggested that typical defendants are not everyday businesses but tech giants. Tracy Rosenberg from Oakland Privacy cited cases against Oracle, Google, and Amazon as examples of critical consumer litigation.
• Concerns were raised about the bill’s potential retroactivity, meaning it could impact pending lawsuits.
• Opponents argued CIPA protects against hidden tracking that CCPA cannot address and is critical for protecting vulnerable groups, such as immigrants and women seeking reproductive rights.

Several Senators on the committee, including Senator Weiner and Senator Page, echoed concerns about the retroactivity provision and questioned whether the bill should protect large tech companies versus focusing relief on smaller businesses and media outlets disproportionately impacted by these lawsuits. Senator Caballero indicated a willingness to consider amendments regarding retroactivity, emphasizing the bill’s primary purpose is prospective clarity to stop abusive lawsuits under an outdated criminal statute, not to undermine the CCPA framework. She noted that if changes are needed regarding current online practices, the appropriate place is through CCPA reform, a complex process of negotiation and democratic accountability, not by shoehorning them into an old eavesdropping statute. Senator Caballero also clarified that the CCPA was negotiated as the regulatory framework for all electronic businesses, including smaller ones who often use larger platforms. The Vice Chair of the Committee, Senator Seyarto, also highlighted the “shakedown lawsuit” nature of the litigation, noting that the suits do not fix anything and the costs are often passed to consumers.

Moving Forward

Despite the concerns raised, the committee ultimately voted unanimously to advance SB 690 to the appropriations committee. This is a positive step, but as the discussion highlighted, the bill may undergo further amendments as it moves through the legislative process.

The EIA will continue its active engagement. The Alliance is educating policymakers on the real impact of current CIPA litigation on ecommerce, ensuring the voices of small and mid-sized members are heard, and advocating for a fair balance that protects consumers while allowing ecommerce brands to thrive. SB 690 remains a crucial step in achieving this balance. Senator Caballero expressed willingness to continue working with the opposition to find a way to meet in the middle.

Membership and engagement are vital as the EIA works together to create a more predictable and fair legal environment for e-commerce innovation.