California’s legal system should be used to uphold justice—not to line the pockets of trial lawyers exploiting outdated laws. Yet that’s exactly what’s happening today under the California Invasion of Privacy Act (CIPA), a criminal wiretapping statute from 1967 that is being twisted into a weapon against businesses.
Despite California’s modern and comprehensive Consumer Privacy Protection Act (CCPA)—the toughest privacy law in the nation—trial lawyers are filing an avalanche of “gotcha” lawsuits, claiming that normal online business activities like website analytics and online advertising violate CIPA. They argue that businesses must get “opt-in” consent before they can do routine things like saving a shopping cart or showing a targeted ad.
Without that explicit consent, businesses face lawsuits demanding $5,000 per website visit—under a criminal law intended for recording phone calls.
Since 2022, more than 1,500 lawsuits have been filed, and thousands more businesses have been hit with shakedown demand letters. Businesses—from small mom-and-pop shops to large employers—are being strong-armed into costly settlements they cannot afford, diverting resources from growth, job creation and true consumer privacy protections.
This abuse is counter to what the California Legislature intended. The CCPA created an “opt-out” regime for online privacy—a clear and modern framework. California businesses have spent years and millions of dollars complying with this law and the strengthened protections under the California Privacy Rights Act. Yet despite these good-faith efforts, trial lawyers are using an outdated 50-year-old criminal statute to sue businesses anyway.
That’s why California Citizens Against Lawsuit Abuse supports SB 690. This important legislation will stop the misuse of CIPA and restore the clear intent that online business activities be governed by the CCPA. SB 690 clarifies that activities already regulated under the CCPA are not subject to CIPA’s outdated wiretapping framework—preventing abusive lawsuits and protecting businesses of all sizes.
Without this fix, no business in California is safe.
We have heard from countless business owners—small, medium and large—who have been forced to pay settlements ranging from $10,000 to $50,000 just to avoid crushing legal costs.
Nonprofits aren’t immune either. Even major companies with millions of website visitors face staggering potential liability, often leading them to settle rather than risk astronomical verdicts.
This is the latest wave of abusive lawsuits, much like the flood of ADA-related litigation that targeted businesses in the past.
Only now, businesses are being sued even when they have fully complied with California’s privacy laws.
The solution is simple: a criminal statute from 1967, designed for wiretaps and trap-and-trace devices, should not control modern internet business practices.
The only reason this is happening is because CIPA allows for a private right of action—an open-door trial lawyers are rushing through.
SB 690 provides a smart, narrow solution. It leaves CIPA intact for real invasions of privacy, while making clear that compliance with the CCPA cannot be used as a basis for abusive litigation. This will protect jobs, innovation and real consumer privacy in California.
SB 690 is backed by a broad coalition—including small businesses, broadband providers, restaurants, news media and retailers—all recognizing the urgent need for reform.
We urge every Californian concerned about lawsuit abuse and protecting our economy to contact your state senator and ask them to support SB 690.
Let’s end this misuse of our legal system and put fairness back into California’s courts.
Victor Gomez
Executive Director, California Citizens Against Lawsuit Abuse
