9th Circuit Justice's Opinion Tees Up Idea That CIPA Doesn't Apply to Internet Communications
The 9th U.S. Circuit Court of Appeals on Wednesday dismissed claims that shoe company Converse aided and abetted violations of the California Invasion of Privacy Act (CIPA) when it used a Salesforce chat function. While the three-judge panel affirmed summary justice of the district court, one judge went a step further, and said the wiretapping clause of the Act should not apply to internet communications.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
"The record is devoid of evidence that Salesforce made an unauthorized connection through telephone wire, line, cable, or instrument with the messages sent by" the plaintiff, said Circuit Judges Jay Bybee, Sandra Segal Ikuta and Danielle Forrest. Additionally, "no evidence exists from which a reasonable jury could conclude that Salesforce 'read or attempt[ed] to read' the 'contents or meaning of any message, report, or communication' sent by" the plaintiff.
Gutierrez v. Converse, case 24-4797, alleges that Converse allowed third party entities to record and commoditize the communications on the website's chat feature, in violation of CIPA, as well as the California Unauthorized Access to Computer Data Act.
In a separate concurrence, Bybee goes even further to say that CIPA's clause in question in this case -- 631(a) -- "does not apply to internet communications." The clause "penalizes the use of any instrument to wiretap (or 'make any unauthorized connection') 'with any telegraph or telephone wire, line, cable, or instrument,'” he said. "Today’s smartphones do not send messages over a 'telephone wire' as that phrase was understood in 1967 when the California legislature passed CIPA ... for this reason, simply sending a message on an iPhone (and through an internet browser) does not automatically implicate" CIPA.
"The purpose of the act was to protect the right of privacy by, among other things, requiring that all parties consent to a recording of their conversation," Bybee continued. "If the California legislature wanted to apply 631(a) to the internet, it could do so by amending that provision or adding to CIPA’s statutory scheme."
But "California has failed to update 631(a) to account for advances in technology since 1967," he said. "It is not our job to do it for them."
A blog post from CIPAWorld published Thursday noted that "Justice Bybee’s opinion aligns squarely with the legislative intent behind Senate Bill 690, which seeks to exempt the use of website tracking technologies, such as pixels, cookies, and session replays, from CIPA, if these technologies are deployed for a 'commercial business purpose.'" The California legislature introduced the bill to amend the old statute this session, but postponed it until next year (see 2505230062 and 2507010057).