California State Sen. Anna Caballero, D-Fresno
SACRAMENTO —A bill to reduce predatory privacy lawsuits against California small businesses unanimously passed the state Assembly’s Committee on Privacy and Consumer Protection last week, but tort reform advocates say the measure doesn’t go far enough.
Senate Bill 690, authored by Sen. Anna Caballero (D-Merced), was referred to the Assembly Appropriations Committee. During a review before the privacy panel on July 1, Caballero agreed to amend the measure to target a specific section of the 1967 California Invasion of Privacy Act (CIPA) rather than preclude a broader range of privacy lawsuits involving CIPA.
The Stop CIPA Shakedown Lawsuits Coalition, a group of business, nonprofits and individuals, said in a statement last week that the coalition is grateful for Caballero’s leadership in advancing the bill, which aimed to reduce what supporters said were frivolous lawsuits against businesses using the state’s outdated wiretapping law.
These lawsuits have been advanced based on the theory that businesses’ and nonprofits’ basic website tools – used in payment processing, customer service communications and appointment scheduling – routinely run afoul of CIPA, even though the wiretapping law was focused mainly on telephone communication privacy and predates the invention of the internet, according to California Citizens Against Lawsuit Abuse.
“In the past four years, over 3,700 CIPA shakedowns have been filed in California, with tens of thousands more estimated demand letters sent,” California CALA reported.
The state Legislature’s analysis of SB 690 said that prior to the recent amendments, the measure would have provided businesses with an exemption from all civil and criminal liability under CIPA if businesses could show a disputed website tool was for a “commercial business purpose.” This provision could have shielded legitimate privacy violations, the analysis said.
Caballero agreed to amend the bill to eliminate the provision of CIPA that allowed civil lawsuits against private actors for certain CIPA violations arising from website issues. Instead of private rights of action, the amended bill would allow the state attorney general to enforce CIPA violations – in particular the sections dealing with the use of a “pen register” (to capture outgoing electronic addressing information) and a “trap and trace” device (to capture incoming addressing data).
“The amendments adopted by the Assembly Privacy and Consumer Protection Committee represent a positive step forward by closing one avenue for abusive litigation,” the coalition reported. “However, additional major pathways for frivolous lawsuits remain intact, leaving businesses across every industry – from solar to plumbing to farming to entrepreneurial startups – vulnerable to predatory litigation.”
A coalition spokeswoman told the Southern California Record that the group will continue to work with lawmakers to strengthen the bill as it advances.
“The bill passed out of committee with a 14-0 vote, and while there is still more work to be done, it has continued to gain support,” she said.
The amended bill would also apply retroactively to any covered claim filed within two years prior to the bill’s operative date.
“The pen register statute has become a poster child for abusive lawsuits,” the Legislature’s analysis of SB 690 states. “Enterprising plaintiffs’ attorneys have exploited the statute at scale to go after businesses using third-party software to enable advertising on their websites. Because the potential liability can be staggering, businesses generally settle this litigation hastily, encouraging vexatious litigants to continue blasting out demand letters.”
Claims filed under CIPA can include statutory damages of $5,000 per violation.
A version of SB 690 passed the state Senate last year.
