Calif. Court: CIPA Claims Must Contain 'Embarrassing' or 'Invasive' Data Collection
A federal court narrowed the scope of the California Invasion of Privacy Act (CIPA) when it ruled recently that information must be “embarrassing, invasive, or otherwise private” to constitute an injury, said Covington lawyers in a blog post Thursday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
In the case, the U.S. District Court for Northern California applied the standard set by the 9th U.S. Circuit Court of Appeals in Popa v. Microsoft Corporation that compared tracking technologies to store clerks observing shoppers (see 2508270052). In Khamooshi v. Politico, the plaintiffs alleged that the Politico website collected information via tracking pixels related to their device type, browser type, and “device fingerprints” and transmitted it to third parties.
The district court originally dismissed case 24-cv-07836, calling the complaint too vague, but the plaintiffs filed an amended suit. That complaint was dismissed because the allegedly collected data, listed above, was not specific enough to claim a concrete privacy injury.
The decision in Khamooshi “reinforces the need” for plaintiffs to ensure they make allegations that “embarrassing, invasive, or otherwise private information” was collected in order to pursue privacy claims, the lawyers said.