Judge: Consumers Lack Expectation of Privacy in IP Addresses, Other Metadata

In case 3:25-cv-00225, Rodriguez v. Culligan International Co., plaintiff Rebeka Rodriguez said that she visited Culligan’s website, which had “tracking spyware” installed on it. Since Rodriguez was unaware of the tracking technology, nor gave consent to be tracked, the company violated CIPA, her complaint said.

But the U.S. District Court for Southern California dropped the suit Monday, ruling that the plaintiff lacked standing. “Instead of pointing to any specific tort, Rodriguez broadly contends that any invasion of a statutorily recognized privacy interest is sufficient to constitute an Article III injury,” which is “not enough,” the court said.

The information collected included email and IP addresses, computer operating system and web browser names and version numbers and geolocation data.

Judge Anthony Battaglia said “courts have consistently held that internet users have no expectation of privacy in their IP addresses” and the other data collected. He also noted that Rodriguez is a consumer privacy advocate who works as a “tester” to ensure companies are in compliance with California’s privacy law, which other courts have said is grounds for dismissal (see 2504090055).

In his LinkedIn post, Kahf called the district court decision “good” and said it included two key holdings. One was that “alleging a statutory violation of CIPA does not mean you have alleged enough to show you've suffered legally cognizable harm,” which follows in the footsteps of other recent court decisions (see 2510270015 and 2508270052).

Additionally, this case dealt specifically with “metadata about communications with the website, and none of this is data that internet users have any expectation of privacy in.”