
On July 1, 2026, Usama Kahf, partner and Co-Chair of Fisher Phillips’ Privacy and Cyber Practice Group testified before the Privacy Committee of the California State Assembly in support of Senate Bill 690 in an effort to thwart abusive lawsuits brought under the guise of protecting consumers.
The Bill as originally introduced by Sen. Anna Caballero (D-Merced) was designed to curb what supporters call a “shakedown” of businesses under the state’s decades-old wiretapping law. The legislation was a push to partially reform the California Invasion of Privacy Act (CIPA) to curb the flood of wiretapping suits being brought against websites for use of widely-accepted practices, such as cookies, which are legal and appropriate under other statutes.
Context:
By way of background, CIPA was enacted in 1967 to address wiretapping and eavesdropping and it contains broad language banning “intercepting” communications without consent and prohibits “pen registers” and “trap and trace devices” absent a court order. Because CIPA predates the modern internet, it contains no clear statutory provisions or legal guidance tailored to website tracking technologies or regulations. But, despite any clear statutory language, plaintiffs across the country have used CIPA to file thousands of lawsuits against websites visited by California residents. They argue that routine digital tools and software like cookies, pixels, session replay, chat widgets, search bars, and ADA accessibility tools fall into the category of illegal “pen registers” or “trap and trace devices” under CIPA because they capture information without consumer consent.
Testimony:
Usama testified that over 3,800 lawsuits have been filed involving businesses that complied with the California Consumer Privacy Act (CCPA) yet were still sued under the broad language of CIPA for using ordinary website cookies, including for analytics and cybersecurity. He noted that Fisher Phillips alone has handled about 250 of these type matters, and he explained that “[a]pplying CIPA to ordinary website technology does not protect consumers. Instead, it has become a shakedown of over 50,000 website operators, including small businesses, non-profits, and public agencies.”
Ultimately, Usama urged for the passage of SB 690 to help decrease excessive litigation while still preserving California’s strong privacy protections.
Why it Matters:
Plaintiffs argue that penalties under the wiretapping provision can stack at $5,000 per third-party cookie, per visitor, per session on the website, which means damages can escalate quickly even when a business uses common, widely available tools in good faith and in full compliance with the CCPA, the only law on the books with specific regulations addressing use of cookies on websites.
This is why a wide range of community interests also testified in favor of SB 690 and dozens of businesses, community activists, nonprofits, and industry associations showed up to express support, including Jeff Glasser, General Counsel of the LA Times.
Status:
At the end of the hearing the committee voted to advance SB 690, and the proposed legislation now heads to the Assembly Appropriations Committee for an August hearing.
Usama and the Fisher Phillips Consumer Privacy Team will continue to track SB 690 as it moves through the Legislature.
For more information on SB 690 and to listen to Usama’s testimony, please visit: Bill to Curb California Wiretapping Lawsuits Makes Progress: 5 Takeaways from FP’s Testimony Before the State Legislature
About Fisher Phillips
The Fisher Phillips Consumer Privacy Team provides strategic, experienced defense for clients facing state or federal wiretapping and invasion of privacy claims arising from the use of tracking technologies – such as cookies, pixels, beacons, and similar tools – in websites, apps, and marketing communications. They have deep experience litigating claims under key statutes including CIPA and CCPA, and they have created a Digital Wiretapping Litigation Tracker to provide a comprehensive view of digital privacy litigation matters filed across all fifty states. It includes all litigation filed alleging a privacy claim involving the use of digital tracking technologies, such as cookies, pixels, and beacons, embedded in websites, apps, or marketing emails.
