The California State Assembly’s Committee on Public Safety has voted to advance Senate Bill 690 (“SB 690”), but with a significant caveat – the proposed amendment to California’s wiretapping law, the California Invasion of Privacy Act (“CIPA”) will now proceed as a two-year bill. This will allow SB 690 to carry over into the 2026 legislative session for further consideration, potentially delaying the controversial amendment as businesses face an onslaught of CIPA demands.
SB 690, which we have been tracking here on CIPAWorld, seeks to exempt the use of website tracking technologies, such as pixels, cookies, and session replays, from CIPA, if these technologies are deployed for a “commercial business purpose.”
Senator Caballero, who introduced SB 690 in the California Senate earlier this year, opened the committee hearing by highlighting the rise of “abusive and predatory [CIPA] lawsuits” targeting small and family-owned businesses, nonprofits, and local retailers, noting that more than 1,700 businesses have been sued – primarily by just four law firms. Senator Caballero also emphasized that CIPA’s $5,000-per-violation penalty often compels businesses to settle, as litigation can be “financially devastating” even if the claim is meritless. She also cited the pattern of repeat plaintiffs, with some individuals filing over a hundred lawsuits, characterizing the trend as a “coordinated legal strategy” rather than a genuine privacy concern.
Instead, Caballero pointed to the California Consumer Privacy Act (“CCPA”) as a more appropriate enforcement mechanism, noting that the kinds of alleged violations being brought under CIPA are already addressed by the CCPA. Allowing these suits to proceed under CIPA, she argued, “goes against legislative intent, creates confusion, punishes compliance, and does not make Californians safer,” as private settlements do not establish stronger protections for consumers or clear rules for businesses.
To address concerns about consumer privacy, Senator Caballero proposed converting SB 690 into a two-year bill and referring it to the Assembly Privacy and Consumer Protection Committee.
Supporting Caballero at the hearing was Chris Argentieri, President and COO of the LA Times, who criticized the use of CIPA litigation against businesses for “routine activities” such as collecting consumer IP addresses. Argentieri described a CIPA lawsuit brought against the LA Times as “extortionist” and warned that it could jeopardize the organization’s survival.
Echoing similar concerns, organizations including the California News Publishers Association and the News/Media Alliance voiced support for SB 690, along with the Civil Justice Association of California, TechNet, the California Retailers Association, the Information Technology Industry Council, and the Independent Insurance Agents & Brokers in California.
However, on the other side of the aisle, two organizations voiced strong opposition during the hearing. A representative from the Dolores Huerta Foundation described SB 690 as “poorly drafted” and warned that it could permit technology companies to collect and share sensitive consumer data – such as immigration status, reproductive health information, and geolocation – with private entities and state agencies like ICE, putting marginalized communities at risk. Similarly, a representative from AJSOCAL raised concerns that surveillance stemming from website tracking could harm trafficking and domestic abuse survivors who rely on internet resources to seek help.
Additional opposition came from groups such as the Electronic Frontier Foundation (EFF), National Consumer Law Center (NCLC), Electronic Privacy Information Center (EPIC), California Employment Lawyers Association, TechEquity Collaborative, California Public Defenders Association, and Justice Teams Network.
Assembly Member Gonzalez addressed both sides of the debate, recognizing the burden that CIPA litigation imposes on small businesses while also voicing concern over the potential misuse of personal data, particularly among vulnerable communities. He ultimately expressed support for the bill, citing Senator Caballero’s commitment to ongoing dialogue and her willingness to address unintended consequences related to consumer privacy.
Vice Chair Alanis similarly voiced support, expressing confidence in Senator Caballero’s intentions, though he admitted he had not previously considered the potential risks to marginalized communities.
In her closing remarks, Senator Caballero reiterated her support for reproductive health and immigrant rights, stating that concerns raised during the hearing were already addressed by the CCPA. She stressed that CIPA lawsuits have targeted both large and small businesses, including nonprofits, and warned that anyone operating a website could be vulnerable. Without naming specific technologies, she noted that businesses were being sued for using tools they did not create. She concluded by underscoring the need for the Committee on Privacy and Consumer Protection to further examine the issue.
Finally, Committee Chair Schultz emphasized the importance of a “robust conversation” to strike the right balance. While he described the CIPA lawsuits as an “abuse of process,” he also acknowledged the need to guard against expanded surveillance by both private actors and government agencies. Upon confirming with Senator Caballero that SB 690 would move forward as a two-year bill, he recommended its passage and referral to the Privacy and Consumer Protection Committee for continued review.
As predicted, SB 690 continues to be hotly debated, reflecting growing tension between protecting consumer privacy and curbing exploitative litigation. Make sure to watch this space for the latest coverage on SB 690’s – now seemingly slower – passage through the state legislature.