In a recent ruling out of the Northern District of California, the Court dismissed California Invasion of Privacy Act (“CIPA”) claims against clothing retailer The Gap Inc. (“Gap”), holding that a user’s “click” on a URL within a marketing email does not constitute “contents” of communication under CIPA.

This ruling follows the Court’s previous dismissal of the Plaintiff’s complaint, which we reported on here: COURT REFUSES TO EXTEND CIPA: Dismisses Privacy Claim Arising From Marketing Optimization Software – CIPAWorld.

The Allegations

In his First Amended Complaint (“FAC”), Plaintiff alleged that Gap invades customers’ privacy through the use of third-party tracking software, Bluecore, Inc., which embeds pixels and URLs in Gap’s marketing emails. Plaintiff alleged that these pixels and URLs are connected to hyperlinked images and text in the marketing emails such that when a customer clicks on an image or text in an email, “the URL is transmitted to Bluecore.”

Moreover, Plaintiff alleged that each URL is unique such that Bluecore knows when a customer opens an email, the exact images and words that a consumer clicked on and their location within the email.

Plaintiff also alleged that Bluecore uses JavaScript and other “persistent cookies” to continue to monitor customers as they navigate on Gap’s website. According to the FAC, Bluecore aggregates the data from a customer’s interaction with Gap’s emails and website to create a “highly detailed personal profile” of each customer.

Based on these allegations, Plaintiff brought causes of action for violations of CIPA, Cal Penal Code §§ 631(a) and 635, statutory larceny, Cal. Penal Code §§ 486 and 496, and violations of the California Unfair Competition Law, Cal. Bus. & Prof. Code §§ 17200, et seq.

CIPA Claims

Direct Liability

In the FAC, Plaintiff alleged that Gap “aided and abetted” Bluecore’s wiretapping, which would fall within § 631(a)’s fourth clause. See Cal. Penal Code § 631(a) (imposing liability on any person who “aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done” any of the foregoing violations outlined in subsection (a)). However, in his opposition to Gap’s motion to dismiss, Plaintiff raised two theories of direct liability against Gap.

First, Plaintiff suggested that Gap tapped “the private communications between Plaintiff and the Class Members (on the one hand) and their respective email providers (on the other)” by tracking when a Class Member opened one of Gap’s marketing emails. The Court was not persuaded, holding that email open rates are not content. Per the Court, if Plaintiff’s theory were accepted, it would stretch CIPA too far by “transform[ing] the routine routing of emails into standalone communications between email providers and their users.”

Second, Plaintiff suggests that Gap tapped third-party emails whenever a Class Member forwarded one of Gap’s marketing emails to another person. However, the FAC did not contain any allegations that such forwarding ever occurred, and Plaintiff did not explain how this would transform a marketing email from Gap into a third-party email.

Accordingly, the Court dismissed Plaintiff’s attempts to hold Gap directly liable under § 631(a).

§ 631(a): Clause One

The first clause of § 631(a) imposes liability on “any person who by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection … with any telegraph or telephone wire, line, cable, or instrument …” Cal. Penal Code § 631(a) (emphasis added). The Court agreed with previous rulings to find that this clause does not apply to internet communications.

§ 631(a): Clauses Two to Four

Clauses two and three of § 631(a) prohibit the unauthorized access to and use of the “contents” of any communications, and clause four prohibits aiding and abetting such conduct. Cal. Penal Code § 631(a). Courts have held that “contents” refers to the intended message conveyed by the communication and does not include record information regarding the characteristics of the message. See In re Zynga Priv. Litig., 750 F.3d 1098, 1106 (9th Cir. 2014). CIPA protects the communication itself and not information about a user’s communication.

Here, Plaintiff contended that a user’s “click” on a URL contained within Gap’s marketing emails is content, equating it to manually replying to the email expressing interest in and requesting additional information about the featured items.  The Court was not convinced by this characterization, explaining that the URLs appeared to serve merely a tracking or routing function.

Additionally, Plaintiff argued that the URLs in the marketing emails allowed Bluecore to “read” the substance of the emails by determining which link(s) Plaintiff and putative class members clicked on. The Court, however, reiterated that clicks are not protected content. The Court differentiated this case from In re Meta Pixel Healthcare Litigation, 647 F. Supp. 3d 778, 784, 795–96 (N.D. Cal. 2022), where a pixel embedded on a healthcare provider’s website enabled Meta to obtain information about patient status by capturing when a user logged into the patient portal, and sent Meta information about what the patient browsed on the portal, including doctors, medical conditions, and appointments. The court in In re Metal Pixel concluded that the log-in buttons and descriptive URLs that Meta obtained constituted content for purposes of CIPA because they contained the “query string,” which included user searches on the healthcare provider’s website. Here, however, Plaintiff did not allege that such communicative information was transmitted through the URLs to Bluecore.

Therefore, the Court dismissed the CIPA claims.

Statutory Larceny

Plaintiff also alleged that Gap’s conduct constitutes statutory larceny, because Gap “stole, took, and/or fraudulently appropriated Plaintiff and the Class members’ personal information without their consent” and for its own financial benefit. The Court dismissed this claim as well, noting that Plaintiff offered no explanation why the email data that Gap allegedly took was property that could be exclusively possessed or controlled.

Unfair Competition Law (“UCL”)

Lastly, Plaintiff alleged that Gap violated the UCL. The Court determined that claim failed because it was dependent on Plaintiff’s CIPA and statutory larceny claims.

Notably, Plaintiff’s FAC was dismissed without leave to amend. Admonishing Plaintiff’s counsel for “scattershot and vague assertions”, the Court stated that, “Both the FAC and Plaintiff’s opposition to the motion to dismiss read as if counsel is continuously shapeshifting in search of a legal theory that can be stretched to cover the facts of this case.”

The case is Efren Ramos, Plaintiff, v. The Gap, Inc., Defendant., No. 23-CV-04715-HSG, 2025 WL 2144837 (N.D. Cal. July 29, 2025).