Ninth Circuit CIPA Ruling Offers Relief to Chat Providers

Harrison Brown

Email

424-239-3433

Bio and Articles

Ana Tagvoryan

Email

424.239.3465

Bio and Articles

Victor J. Sandoval

Email

424-239-3391

Bio and Articles

Find Your Next Job !

Associate Litigation Attorney

Paralegal - Illinois

Social Services Attorney

Explore More Job Openings

Ninth Circuit Upholds Converse’s Win in CIPA Chat Case: What the Gutierrez v. Converse Decision Means for Online Businesses

by: Harrison Brown, Ana Tagvoryan, Victor J. Sandoval of Blank Rome LLP - Publications

Tuesday, July 15, 2025

Print Mail Download info_icon_img

/>i

Introduction

The intersection of digital customer service tools and privacy law continues to generate high-stakes litigation, especially in California, where the California Invasion of Privacy Act (“CIPA”) has become a frequent basis for lawsuits against companies using website chat features, pixels, and other kinds of tracking technology. In the latest development, the Ninth Circuit Court of Appeals issued an unpublished opinion in Gutierrez v. Converse Inc., affirming summary judgment in favor of Converse. The decision provides important guidance on the evidentiary standards required in CIPA cases involving internet-based communications, while leaving open key questions about the statute’s reach in the digital age.

District Court Proceedings: The Scope of CIPA and Online Chat

The underlying lawsuit arose from Converse’s use of an online customer service chat feature, which was provided by Salesforce, and allowed website visitors to communicate directly with Converse customer service agents. Plaintiff Nora Gutierrez claimed that these online chat communications were intercepted in violation of CIPA Section 631(a), a statute originally designed to protect the privacy of telephone and telegraph communications.

Converse moved for summary judgment, arguing that the online chat feature did not implicate the types of communications covered by CIPA’s first clause, which targets unauthorized connections to “telegraph or telephone wire, line, cable, or instrument.” The district court agreed, holding that internet-based chat messages are not analogous to traditional telephone communications as contemplated by the statute. The Court also found that the third-party chat provider, Salesforce, did not engage in eavesdropping as defined by CIPA’s second clause: messages were encrypted in transit and stored behind password protection, and there was no evidence that Salesforce “willfully and without consent” read or attempted to read the contents of any communication. As a result, the Court granted summary judgment for Converse on all CIPA claims.

The Ninth Circuit’s Opinion: Affirming on Evidentiary Grounds

On appeal, the Ninth Circuit affirmed the district court’s decision, focusing on the plaintiff’s failure to meet her evidentiary burden under CIPA Section 631(a). The Ninth Circuit addressed claims under three key clauses of the statute:

The first clause, addressing wiretapping, prohibits intentionally tapping or making any unauthorized connection with any telegraph or telephone wire, line, cable, or instrument.
The second clause, addressing eavesdropping, prohibits willfully reading or attempting to read or learn the contents or meaning of a message in transit over such wires, lines, or cables.
The fourth clause, providing for secondary liability, prohibits aiding, agreeing with, employing, or conspiring with any person to do any of the acts prohibited by the first three clauses.

The Ninth Circuit found that Gutierrez failed to present evidence from which a reasonable jury could conclude that Salesforce made any unauthorized connection to a telephone wire or instrument, or that it read or attempted to read the contents of any message in transit. The Court also found no evidence to support a claim that Converse aided or abetted any such violation. In short, the plaintiff did not meet her evidentiary burden to create a triable issue of fact under any of the relevant CIPA clauses.

Crucially, the Ninth Circuit did not reach the broader legal question of whether CIPA Section 631(a) applies at all to internet-based communications like website chat features. This means that, in a future case with different facts or a more developed record, the question of the first clause of CIPA’s application to internet communications could be revisited.

In a separate concurrence, Judge Bybee argued that the Court should have gone further and held as a matter of law that CIPA Section 631(a)’s first clause does not apply to Internet communications at all. He pointed to the statute’s text, legislative history, and the weight of district court authority, all of which support the view that the first clause is limited to traditional telephony and does not reach modern internet-based chat. Judge Bybee’s concurrence signals a willingness among some jurists to resolve these cases on statutory interpretation grounds, rather than on the sufficiency of the evidence.

Implications for Businesses: Practical Advice

Although the Ninth Circuit’s opinion is unpublished, it is likely to be persuasive in future cases involving similar facts. The decision underscores the importance of the evidentiary burden in CIPA litigation: plaintiffs must present concrete evidence that a third-party provider actually intercepted, read, or attempted to read the contents of communications in real time, not merely that such interception was possible.

For businesses, the Gutierrez decision underscores several practical points. First, the case demonstrates the value of documenting privacy and security practices. Businesses should be prepared to show, with evidence, that their systems and vendors do not access or use the contents of user communications without consent.

Second, the decision serves as a reminder that the legal landscape regarding CIPA’s application to Internet-based communications remains unsettled at the appellate level. Businesses should continue to monitor legal developments in this area and consult with counsel regarding compliance strategies.

Finally, even though the current evidentiary bar is high for plaintiffs, companies should not become complacent. Clear and conspicuous user disclosures and consent mechanisms remain a best practice to mitigate litigation risk, especially as courts and legislatures continue to grapple with the scope of privacy protections in the digital age.

Conclusion

The Ninth Circuit’s decision in Gutierrez v. Converse provides some comfort for businesses using online chat features and other tracking technology, as it highlights the high evidentiary bar plaintiffs must clear to prevail on CIPA claims involving internet-based communications. However, the Court’s narrow approach leaves open the possibility of future challenges. Businesses should remain vigilant, ensure robust privacy and security practices, and stay abreast of ongoing legal developments in this rapidly evolving area.