9th Circuit Ruling and Failed CIPA Reform Open One Door and Shut Another for Privacy Class Action Reprieve

Want to receive these privacy recaps in your inbox each week? Subscribe here.

Two recent legal developments in California highlight the evolving complexities businesses face when designing digital consent mechanisms.

While the 9th Circuit Court of Appeals provided welcome clarity for website operators in a biometric privacy case, demonstrating that thoughtful consent design can withstand legal scrutiny, California legislators failed to pass relief from a 1960s-era wiretapping law that has become a powerful tool against standard business technologies.

Together, these developments underscore the critical importance of understanding both federal circuit court precedent and state-specific privacy enforcement trends when crafting consent strategies.

United States

9th Circuit Upholds Consent to Terms of Service in Biometric Case.

Reversing a district court opinion, the 9th Circuit Court of Appeals remanded an Illinois Biometric Information Privacy Act case against Millionaire Match to compel arbitration pursuant to an arbitration provision in the dating website’s Service Agreement. 

The 9th Circuit found that Millionaire Match provided reasonably conspicuous notice of its Service Agreement by using uncluttered visuals and specifying, in a single phrase in bold in the natural flow of the user’s actions, that the user needed to review and agree to the terms and conditions of the agreement and check the “Agree” box and that, if the user declined, the user would not be given access to the site.

TAKEAWAY

The opinion makes a point of emphasizing the “totality-of-the-circumstances” analysis that must be applied in assessing whether a website provides reasonably conspicuous notice of the terms to which the consumer will be bound, considering together both the visual design of the webpages and the context of the transaction.

In this case, although the hyperlinks to the Service Agreement and Privacy Policy were not in a contrasting font color and did not use all capital letters (aspects that have been found in other cases to contribute to a failure to provide reasonably conspicuous notice), the court found that those aspects did not undercut other aspects of the design, as well as the context, in which the court assumed the plaintiff, as “a reasonable internet user” would be more vigilant in looking for contractual terms when the context of the transaction (creating an account with Millionaire Match) reasonably implies a contractual relationship.

Bill Carving Commercial Purposes Out of CIPA Fails to Pass in 2025.

California Senate Bill 690, which proposed to exempt “commercial business purposes” from California’s law prohibiting wiretapping or use of a pen register or trap and trace device without consent, has missed the August 29 deadline to clear the appropriations committee, which makes it ineligible for a subsequent vote on the floor in 2025. 

TAKEAWAY

The California Invasion of Privacy Act (CIPA), which was enacted in 1967 to address the interception of private telephone conversations and routing information, has been a popular tool in recent years for the plaintiff’s bar to attack, under CIPA’s private right of action, commercial use of web pixels, session replay software, and chatbots, alleging that the technologies intercept and transmit to third parties information about user interaction with the websites in violation of CIPA. 

The rise in filings and success in the courts (overcoming motions to dismiss in several cases) has forced companies to assess whether and how to marry CIPA’s consent requirements with the California Consumer Privacy Act, which, in many circumstances, would require extension of an opt-out right (rather than consent) for the same activity. 

According to Senator Caballero, who introduced the bill, SB 690 was an attempt to “stop the abusive lawsuits against businesses and nonprofits…for standard online business activities that are already regulated by the California Consumer Privacy Act (CCPA)”. Her attempt will have to be on hold until the next legislative session, however.  

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.