Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out these posts and contact us with any questions.
The California Invasion of Privacy Act (CIPA) penalizes those “who willfully and without the consent of all parties to the communication . . . read, or attempt to read, or to learn the contents or meaning of any message, report, or communication.” Cal. Penal Code § 631 (cleaned up).
This rule seems sensible when applied to someone surreptitiously eavesdropping on a phone conversation. The law was passed in the 1960s to protect phone conversations from wiretaps, and if I am secretly listening in on your phone call, then my conduct may fall under the law.
But what happens if there is no third-party eavesdropper? Can I violate the law even when nobody is secretly listening in? Or, in other words, under CIPA, can I eavesdrop on my own conversation?
For many courts in California, the answer is no. These courts have explained that CIPA has a “one-party exception,” which provides that CIPA only applies where a third party to the conversation is actually eavesdropping on the conversation. But this exception has its limits. For example, the exception may not apply to third-parties that have promised in writing to use data it collects for specific, disclosed purposes. And while courts have traditionally drawn a distinction between actually listening into another’s conversation and merely recording another’s conversation, this distinction is harder to justify with some new technological tools.
If you have questions about complying with California, U.S., and global privacy laws, reach out. We can help you identify practical steps to limit your liability risk.