California Business Coalition Urges CIPA Reform During Small Business Month to Curb Website Lawsuits

SACRAMENTO — A broad coalition of California businesses and organizations is using May’s Small Business Month to intensify its campaign for legislative reform, arguing that a 60-year-old wiretapping law is being misused to file a wave of “predatory lawsuits” against companies over common website technologies. The Reform CIPA Coalition, which formally launched its campaign on April 6, now includes over 30 small businesses and nearly 40 organizations. The group is advocating for an amendment to the California Invasion of Privacy Act (CIPA), a law enacted in 1967, long before the existence of the commercial internet. The central issue is the application of this anti-wiretapping statute to modern website tools such as analytics cookies, tracking pixels, customer service chat functions, and session replay software. Plaintiffs’ attorneys argue that when a business uses these third-party tools to capture user interactions, it constitutes illegal eavesdropping under CIPA. This has led to an explosion of litigation in the state, with thousands of lawsuits and demand letters filed against businesses of all sizes. The coalition, whose members range from retail and hospitality groups to healthcare providers, non-profits, and churches, is backing the revival of Senate Bill 690. The bill, which was introduced last year, aims to modernize the state’s privacy framework by clarifying that standard digital marketing and analytics practices should be governed by contemporary laws like the California Consumer Privacy Act (CCPA), not by CIPA. “One of the best ways to celebrate and support small businesses this May is to protect them from frivolous lawsuits that threaten their ability to operate,” the coalition stated in a May 8 announcement. Proponents of the reform argue that the current legal climate forces businesses to defend against claims that were never envisioned when the original law was passed. SB 690 was paused last year and designated a “two-year bill,” making it eligible for consideration during the current legislative session. According to Fisher Phillips LLP, the bill stalled after opponents raised concerns that a proposed “commercial business purpose” exemption was overly broad and could potentially expose sensitive consumer data, such as health information, to third-party entities. This political friction was enough to halt its progress. The renewed push from the Reform CIPA Coalition is intended to build the political momentum needed to overcome that impasse. The group contends that the litigation trend is creating a significant economic drain, particularly for small and mid-sized companies that lack the resources for protracted legal battles. The statutory damages and low barrier for bringing claims have made these lawsuits a lucrative venture for plaintiffs' firms. “At a time when affordability is one of the biggest challenges facing California families and California is facing budget deficits, we should not allow predatory lawsuits to drive up costs,” said Robert Rivinius, President of the Family Business Association of California, in a statement. “Amending CIPA will protect consumers while stopping legal shakedowns that hurt small businesses and the communities they serve.” The coalition's argument is that the costs of litigation and settlements are ultimately passed on to consumers through higher prices for goods and services. They also warn that these legal challenges force businesses to cut staff, reduce community programs, and in some cases, cease operations, exacerbating the state's affordability crisis. This legislative effort represents one of the most significant organized attempts to bring clarity to a legally ambiguous and financially risky area for any organization with a public-facing website in California. The coalition frames the proposed reform not as a weakening of privacy, but as a necessary update to align the law with technological reality and protect legitimate business operations from opportunistic litigation. In our experience, the surge in CIPA-related demand letters has caught many small and mid-sized business owners completely by surprise. Most are using standard, off-the-shelf website tools for analytics or customer service and have no idea they could be exposed to claims of illegal wiretapping. The legal ambiguity creates a significant and often unbudgeted financial risk. While legislative reform like SB 690 is the ideal long-term solution, businesses cannot afford to simply wait and hope for a favorable outcome in Sacramento. Proactive measures are essential. We advise clients to conduct a thorough review of their website's third-party technologies and vendor contracts to understand exactly what data is being collected and shared. This is a critical exercise in financial risk management that can identify potential liabilities before a demand letter ever arrives. For businesses needing to assess and mitigate these specific digital risks, the team at C&S Finance Group LLC at csfinancegroup.com offers expert guidance. As the legislative session progresses, all eyes will be on whether the coalition's advocacy can successfully revive SB 690. The outcome of this effort will have significant implications for the legal and financial landscape for countless businesses operating online in California, potentially setting a precedent for how vintage laws are applied to modern technology.