Elk Grove plumber Belinda Gutierrez thought she was opening another bill when a lawsuit landed in her mailbox this spring. Instead, the envelope demanded up to $40,000 over alleged wiretapping tied to basic tools on her company’s website. She says she had never heard of the claim, much less imagined her small shop could be treated like a covert surveillance outfit. Her case is one of several that pushed lawmakers and business groups to the Capitol in search of a fix.
At the center of the fight is Sen. Anna Caballero’s SB 690, which would narrow the California Invasion of Privacy Act to exempt routine commercial website tools from criminal or civil penalties, as outlined in the bill text on Legislative Information. Supporters argue the change would shut down what they call predatory demand letters and lawsuits hitting Main Street retailers and small online sellers. The Sacramento Bee recently profiled Gutierrez and other owners swept up in the litigation wave.
Why lawmakers want a fix
Business groups and some legislators say an explosion of lawsuits has turned a 1960s wiretapping law into a weapon against ordinary web practices like pixels, chat widgets and analytics tools. More than 1,700 CIPA suits have been filed in recent years, according to Bloomberg Law. That tally, backers say, has fueled a cottage industry built on demand letters and quick settlements rather than full-blown trials.
Opponents warn the bill could gut privacy
Privacy advocates, consumer groups and civil-rights organizations see the same bill very differently. They have warned at Capitol hearings that a sweeping commercial carveout could invite companies to collect and share highly sensitive information with few real consequences. Witnesses, including Juana Chavez of the Dolores Huerta Foundation, argued the measure could expose searches about reproductive health, immigration status and other deeply personal topics, echoing concerns raised by groups such as Consumer Reports and the Electronic Frontier Foundation. Transcripts of the testimony are posted by CalMatters Digital Democracy.
Courts are already wrestling with CIPA
Judges have not exactly been thrilled to referee this fight. Federal courts have struggled to apply the statute’s mid-20th-century language to modern internet tools, with one Northern District judge bluntly calling CIPA “a total mess” and urging lawmakers to step in. Legal analysts point to Judge Vince Chhabria’s October 2025 order, which narrowed certain claims tied to advertising pixels and pushed for a limited reading of CIPA while the Legislature sorts out the bigger policy questions. Duane Morris LLP has summarized that ruling and what it means for both businesses and lawmakers.
What this means for businesses
CIPA packs a punch: it carries statutory damages of $5,000 per violation, and courts have held that plaintiffs can recover those damages even without showing actual economic loss. That risk has helped drive headline settlements, including a proposed $3.85 million deal over third-party trackers on the Los Angeles Times website, and it goes a long way toward explaining why many small operators choose to settle rather than roll the dice in court. See Cal. Penal Code §637.2 and the LA Times settlement site for case details.
What to watch next
SB 690 has passed the Senate but hit a rough patch in the Assembly, where opposition has left both the bill’s fate and the broader legal landscape uncertain. Until Sacramento either narrows CIPA or crafts new privacy rules, small businesses, large publishers and privacy advocates are likely to keep battling over who should shoulder the cost of policing web tracking. Legal alerts and legislative trackers, including those from Duane Morris LLP, show the bill has been placed on hold at times while both sides press for tweaks and safeguards.
