Skip to Main Content

Parker Poe

Keeping you informed

Is Relief in Sight for Companies on 'Pixel-Tracking' Lawsuits After California Legislators Introduce Bill?

    Client Alerts
  • September 02, 2025

Though recently stalled, California legislators have been taking steps over the past few months to address the surge of "pixel-tracking" lawsuits impacting businesses. Introduced in February 2025, Senate Bill 690 (SB 690) proposes to amend the state’s wiretapping law, the California Invasion of Privacy Act (CIPA), to exempt routine online tracking tools (like website cookies and analytics pixels) when used "for a commercial business purpose." The bill, which won’t be reconsidered by legislators until next year, defines a commercial business purpose as the processing of personal information either performed to further a business purpose or subject to a consumer’s opt-out rights. Borrowing from section 1798 of the California Consumer Privacy Act (CCPA), a "business purpose" refers to the use of personal information for the operational purposes of a business. This includes providing advertising and marketing services, but excludes cross-contextual behavioral advertising.

In short, if a company collects or shares a user’s personal information in furtherance of their business operation and in compliance with the CCPA, SB 690 protects that activity from being considered illegal eavesdropping under CIPA.

Lawmakers introduced the bill in response to a recent wave of class action lawsuits accusing companies of unlawfully intercepting users' communications through the use of tracking pixels and subsequently sharing that data with third-party services without the user’s consent. If enacted, the bill would significantly mitigate CIPA litigation risk for companies. However, the amendment does not completely eliminate the risk of pixel litigation. Some plaintiffs have adjusted their claims to the CCPA’s private right of action, which was expanded by the U.S. District Court for the Northern District of California in Shah v. Capital One Financial Corp. There the court noted that liability under the CCPA could arise from standard tracking activities, even in the absence of a conventional data breach. For more information regarding the Shah decision, click here to read our previous client alert.

SB 690 unanimously passed the California Senate in June and has been referred to a committee in the California Assembly but can’t be reconsidered until 2026. That means, if passed, the bill likely cannot take effect until at least 2027. While the bill is pending, companies could see a spike in lawsuits related to pixels as plaintiffs' lawyers in California rush to file under the current privacy act.[RGC1]

Potential Considerations for Businesses if SB 690 Passes

  • No Relief for Existing Suits: Even if the bill passes, companies already involved in CIPA "pixel" litigation likely will not see those cases disappear. Therefore, companies should still manage ongoing cases and ensure compliance with the current interpretation of CIPA to prevent last minute claims before SB 690 goes into effect.
     
  • Cookie Banners Remain Important: SB 690 does not excuse compliance with other privacy obligations. The safe harbor applies only if a company processes data in line with the CCPA/CPRA (such as honoring "do not sell or share" requests, providing proper privacy notices). If businesses fail to meet those requirements, they could lose the exemption’s protection and face lawsuits under different laws. The Shah decision emphasizes that the presence of a cookie banner, which requires users to accept or decline tracking, can serve as a strong defense against future litigation. Therefore, even with SB 690, businesses should continue using cookie banners to increase transparency with consumers while simultaneously reducing liability.

Recommended Actions for Businesses

  • Audit Privacy Practices:
     
    • Inventory of all tracking technologies in-use on your websites and mobile apps.
       
    • Document the data collected by each technology, including the purpose for which it is collected, and how it moves through the system.
       
    • Verify that policies and notices clearly and accurately disclose all cookies, chatbots, and analytics in-use.
       
    • Ensure platforms provide consumers with the necessary opt-out options as required under the CCPA and confirm third-party vendors are honoring those opt-outs.
       
  • Maintain Transparency:
     
    • Explore implementing preference centers or consent banners for non-essential trackers. Although not required for compliance with CCPA, clear notice can help avoid user frustration and demonstrate a commitment to consumer data privacy.
       
  • Design a Flexible Privacy Plan:
     
    • Assess the legal environment in the states where your business operates and monitor legislative developments to identify other states that may adopt similar measures as California.
       
    • Consider configuring your website to disable certain tracking features for users in high-risk jurisdictions.

In conclusion, SB 690 proposes to nullify a major source of "pixel" litigation but does not eliminate all possible causes of action for plaintiffs. Companies should maintain high transparency and continue adhering to privacy compliance standards to reduce any remaining risks.

For more information, please contact us or your regular Parker Poe contact. Click here to subscribe to our latest alerts and insights.

×
By using this website, you agree to our use of cookies.