“Session replay” software is one of many website analytics tools targeted in wiretapping suits under the California Invasion of Privacy Act (“CIPA”).  Last month, a California federal court confirmed one of the many reasons why the use of this software does not violate CIPA section 631: A defendant cannot “read” (or attempt to read) session replay data “in transit,” as CIPA requires, because “events recorded by” this software “do not become readable content until after they are stored and reassembled into a session replay.”  Torres v. Prudential Financial, Inc., 2025 WL 1135088 (N.D. Cal. Apr. 17, 2025). 

Plaintiffs in this case filled out an online form on Prudential’s website to obtain a life insurance quote.  This online form allegedly incorporated a vendor’s “session replay” software to capture data about website visitors’ interactions with the form “for the purpose of later reassembling a session replay”—in other words, “a recreation of the events that took place on the webform.”  Plaintiffs claimed this violated CIPA section 631, based on the theory that the session replay vendor (ActiveProspect) wiretapped their communications with Prudential’s website, and Prudential aided and abetted the alleged wiretapping.  After the Court granted class certification, Defendants Prudential and ActiveProspect moved for summary judgment.

The Court granted summary judgment in Defendants’ favor because “nothing in the record plausibly indicates that ActiveProspect reads or attempts to read the contents of the communication while they are in transit,” as CIPA section 631 requires.  “[R]eading requires an attempt to understand the substantive meaning of a communication,” which ActiveProspect could not do while the captured data was “in transit.”  As the Court explained, data captured using the session replay software “cannot be meaningfully read or understood until later,” when “a session replay is reassembled.”  In granting summary judgment, the Court rejected an interpretation of “in transit” that “encompass[es] any hypothetical future attempt to read” the data, because “it would stretch CIPA’s statutory language too far.”

Tags: CIPA, Wiretap Litigation
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer…

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.

Read more about Kathryn CahoyEmail
Show more Show less
Photo of Matthew Verdin Matthew Verdin

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in…

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in securing dismissals at the pleadings stage. For example, he won dismissal at the pleadings stage of over a dozen wiretapping class actions involving the alleged use of website analytics tools to collect data about users’ website visits. He also advises companies on managing litigation risk under federal and state wiretapping laws.

Matthew is also dedicated to pro bono legal services. Recently, he helped a domestic violence survivor win a case in the California Court of Appeal. Matthew’s oral argument led to the court ordering renewal of his client’s restraining order just one day later.

Read more about Matthew VerdinEmail
Show more Show less
Wentao Yang

Wentao Yang is an associate in the Washington, DC office. He is a member of the White Collar Defense and Investigations and Transportation Practice Groups.

Wentao maintains an active pro bono practice, with experience in the areas of immigration and criminal justice.

Read more about Wentao YangEmail