We have been writing about the California Invasion of Privacy Act (CIPA) for a while now (and, earlier this year, we predicted this law would continue to be a major issue in 2026).

From demand letters flooding our clients’ inboxes to the wave of litigation targeting standard website tracking tools, this 1967 wiretapping statute has proven uniquely susceptible to claims that bear little resemblance to the covert surveillance it was designed to prevent. On July 1, 2026, the California Assembly Committee on Privacy and Consumer Protection passed an amended version of Senate Bill 690, and the result is both encouraging and incomplete.

Continue Reading California Legislature Takes Aim at CIPA Abuse

The California Information Privacy Act (CIPA) has become a go‑to vehicle for plaintiffs’ counsel attacking website tracking technologies, such as cookies, pixels, beacons, chat bots, and video or session replay tools.

Over the last few years, website operators have been hit with a wave of demand letters claiming CIPA violations. But the tide may be shifting – marking smoother sailing for website operators. A recent decision from a California court narrows CIPA to telephonic communications and significantly undercuts the viability of CIPA claims against commercial websites.

Continue Reading Changing Tides: A Los Angeles Court Delivers a Major CIPA Defense Win

As previously reported, states such as California, Louisiana, Texas and Utah have adopted App Store Accountability (ASA) Laws. These new laws require app store operators (e.g., Apple and Google) along with app developers (i.e., the business that owns the app) to implement safeguards for age verification. While these laws are framed as child-protection measures, their impact is universal. Every app must comply, regardless of its audience. For businesses, meeting the requirements outlined in ASA Laws is mandatory for apps to remain available for download.

Louisiana, Texas and Utah’s laws are similar and take effect at various points in 2026, while California’s Digital Age Assurance Act (CA ASA Law) is unique and takes effect January 1, 2027. This is what businesses should know about the unique features of the CA ASA Law.

Continue Reading A Deeper Dive Into California’s App Store Accountability Law

Under newly implemented regulations of the California Consumer Privacy Act (CCPA), California now requires a formal risk assessment “before initiating any processing activity” of certain (sensitive) sorts. The regulation explicitly contemplates that businesses will complete risk assessments now, in 2026.

Eventually, such risk assessments – including those completed this year – must be signed by an executive and submitted to the California regulator under penalty of perjury.

Continue Reading New CCPA Risk Assessment Requirements Now In Effect

State regulators are increasingly prioritizing children’s data privacy. These efforts follow several changes to protect children’s online privacy at the federal level. One of the latest sweep of changes involve several states (e.g., California, Louisiana, Texas and Utah) imposing app store accountability laws (ASA Laws).

These new laws require app store operators (e.g., Apple and Google) along with app developers to implement safeguards for age verification, age rating, parental consent and data minimization. While the aim of these laws is to protect children, the obligations imposed on businesses apply broadly, regardless of the age of an app’s users. For businesses with mobile apps, these safeguards are not optional. They are mandatory to keep  apps available for download.

While the ASA Laws slightly vary in their respective requirements, a general overview of what businesses should know is below.

Continue Reading New App Store Accountability Laws in 2026: If Your Business Has an App, Read On

An ongoing issue many of our clients are dealing with are claims under the California Information Privacy Act (CIPA). This is actually a criminal statute and should not be confused with the California Consumer Privacy Act (CCPA).

A cottage industry of California plaintiffs’ firms are sending demand letters, filing suits, and initiating arbitrations for alleged CIPA violations. Here at Taft, we are seeing 1-2 new claims a week.

Continue Reading What to Know: Your Company Website and the California Information Privacy Act

On July 24, 2025, the California Privacy Protection Agency (CPPA) approved a sweeping set of amendments to the California Consumer Privacy Act (CCPA) regulations. These updates introduce new compliance obligations for businesses around automated decision making, cybersecurity audits, risk assessments, and more.

Below, we discuss some of these new requirements.

Continue Reading California Finalizes Major CCPA Amendments

On July 1, 2025, the California Attorney General, Rob Bonta, announced that the California Privacy Protection Agency (CPPA) entered into a settlement with Healthline Media LLC (Healthline), which included a fine of $1,550,000, the largest fine by the CPPA to date, for various alleged violations of the California Consumer Privacy Act (CCPA). This settlement and fine follow the CCPA’s $632,500 fine against American Honda Motor Co. in March of this year. These actions continue to show California’s increased focus on CCPA enforcement.

Per the announcement, Healthline.com is a health and wellness information website that is one of the top 40 most visited websites in the world and generates revenue by showing advertisements on the website.

Continue Reading California Privacy Enforcement Continues: CPPA’s Largest Fine To Date

The California Privacy Protection Agency (“CPPA”) recently issued a decision requiring American Honda Motor Co. to pay a $632,500 fine and change certain business practices related to alleged violations under the California Consumer Privacy Act (“CCPA”). While not specifically related to connected vehicles, this decision comes after the CPPA’s announcement in 2023 that it would be focusing on connected vehicle manufacturers’ compliance with the CCPA.

Continue Reading California Privacy Enforcement Update: Verifying Consumer Requests and Banners Must Be Symmetrical