Just in time for the holidays, the plaintiffs’ bar has gifted the business community with yet another newly minted privacy litigation theory, once again seeking to stretch the scope and applicability of the California Invasion of Privacy Act (CIPA), a 1967 privacy law.

Over the last year, plaintiffs have introduced multiple novel theories for civil liability under CIPA based on businesses’ use of commonplace internet technologies. The initial three waves of cases have asserted three main legal theories: (1) that website chatbots managed by third-party vendors are intercepting the contents of consumer communications; (2) that the internet technology illegally eavesdrops upon and wiretaps website consumers; and (3) that online targeted advertising technology reveals the identity of anonymous consumers and thus constitutes illegal “doxing.”