As businesses get sued for wiretapping, California weighs changes to privacy law
When she was served with lawsuit papers, Belinda Gutierrez, the owner of Elk Grove Plumbing and Heating, had no idea what they could be about. She was confused even after reading the documents.
A man whose name she didn’t recognize was suing her business for wiretapping, Gutierrez said, among other privacy violations.
“They are demanding up to $40,000 in damages,” she said Tuesday, of the lawsuit she is still trying to settle. “We are not wiretappers. We are just plumbers.”
The man suing her alleged Gutierrez violated the California Invasion of Privacy Act, a law passed in 1967 that prohibits the interception or recording of private communications without consent. The man’s complaint seemed connected to her website — and she discovered he’d sued dozens of similar California businesses for allegedly violating the same law.
Gutierrez is one of several business leaders who gathered Tuesday to voice support for a bill written in response to these lawsuits, which have surged in the past few years. Senate Bill 690 would amend CIPA to exempt businesses from criminal or civil penalties if they collect certain data for a “commercial business purpose.”
Supporters say without it, small businesses are being targeted for the exchange of data that comes with having a website or the use of Google advertising. Opponents, including consumer attorneys, say it could have unintended consequences, and is the equivalent of “throwing the baby out with the bathwater.”
Concern over ‘frivolous lawsuits’
SB 690’s author state Sen. Anna Caballero, D-Merced, said the bill is necessary because trial lawyers are using CIPA to target small businesses for frivolous lawsuits. Plaintiffs can get $5,000 in civil damages for every CIPA violation recorded.
The law runs into a similar pattern as that faced by the Americans with Disabilities Act, whereby suits are often filed by repeat plaintiffs with the same attorneys. The man who sued Gutierrez, Jimmy Atteberry, has sued dozens of small businesses over the past few months for CIPA violations. Atteberry’s attorney, Yao Mou, did not respond to multiple requests for comment.
“We must protect consumer privacy, we must ensure our most private data remains private, but these CIPA lawsuits do nothing to increase consumer privacy protections,” Caballero said during a news conference Tuesday. “Instead, they are used to shake down businesses for a quick buck.”
Plus, she said, the landmark California Consumer Privacy Act, passed in 2018, ensures residents’ data is safe online. That bill allows internet users to see what is being collected about them, tell companies to delete it, and stop companies from selling or sharing their data.
Caballero’s bill was introduced last year, and although it passed out of the Senate and made headway in the Assembly, it faced opposition from privacy groups, consumer attorney groups, and advocacy groups like the Dolores Huerta Foundation and Asian Americans Advancing Justice. Among other things, advocates expressed concern the bill would allow companies to collect sensitive data about immigration status and reproductive health care sought, and then sell it to third parties and federal agencies.
“Since SB 690 is about letting companies and big tech spy on us and surveil us without almost any limits whatsoever, this bill is wrong, misguided, and extremely poorly drafted,” said Juana Chavez, Dolores Huerta’s daughter who testified in opposition to the bill.
An analysis drafted for the Assembly Public Safety Committee found that the CCPA would not be a comprehensive shield if CIPA was removed.
“While the CCPA may provide a remedy in some cases, it may not provide remedies in others,” wrote analyst Kimberly Horiuchi.
Currently, judges in California courts are responsible for deciphering the nuances of California’s Invasion of Privacy law. In March 2024, The Los Angeles Times was hit with a CIPA lawsuit for allegedly using trackers to collect information from website visitors without their consent. The Times has agreed to pay $3.85 million as part of a class action settlement.
In an October 2025 order, U.S. District Court Judge Vince Chhabria sided with the business being sued, writing that the language of CIPA is “a total mess.”
“It was a mess from the get-go, but the mess gets bigger and bigger as the world continues to change and as courts are called upon to apply CIPA’s already-obtuse language to new technologies,” he wrote.
He called on courts to interpret the statute narrowly, and for lawmakers to take action too.
“Hopefully, the Legislature will go back to the drawing board on CIPA. Indeed, it would probably be best to erase the board entirely and start writing something new.”
