CIPA privacy lawsuits on the rise against small business website owners

California Invasion of Privacy Act (CIPA) requirements for website tracking

Written by John Sharkey

A seasoned website digital marketing expert, John has developed custom websites and digital marketing strategies for numerous businesses of varying sizes. Having an MBA, his expertise is rooted in meeting business needs through a customer-centred approach. He is especially enthusiastic in helping those trying to make a positive change in the world.

16 April, 2024

Follow us:

There’s an emerging issue in the web industry.

The California Invasion of Privacy Act, otherwise known as CIPA, is a 30-year-old privacy law originally intended to protect Californians from phone tracking software. However, this law is being reinterpreted to now apply to website owners, and there has recently been a significant jump in website-related CIPA lawsuits being issued to both large and small business owners.

What makes CIPA risky for businesses is that it allows California consumers to sue businesses directly for violations and obtain damages of $5,000 per violation (aka per site visitor whose rights were infringed upon). This law can apply to businesses formed outside of California, and the size of the business does not matter. I am a part of a small community of agency owners and several of them have already reported that they have a small business client who has already received this type of demand letter from a law firm.

My recommendation is to add up-to-date policies to your website and if needed an opt-in cookie consent (also known as a GDPR banner), to block third-party scripts (e.g. cookies and trackers) from loading until a website visitor has clicked ‘accept’, giving the website permission to use any respective third party technologies (analytics tools, video embeds, etc.).

I know cookie consent banners are not the most appealing feature to add to a website, but with lawsuits involved, my strong recommendation is to add this feature for compliance purposes.

Please note this is not legal advice, and you are welcome to share this post with your lawyer for their review.

There is more information about this in a recently updated article from our partner, Termageddon:
California Invasion of Privacy Act (CIPA) requirements for website tracking

If you need help ensuring your website complies with this and other global privacy policies, we can help you through our WordPress website maintenance services.


Want your website compliant with ever changing privacy policies?

You May Also Like…

Free guide!

Get free access to our Website Meeting Cheat Sheet

Arm yourself with insightful questions for your web developer. Our Website Meeting Cheat Sheet includes essential queries designed to help you transform your vision into a powerful online presence!

Pin It on Pinterest

Share This

Share this post!