About

California Amends SB 690 to Eliminate Commercial Business Exemption for CIPA

Published
Score
13

Why it matters

California has stripped a key business protection from Senate Bill 690, eliminating a "commercial business purpose" exemption that would have shielded companies from California Invasion of Privacy Act (CIPA) liability for standard tracking technologies. The California Senate unanimously passed the original bill on June 3, 2025, with the exemption intact, but the provision was removed before or during the amendment process. The bill now stalls in the Assembly as lawmakers reconsider the measure without this safeguard.

The amended bill's current language and the Assembly's timeline for reconsideration remain unclear. The original legislation was designed to take effect in January 2026 and would have applied only prospectively, not retroactively.

The stakes are substantial for defendants. CIPA's $5,000-per-violation statutory damages provision has fueled an explosion of class actions and pre-suit demand letters targeting companies for routine web activities. The eliminated exemption would have aligned CIPA more closely with the California Consumer Privacy Act (CCPA) by clarifying that commercial tracking fell outside CIPA's scope. Without it, businesses face continued uncertainty about whether ordinary online technologies expose them to liability. Counsel defending CIPA claims should monitor the Assembly's next move closely—the bill's fate will determine whether this litigation wave intensifies or recedes.

Sources

mail Subscribe to Privacy email updates

Primary sources. No fluff. Straight to your inbox.

Also on LawSnap