Core events/developments: Courts diverged on ECPA’s crime-tort exception “purpose” requirement and applied it beyond healthcare; contradictory privacy policy statements defeated consent defenses despite tracking disclosures (e.g., Northern District of California ruling on March 27 against a defendant sharing individualized data); courts guided enforceable website consent designs (font size, contrast, button proximity); three courts permitted general negligence claims but dismissed negligence per se.[1][5]
Involved parties/legislation: Unnamed defendants in tracking/wiretapping suits (e.g., PHH Mortgage in related CCPA case); plaintiffs alleging unauthorized data collection; key laws include ECPA, California Invasion of Privacy Act (CIPA), Video Privacy Protection Act (VPPA), and CCPA; Troutman Pepper Locke authored the analysis; no specific agencies named.[1][3][10]
Context/timeline: These rulings follow rising tracking tech lawsuits since 2024-2025, building on February 2026 precedents grappling with CIPA delays, VPPA splits, and “broken banner” claims; March decisions refine pleading-stage defenses amid surging wiretap and negligence suits.[1][3] Released April 8, 2026, the report highlights trends two days before today.[1]
Newsworthy now: Provides urgent guidance for companies drafting policies, designing consent flows, and litigating ECPA exceptions amid docket-flooding privacy suits; signals risks from policy inconsistencies and design flaws, influencing defenses in ongoing cases.[1][5][10]