Skip to main content
Advertisement
Coffee
Local News ad
Local News

Your Website Could Cost You $5,000 Per Click: Sacramento Businesses Under Legal Siege

Andrew JohnsonAuthor
Published
Reading time2 min
Share:

When Tami Goldsmith’s lawyer called in February with a question about whether she was sitting down, the Folsom Lake Heating&Air owner braced for catastrophe. A system explosion? A customer injury? No—her business was being sued over her website.

The lawsuit cited the California Invasion of Privacy Act, or CIPA, seeking $5,000 per visitor to her site. Goldsmith’s crime: using standard website analytics, the same tracking tools that Google, Meta, and virtually every other online business relies on. She wasn’t alone. Element Electric owner Gytahnna Loffgren received a similar notice in May, along with thousands of other small business owners across California facing what amounts to a legal shakedown.

Here’s where it gets complicated. CIPA was originally written in 1967 to criminalize wiretapping. But over the decades, it’s been stretched to cover digital privacy violations—and unlike the California Consumer Privacy Act (CCPA) passed in 2018, CIPA allows individuals to sue for damages. That asymmetry has created a perfect storm: law firms armed with AI-generated demand letters are systematically suing small businesses over analytics practices they don’t even realize are legally questionable.

According to Jim Monegal, a lawyer at Mullen Coughlin who’s represented over 500 defendants in CIPA cases, his clients are flying blind.“No one knows what they’re doing wrong, how to follow the law,”he said.“We don’t even know what the law says in this regard of what we can and can’t do.”The lawsuits really took off in 2022, and the math is irresistible for plaintiffs’attorneys: minimal investment, automated letters, and settlements that make it worth the effort.

But privacy advocates aren’t celebrating. Tracy Rosenberg from Oakland Privacy worries that stripping CIPA’s teeth entirely would protect the real villains—Meta, Google, and Oracle—who’ve been caught selling user data without consent. She points to the Flo menstrual tracking app lawsuit, where CIPA was the only weapon women had to fight back against companies profiting off their most intimate data. The solution, she argues, isn’t to exempt all business activity; it’s to protect small operators below a certain size while keeping the law’s teeth intact for corporate offenders.

That’s what SB 690 proposes—exempting tracking done for“commercial business purpose.”It’s gained support from business groups and attorneys, but privacy advocates see it as a Trojan horse for Big Tech. Meanwhile, Sacramento’s small business owners are left wondering why they’re the ones in the crosshairs while Amazon’s algorithm tracks them relentlessly, legal consequence-free.

About the Author

Andrew Johnson

Andrew Johnson is a contributor to LocalBeat, covering local news and community stories.

Share:

Related Stories

Local News ad