Judge Dena Coggins of the Eastern District of California, dismissed a class action complaint alleging violations of the California Invasion of Privacy Act (CIPA) against a hospitality company.
The plaintiff, a California resident and Facebook user, alleged that her interactions with the company’s website—including browsing and booking hotel rooms—were intercepted by Meta via the Meta Pixel tool. She asserted that this interception included personal information and booking details, and that she did not consent to such data sharing.
CIPA Section 631(a)
The court found that the plaintiff failed to allege with sufficient specificity that the “contents” of her communications were intercepted, as required under CIPA and analogous federal law.
A violation of CIPA is analyzed under the same standards applied to a violation of the federal wiretap act, Electronic Communications Privacy Act (“ECPA”), 18 U.S.C § 2510 et seq.; Hammerling v. Google LLC, 615 F. Supp. 3d 1069, 1092 (N.D. Cal. 2022). The ECPA defines the term “contents” as “any information concerning the substance, purport, or meaning of that communication.” 18 U.S.C. § 2510. “Contents” means “the intended message conveyed by the communication” as opposed to “record information regarding the characteristics of the message that is generated in the course of the communication.” In re Zynga Priv. Litig., 750 F.3d 1098, 1106 (9th Cir. 2014); Yoon v. Lululemon USA, Inc., 549 F. Supp. 3d 1073, 1083 (C.D. Cal. 2021) (noting that Section 631(a) “protects only the internal, user-generated material of a message, not routine identifiers, whether automatically generated or not”). “Courts employ a contextual ‘case-specific’ analysis hinging on ‘how much information would be revealed’ by the information’s tracking and disclosure.” Hammerling, 615 F. Supp. 3d at 1092. While a URL that includes “basic identification and address information” is not “content,” a website “user’s request to a search engine for specific information could constitute a communication such that divulging a URL containing that search term to a third party could amount to disclosure of the contents of a communication.” Id. at 1108–09.
The court distinguished between “content” (the substance or meaning of a communication) and “record information” (such as names, addresses, or button clicks). The complaint only vaguely described the plaintiff’s website activity and did not specify what substantive information was allegedly intercepted. The court noted that routine identifiers and user actions like button clicks generally do not qualify as protected “content” under CIPA.
CIPA Section 632
The court also dismissed the claim under Section 632, finding that the plaintiff did not adequately allege her communications with the website were “confidential.” Courts generally require plaintiffs to show a reasonable expectation of privacy in online communications, which was not established here. The complaint lacked details about the nature of the information shared and did not demonstrate that the plaintiff’s interactions with the website were uniquely confidential or protected by law.
CHRISTINA KING, Plaintiff, v. HARD ROCK CAFE INTERNATIONAL (USA), INC., Defendant., No. 2:24-CV-01119-DC-CKD, 2025 WL 1635419, at *3-4 (E.D. Cal. June 9, 2025).
