On November 21, 2025, the Superior Court of California issued a significant ruling in a case involving alleged violations of the California Trap and Trace Law (Penal Code section 638.51). Plaintiff claims that a home furnishings website operator installed TikTok software on its site, enabling the collection of extensive user data—including device and browser information, geographic location, referral and URL tracking, and personal details such as name and address—without obtaining proper user consent. Plaintiff alleges that all collected data was transmitted to TikTok, and that this process constituted a violation of California’s privacy statutes.
Legal Arguments and Court’s Analysis
Defendant sought to dismiss the case by filing a demurrer, arguing that the complaint failed to state facts sufficient to constitute a cause of action. Key arguments included: (1) the plaintiff did not allege that information specifically tied to him was collected; (2) the Trap and Trace Law applies only to telephone communications, not websites; (3) the TikTok software does not qualify as a “trap and trace device”; and (4) defendant is exempt as a provider of electronic communication services.
The court, however, found the complaint sufficient under California pleading standards. It held that plaintiff adequately alleged the collection of his information and that the statutory definition of “electronic communication” is not limited to telephone communications. The court also determined that the complaint plausibly alleged the TikTok software functioned as a trap and trace device by capturing identifying information about website users. Furthermore, the court found that the statutory exemption for service providers did not apply, as the alleged data collection was not limited to operating, maintaining, or testing the website.
Santoro v. Lulu & Georgia, Inc., No. 25STCV11722, 2025 WL 4087890 (Cal.Super. Nov. 21, 2025).
