On February 17, 2026, Judge Janis L. Sammartino, in the Southern District of California, denied a motion to dismiss a class action complaint alleging that defendant’s use of third-party tracking technology violates the California Invasion of Privacy Act (“CIPA”).
Background
Plaintiff alleged that when users access defendant’s site a third-party tracking tool provided by LiveRamp was installed on visitors’ browsers to capture their IP addresses and place cookies that enable ongoing tracking and personalized advertising. Plaintiff brought claims under CIPA Section 638.51, which prohibits the use of pen registers without prior consent or court order.
The Court’s Ruling
Defendant raised five arguments in support of dismissal, each of which the court rejected.
Third-Party Trackers Can Qualify as Pen Registers. Defendant argued the LiveRamp tracker does not qualify as a pen register because it captures incoming user data rather than outgoing addressing information. The court disagreed, holding that the statutory definition of a pen register is “technology-neutral” and is “not particularly sensitive to the semantic distinction” between outgoing and incoming data. The court noted that “most cases in this and other districts have also recognized that website-based trackers can plausibly constitute a pen register.”
No Requirement to Allege “Substantive” Communication Content. Defendant contended that plaintiff must allege he engaged in a communication involving “substantive content.” The court found this argument conflated the requirements of CIPA’s wiretapping statute (Section 631) with those of the pen register statute (Section 638.51), and declined to impose an additional pleading requirement not found in the statute.
Website Operators Are Not Exempt as Parties to the Communication. Defendant argued it was exempt from liability because it was a party to the communication with users. The court rejected this argument, finding that defendant “affirmatively embedded third-party trackers that recorded and transmitted users’ identifying information to outside entities for profiling and advertising purposes”—conduct distinct from simply receiving IP addresses in an ordinary online exchange.
CIPA Applies Beyond Person-to-Person Communications. Defendant argued that CIPA’s pen register provisions only apply to communications between people, not to website visits. The court disagreed, noting that “d]efendants’ reliance on these sources is understandable as the case law is not in Defendants’ favor. Indeed, it uniformly supports the opposite outcome.”
Rule of Lenity Does Not Apply. Finally, Defendant argued the rule of lenity required a narrow interpretation of the statute. The court found no ambiguity in the statute’s application to these facts, following numerous other courts that have rejected the same argument.
DOMINIQUE NELSON, v. REDDIT, INC., No. 25-CV-1470 JLS (AHG), 2026 WL 445627 (S.D. Cal. Feb. 17, 2026).
