While we like to focus on the positive, sometimes we gotta call out the shenanigans. Every year in the State Legislature, one proposal among the 3,000 that get offered stands out as an especially egregious affront to privacy rights. In 2025, that bill is Senate Bill 690.
SB 690, a proposal from Salinas senator Anna Caballero, purports to modernize the state’s 1974 wiretapping law, the California Invasion of Privacy Act, by exempting all commercial businesses from accountability for deceptive online surveillance. CIPA, a law you probably haven’t heard of, provides a right of action to sue companies when they install invasive trackers without consent and track online activity for sale to data brokerages.
While you may not have heard of CIPA, you have heard of the lawsuits filed using CIPA which have included Brown v. Google on tracking in Incognito mode in Google Chrome, Facebook v. ITL, on Facebook continuing to track users across the web after they had logged out of the program, and our own Katz-Lacabe v. Oracle, on third party tracking. These seminal class-actions not only settled for payouts, but they changed how Big Tech companies do business.
Current CIPA cases are underway against Amazon and LiveRamp, unless SB 690 stops them in their tracks in one of the most crass give-aways to Big Tech and surveillance capitalism that we’ve ever seen.
Why is this happening? According to author Caballero, there are two reasons. The first rationale is that one privacy law is enough and the CA Privacy Rights Act (CPRA) is sufficient. Except that it is not. The CPRA only addresses the selling and sharing of information and a consent mechanism. If consent was never requested, then the behavior lies outside the bounds of CPRA, which in any case is only enforced by agencies, not by impacted users. Consumers, unfortunately, do not have enforcement rights under CPRA, just the ability to complain. And for some offenses, that is not enough.
The second rationale for gutting the CA Invasion of Privacy Act is to protect small businesses and newspapers, some of whom have been sued under CIPA for collecting IP addresses. While these lawsuits are often thrown out of court, the Consumer Attorneys of California has already proposed amendments to protect small businesses while leaving CIPA intact for Big Tech giants and data brokerages. The amendments have been rejected because the intent is a Big Tech get-out-of-jail free card.
What can you do? Senate Bill 690 will shortly enter the second half of the legislative process in the Assembly and that is where we need to stop it.
1. If you belong to an organization, ask them to sign the coalition letter in opposition to SB 690 and protect the consumer right of redress against invasive online tracking without consent.
Letter and sign-on link: https://docs.google.com/forms/d/e/1FAIpQLSceSO0KqSdrJ9YcpDTFqxMu5sr709x2AVoDOTD5NCX0VV4Buw/viewform
2. Send an email to your CA assembly representative telling them not to vote for taking away your right to redress for tracking without consent. Every assembly member has a website with a contact form to send them a note.
Patrick Ahrens – Santa Clara County
Anamarie Àvila Farías – Contra Costa County
Rebecca Bauer-Kahan – Contra Costa County
Marc Berman – Santa Clara and San Mateo County
Mia Bonta – Alameda County
Damon Connolly – Marin County
Matt Haney – San Francisco
Ash Kalra – Santa Clara
Alex Lee – Santa Clara and Alameda County
Liz Ortega – Alameda County
Diane Papan – San Mateo County
Catherine Stefani – San Francisco
Buffy Wicks – Alameda County
Lori Wilson – Solano County
For other parts of the state of California, identify your representative here.