Practice intelligence Current as of Jun 20, 2026
OlenderFeldman

PracticeWeb Tracking

California CIPA extended to first-party pixel and session-replay tools by Court of Appeal

What the law is now

The California Invasion of Privacy Act, Penal Code section 631, prohibits wiretapping — the unauthorized interception of communications — without the consent of all parties. Prior to this decision, courts disagreed on whether embedding a third-party analytics pixel on a website constituted an "interception" under CIPA.

What just shifted

Shift us-ca Primary source

What this adds: The First Appellate District held that session-replay tools and first-party pixels that capture and transmit visitor keystrokes, clicks, and form input to a vendor in real time satisfy the "interception" element of CIPA section 631, even when the website operator contracted with the vendor and the data is used for analytics rather than surveillance.

What this puts in question: Whether standard cookie consent banners that do not specifically name the session-replay vendor or describe real-time interception of keystrokes and form data satisfy CIPA's all-party consent requirement.

What clients should weigh

·Does our website use session-replay tools (FullStory, Hotjar, Mouseflow, Salesforce Interaction Studio, or similar) or analytics pixels that capture keystrokes or form input from California visitors?
·Does our cookie consent banner specifically name each tool and describe what is captured in real time, or does it speak only generically about analytics cookies?
·Do we have written contracts with each analytics vendor that address who is the data collector and what liability allocation applies if the tool is found to intercept without adequate consent?
·This decision does not resolve what level of disclosure satisfies CIPA consent. Until the California Supreme Court or the legislature acts, operating any session-replay or keylogger-style tool on a California-facing site carries litigation exposure that no consent banner eliminates with certainty.
Yockey v. Salesforce, Inc., No. A168195 (Cal. Ct. App. Mar. 2026) ›

Watch for

· Petition for review to California Supreme Court, expected summer 2026

· Federal court split on whether CIPA has extraterritorial application

Ready to use

These are drafts. Edit before sending to a client.

Client alert

Draft — edit before sending to a client.

This corpus reflects one attorney's personal review. It is not a comprehensive survey. Verify scope and currency before relying on it for any matter.