The New Frontier of Privacy Litigation
CLE
J. Colin Knisely
Duane Morris LLP
Michael S. Zullo
Duane Morris LLP
The New Frontier of Privacy Litigation
Tracking technologies, such as advertising pixels, session replay tools and AI-powered chat widgets, are now the centerpiece of a wave of privacy class action lawsuits carrying statutory damages of thousands of dollars per violation, often without proof of actual harm. This program gives counsel a practical understanding of how these technologies work, why they generate legal exposure, and how to defend against the claims they attract.
The presenters will cover the technologies plaintiffs target most and map them to the legal theories driving current litigation, including CIPA, VPPA, and state wiretap analogs. The program also addresses FTC and HHS enforcement, the state privacy law landscape, and a practical defense playbook covering litigation strategy, consent architecture, and compliance triage.
Topics covered include:
Agenda:
Read More
›
- Overview of the Tech Plaintiffs Target
- How modern web tracking technologies work and why they generate legal exposure
- Advertising pixels: Meta Pixel, LinkedIn Insight Tag, TikTok Pixel — what they capture and where the data goes
- Session replay tools (FullStory, Hotjar, Microsoft Clarity) — recording clicks, keystrokes, and form inputs in real time
- Chat widgets and AI assistants — how customer conversations are routed through third-party vendors
- How data brokers use identity matching to link anonymous browsing to real consumer profiles
- Litigation Theories & Trends
- Current privacy class action landscape: volume, targets, and plaintiff strategies
- Mapping technology to claims
- CIPA §631 — California wiretap theories applied to pixels and session replay
- Pen register and trap-and-trace claims — pixels as digital surveillance devices
- VPPA revival — video pixels, newsletter subscribers, and the “consumer” expansion
- WESCA and state wiretap analogs
- High-risk sectors: healthcare (HIPAA/HHS/OCR pixel guidance and FTC overlap) and financial services
- The plaintiff’s pipeline: automated scanning, demand letters, and arbitration or class action filing
- How statutory damages ($5,000/violation under CIPA) create leverage without requiring proof of harm
- Regulators & Rules
- FTC enforcement priorities: GoodRx, BetterHelp, and the focus on sensitive data sharing with ad networks
- State privacy law landscape: CPRA, Colorado Privacy Act, Texas Data Privacy Act, and emerging legislation
- Universal opt-out signals and Global Privacy Control (GPC) compliance obligations
- California Delete Act and the data broker registry framework
- CPPA and state AG enforcement trends
- Defense Playbook & Compliance Strategy
- Core litigation defenses
- Party exception — when does the website operator qualify as a party to the communication?
- “No interception” arguments — contemporaneous transmission vs. stored data
- Vendor-as-agent theory and defeating third-party claims
- Class certification challenges — consent differences and individualized exposure issues
- First 72 hours after a complaint: preserving HAR files, configurations, and vendor contracts
- Settlement strategy: when to resolve early and how to assess leverage
- Building a defensible compliance program
- Consent management platforms — blocking tracking before consent is given
- Vendor governance: data processing agreements, audit rights, and indemnification
- Data minimization: excluding sensitive URLs and limiting form field capture
- Questions & Answers (As Time Permits)
Duration of this webinar:
60 minutes
Originally broadcast:
April 28, 2026 10:00 AM PT
Webinar Highlights
This webinar is divided into section summaries, which you can scan for key points and then dive into the sections that interest you the most.
The webinar will discuss how old statutes are being used to create new legal theories with significant exposure for companies. The speakers, Colin and Michael, draw parallels between privacy litigation and ADA website accessibility claims, highlighting the ambiguity and grayness in the law. They explain how plaintiffs exploit these ambiguities to file numerous lawsuits, often using tracking technology as a basis for privacy invasion claims. The discussion includes the potential for significant penalties under statutes like CIPA, which can escalate exposure quickly for companies. The speakers highlight the tension between sales and marketing goals and legal compliance, emphasizing the role of technology in data collection and targeted advertising.
The speakers delve into the technical aspects of web tracking technologies and their implications for privacy litigation. They explain how demand letters often challenge companies on data storage, practices, and policies, leading to potential class action filings. Colin and Michael discuss the role of pixels and scripts in intercepting user interactions and transmitting data to third parties. They highlight the importance of understanding vendor roles and the potential for litigation based on how data is used and stored. The discussion covers the triggers for privacy lawsuits, such as sensitive URLs, form field capture, and pre-consent firing of tracking technologies.
The speakers discuss the legal theories and defenses related to privacy litigation, focusing on statutes like CIPA and the Federal Wiretap Act. They explain the significant risks posed by statutory penalties and the lack of a harm requirement for establishing violations. They discuss the evolving landscape of privacy litigation, noting the spread of cases beyond California to other states like Florida. The speakers mention legislative attempts to amend statutes like CIPA and the ongoing pressure from privacy advocates and businesses. Colin and Michael explain the party exemption defense and the role of third parties in determining violations.
Colin and Michael highlight the importance of keeping privacy policies updated to comply with evolving state laws and regulatory requirements. The speakers discuss the role of state regulators and the FTC in enforcing privacy laws, particularly concerning sensitive data. They emphasize the need for companies to align their disclosures with actual practices to avoid regulatory scrutiny. The discussion includes the importance of understanding the regulatory landscape and the potential for coordinated multi-state activities.
Please note this AI-generated summary provides a general overview of the webinar but may not capture all details, nuances, or the exact words of the speaker. For complete accuracy, please refer to the original webinar recording.
Speakers
J. Colin Knisely
Partner
Duane Morris LLP
Duane Morris LLP
J. Colin Knisely concentrates his practice in the areas of commercial litigation, including class action litigation arising out of state and federal privacy laws, and regularly counsels clients in the complex areas of privacy, cybersecurity, ransomware attacks and data breach response. Mr. Knisely also represents clients on claims concerning accessibility of their public facing websites, and frequently consultants with clients regarding compliance with the Web Content Accessibility Guidelines (WCAG), the Americans with Disabilities Act (ADA), and various state and local accessibility laws and regulations. Read More ›
Michael S. Zullo
Partner
Duane Morris LLP
Duane Morris LLP
Michael S. Zullo serves as a team lead for the firm's Banking and Finance industry group. Mr. Zullo has been representing banks and other financial institutions in all manner of litigation for almost 20 years. He has appeared before federal and state courts nationwide and has a proven track record of success in the courtroom. He has also resolved hundreds of matters outside of the courtroom, employing a practical, problem-solving approach that puts client goals first. Mr. Zullo draws on his years of experience working closely with both the former general counsel and head of litigation of a large publicly traded bank to manage client risks and present pragmatic and business-minded solutions. Read More ›
Continuing Legal Education (CLE) Credits
*CLE credit is only available to Justia Connect Pros. Not a Pro? Upgrade today>>
Alaska CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: April 27, 2031
California CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: June 30, 2026
Hawaii CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: April 27, 2028
Illinois CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: May 3, 2028
New Jersey CLE
Status: Approved
Credits: 1.20 General
Earn Credit Until: April 27, 2027
North Carolina CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: February 28, 2027
Ohio CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: December 31, 2026
Pennsylvania CLE
Status: Approved
Credits: 1.00 Substantive Law, Practice, and Procedure
Earn Credit Until: April 27, 2028
Texas CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: March 31, 2027
Vermont CLE
Status: Approved
Credits: 1.00 General
Earn Credit Until: April 28, 2031
This presentation is approved for one hour of General CLE credit in Alaska, one hour of General CLE credit in California, one hour of General CLE credit in Hawaii, one hour of General CLE credit in Illinois, one hour of General CLE credit in North Carolina, one hour of General CLE credit in Ohio, one hour of Substantive Law, Practice, and Procedure CLE credit in Pennsylvania, and one hour of General CLE credit in Vermont. This program has been approved by the Board on Continuing Legal Education of the Supreme Court of New Jersey for 1.20 hours of total CLE credit. This course has been approved for Minimum Continuing Legal Education credit by the State Bar of Texas Committee on MCLE in the amount of 1.00 credit hours.
Justia only reports attendance in jurisdictions in which a particular Justia CLE Webinar is officially accredited. Lawyers may need to self-submit their certificates for CLE credit in jurisdictions not listed above.
Note that CLE credit, including partial credit, cannot be earned outside of the relevant accreditation period. To earn credit for a course, a lawyer must watch the entire course within the relevant accreditation period. Lawyers who have viewed a presentation multiple times may not be able to claim credit in their jurisdiction more than once. Justia reserves the right, at its discretion, to grant an attendee partial or no credit, in accordance with viewing duration and other methods of verifying course completion.
At this time, Justia only offers CLE courses officially accredited in certain states. Lawyers may generate a generic attendance certificate to self-submit credit in their own jurisdiction, but Justia does not guarantee that lawyers will receive their desired CLE credit through the self-submission or reciprocity process.
Looking for CLE credit?
Visit CLE Dashboard
Watch Related Videos
CLE
Charles Scrimalli
Bull Blockchain Law, LLP
Blockchain and Smart Contracts
The Impact on Your Legal Practice, Startups, and the World (2026 Edition)
Watch Now
Become a Member to Watch This Webinar
* CLE credit is only available to Justia Connect Pro members.
Free Justia Connect Memberships are available to lawyers, other legal professionals, students, and all law enthusiasts.
Log In NowNot a Member? Get Connected for Free
* CLE credit is only available to Justia Connect Pro members.
CLE
Eran Kahana
Maslon LLP
Cybersecurity & AI Governance Assessments
Privacy Compliance Under the CCPA & Beyond
Watch Now
Become a Member to Watch This Webinar
* CLE credit is only available to Justia Connect Pro members.
Free Justia Connect Memberships are available to lawyers, other legal professionals, students, and all law enthusiasts.
Log In NowNot a Member? Get Connected for Free
* CLE credit is only available to Justia Connect Pro members.
