In this Consumer Counterpoint Quick Take episode, we discuss the Illinois Appellate Court’s recent decision in Salinas, et al. v. Surestaff, LLC, et al., 2026 IL App (3d) 250239, which is a significant win for defendants navigating Illinois Biometric Information Privacy Act (BIPA) litigation. The Third District Appellate Court affirmed summary judgment for the staffing‑agency defendants, holding that ministerial involvement with a biometric timeclock system is not enough to establish a Section 15(b) violation. The court emphasized that BIPA liability requires actual acquisition or control of biometric data, not merely proximity to or facilitation of another entity’s collection. By rejecting plaintiffs’ “conduit” theory and reaffirming that Section 15(b) applies only when a defendant collects, captures, receives, or otherwise obtains biometric information, the Court reinforced an important limiting principle—one that curbs expansive theories seeking to rope peripheral actors into BIPA suits. For companies that interact with biometric systems but do not access or control biometric data, this decision provides meaningful clarity and a much‑needed guardrail against overbroad liability.

Watch The Quick Take Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

In this Quick Take Episode, we discuss the Supreme Court’s recent grant of certiorari on a Sixth Circuit decision holding that an individual who subscribes to an email newsletter is not a “consumer” under the VPPA.

Watch The Quick Take Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

Episode 11 is now live. In a previous episode, we discussed the Texas amendments to its mini-TCPA statute that went into effect in 2025. This episode provides an update related to the registration requirements under that statute and the clarifications provided by the Texas Office of Attorney General and Secretary of State on certain types of telephone solicitations that are not subject to those requirements. 

Watch Episode 11 Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

Episode 10 is now live. This Episode discusses the “Quiet Hours” provision of the TCPA and the viability of a claim where prior express written consent was obtained from the consumer. It also discusses the wave of cases making such allegations and state statutes that also contain “Quiet Hours” restrictions. 

Watch Episode 10 Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

Episode 9 is now live. In this Episode, Kristine is joined by guest and colleague Danny Riley to discuss privacy compliance on consumer facing websites including opt-out rights and regulators’ enforcement in this area.

Watch Episode 9 Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

Episode 8 is now live. In this episode of Consumer Counterpoint, we discuss the type of consumer class action cases that were trending in 2025 as well as which trends we expected to continue into 2026. We also discuss which key issues in these cases we expect to see substantive rulings on in 2026. 

Watch Episode 8 Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

Episode 7 is now live. In this episode of Consumer Counterpoint, co-hosts Kristine Argentine and Paul Yovanic dive into a recent California federal court decision in Doe v. Eating Disorder Recovery LLC – a defense-friendly summary judgment ruling under the California Invasion Privacy Act (CIPA). Tune in as Kristine and Paul break down the decision, what it means for businesses using web tracking tools, and why the court called CIPA “a total mess.”

Watch Episode 7 Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

Episode 6 is now live. On July 1, 2025, Colorado expanded its privacy protections with a major amendment to the Colorado Privacy Act (CPA), introducing new obligations for businesses and employers handling biometric identifiers and biometric data. This update imposes requirements around notice, consent, retention, and security—even for entities not previously subject to the CPA. In this episode of Consumer Counterpoint, co-hosts Kristine Argentine and Paul Yovanic break down what the amendment means, how it compares to other biometric privacy laws, and share initial impressions on navigating this untested regulatory landscape.

Watch Episode 6 Here:

Subscribe to the Consumer Class Defense Blog today and get notified when each new vidcast goes live.

1762449136-2936-9480-lxb_photogZXx8lKAb7Ylxb_photo-
Maarten van den Heuvel, Unsplash

Wednesday, November 19, 2025
10:00 a.m. to 11:00 a.m. Pacific
11:00 a.m. to 12:00 p.m. Mountain
12:00 p.m. to 1:00 p.m. Central
1:00 p.m. to 2:00 p.m. Eastern

Register Here

About the Program

Join us for an informative webinar with our privacy experts to go over the California Privacy Protection Agency’s newly adopted regulations under the CCPA, that begin to take effect on January 1, 2026. We’ll discuss how these changes affect businesses now and in the years ahead, along with other critical compliance considerations, including:

  • Governance of automated decision-making technologies;
  • Comprehensive privacy risk assessments;
  • Mandatory cybersecurity; and
  • Consent management and compliance with the California Invasion of Privacy Act (CIPA).

Companies who are covered by the CCPA will not want to miss this webinar and the opportunity to hear practical insights on managing risk and preparing for these sweeping changes.

Speakers

Kathleen McConnell, Partner, Seyfarth Shaw LLP
Yana Komsitsky, Senior Counsel, Seyfarth Shaw LLP
Vincent Smolczynski, Counsel, Seyfarth Shaw LLP
Danny Riley, Associate, Seyfarth Shaw LLP

Register Here

If you have any questions, please contact Emily Anderson at eaanderson@seyfarth.com and reference this event.

Learn more about our eDiscovery & Information Governance practice.To request CLE credit please fill out the attendance verification form here. To comply with State CLE Requirements, CLE forms requesting credit in IL or CA must be received before the end of the month in which the program took place. Credit will not be issued for forms received after such date. For all other jurisdictions forms must be submitted within 10 business days of the program taking place or we will not be able to process the request.

Our live programming is accredited for CLE in CA, IL, and NY (for both newly admitted and experienced).  Credit will be applied as requested, but cannot be guaranteed for TX, NJ, GA, NC and WA. The following jurisdictions may accept reciprocal credit with our accredited states, and individuals can use the certificate they receive to gain CLE credit therein: AZ, AR, CT, HI and ME. For all other jurisdictions, a general certificate of attendance and the necessary materials will be issued that can be used for self-application. CLE decisions are made by each local board, and can take up to 12 weeks to process. If you have questions about jurisdictions, please email CLE@seyfarth.com.

Please note that programming under 60 minutes of CLE content is not eligible for credit in GA. programs that are not open to the public are not eligible for credit in NC.

chad-madden-bTfza0M0hCE-unsplash-413x276

On Friday, October 17, 2025, U.S. District Court Judge Vince Chhabria issued a biting Order granting defendant Eating Recovery Center, LLC’s (“ERC”) motion for summary judgment on the plaintiff Jane Doe’s California Invasion of Privacy Act (CIPA) claims, a law enacted in 1967 to address the increasing use of wiretapping to eavesdrop on private phone conversations. In particular, Judge Chhabria found it “undisputed” that the alleged Meta Pixel did not read, attempt to read or attempt to learn the contents of Doe’s communications with ERC while the communications were in transit as is required by the statute, and thus Doe’s CIPA claims failed.

More notable were Judge Chhabria’s thoughts on the state of recent plaintiffs’ attempts to apply CIPA’s “already obtuse language” to website activity and online technologies. Calling the statute “a total mess,” Judge Chhabria opined that it “was a mess from the get-go, but the mess gets bigger and bigger as the world continues to change.” As a result, Courts are now faced with the “borderline impossible” task of determining whether website operators’ conduct falls under the ambit of the CIPA statute.

He further noted that the CIPA language at issue is “ambiguous,” acknowledging that there was at least an interpretation wherein ERC’s alleged online conduct violates CIPA. However, because CIPA is a criminal statute imposing criminal liability and punitive civil penalties, the “Rule of Lenity” of applies, even when invoked in a civil action. Under the Rule of Lenity, Courts must narrowly construe civil statutes that impose punitive civil penalties. That narrower interpretation does not cover ERC’s alleged conduct.

In his final call to action, Judge Chhabria called on the California Legislature to “step up” and “bring CIPA into modern age” to address whether such online activity should be covered by the statute. California courts are consistently issuing conflicting rulings in CIPA cases, which leaves businesses and practitioners equally confused. Judge Chhabria urged the Legislature to not only go back to the drawing board, but to “erase the board entirely and start writing something new.” 

Senate Bill 690, which failed to advance out of committee in the California State Assembly, would not have erased the drawing board entirely but did attempt to clarify that CIPA would not apply when used for “a commercial business purpose.” The bill unanimously passed the Senate in June 2025; however, as a result of being stalled in the Assembly, will not move forward until 2026 at the earliest (if at all).

Key Considerations

With the ongoing uncertainty surrounding CIPA exposure, companies should give careful thought to their cookie banner / consent management practices, including conducting regular testing to ensure operation is consistent with expectations. 

If you have any questions about this post, please contact the authors or another member of the Firm’s DATA Law practice.