On June 24, 2025, a Los Angeles Superior Court judge dismissed a website tracking lawsuit in Garcia v. Diversified Foodservice Supply, LLC, No. 24STCV19784, (Cal. Super. Ct. L.A. Cty. June 24, 2025), at the pleading stage. The court sustained Diversified Foodservice Supply’s (Diversified’s) demurrer without leave to amend, ruling that the plaintiff lacked standing and failed to state a viable claim under the California Invasion of Privacy Act (CIPA), Penal Code § 638.51(a). CIPA was enacted in 1967 to address unlawful wiretapping of telephone conversations.
As in hundreds of similar lawsuits filed against website owners in recent years, plaintiff alleged that Diversified’s website unlawfully collected her Internet Protocol (IP) address via a website tracking beacon. Plaintiff analogized the tracking beacon to an illegal “pen register” or “trap and trace” device under CIPA. The court, however, ruled that there is no legally protected privacy interest in an IP address, and the complaint did not allege any particularized, concrete harm for purposes of standing. Simply collecting an IP address during routine web browsing is not the kind of privacy invasion CIPA was meant to penalize, the court concluded.
Garcia v. Diversified Foodservice joins a growing trend of courts pushing back against speculative CIPA claims brought by self-described “tester” plaintiffs. In recent months, California courts have dismissed a number of similar lawsuits at the pleading stage in state and federal courts.
Across these cases, judges have demonstrated increasing skepticism of CIPA claims premised on ordinary online activity inherent to internet browsing. They have shown a willingness to dispose of lawsuits early when plaintiffs cannot demonstrate a concrete privacy harm or attempt to stretch the law beyond its intended scope. While a few outlier decisions have allowed CIPA web-tracking claims to proceed past the pleading stage, the emerging trend in California is to reject overly broad or conclusory CIPA allegations that rest on nothing more than routine IP address collection.
The ruling in Garcia v. Diversified Foodservice is a strong signal that courts are scrutinizing website privacy lawsuits more closely and that businesses faced with such suits can defend the cases on the merits rather than feel compelled to settle. Website operators can take notice that courts are increasingly drawing a line between normal website communications necessary for the internet to function, and unlawful privacy intrusions. However, this area of law continues to develop, so companies should stay informed on the latest decisions.
For further information or assistance with privacy-related litigation or compliance matters, contact Rudy Verner or Azar Khazian.
This article is informational only. The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting based on information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein—and your interpretation of it—is applicable or appropriate to your particular situation. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided “as is;” no representations are made that the content is error-free.