California Lawmakers Narrow SB 690, Leaving Potential Relief For Pen Register and Trap-and-Trace Claims
California Senate Bill 690 is intended to curb litigation exposure for businesses under California’s Invasion of Privacy Act (CIPA), especially claims challenging commonplace website and mobile-app technologies, amid a wave of lawsuits and demand letters from a small number of plaintiffs’ firms.
As originally introduced in early 2025, SB 690 would have amended several provisions of CIPA, including Sections 631, 632, 632.7 and 638.50/51, to preclude liability when the technology at issue was used in a manner consistent with a “commercial business purpose.” Those provisions address wiretapping, confidential recording, cellular and cordless telephone communications, and California’s pen register and trap-and-trace statutes. Each currently provides a private right of action, creating significant litigation risk for businesses using common online tools.
Current Version of SB 690
On July 1, 2026, the Privacy and Consumer Protection Committee of the California State Assembly heard testimony regarding SB 690. Following testimony from local and national business associations and community members, the bill’s sponsor, Sen. Anna Caballero (D-Merced), amended the bill to significantly narrow its scope.
As amended, SB 690 would: (1) apply only to California Penal Code §§ 638.50 and 638.51, the pen register and trap-and-trace provisions; (2) apply retroactively to pending claims filed within the prior two years; and (3) remove the private right of action for qualifying claims, leaving enforcement authority with the California attorney general. The current version of SB 690 does not amend other sections of CIPA.
The committee voted to advance the bill and re-referred it to the Committee on Appropriations.
Next Steps
Although SB 690 still must clear several legislative steps before becoming law, the Privacy and Consumer Protection Committee vote is an important development for businesses defending or assessing exposure from pen register and trap and trace claims involving websites, online applications, or mobile applications.The legislature is now in summer recess and is scheduled to reconvene on August 3, 2026. For SB 690 to be enacted this year, it will need to be passed before the legislature adjourns on August 31, 2026.
Takeaways
If passed in its current form, SB 690 could provide relief for businesses facing pen register and trap-and-trace claims and should curtail some of the demands and complaints related to commonplace website and mobile-app technologies. Unfortunately, even if passed, this amendment will not completely curtail these claims and plaintiffs’ counsel will likely continue to pursue claims related to commonplace website and mobile-app technologies under different legal theories such as state and federal wiretapping statutes. Thus, we recommend businesses continue to:
- Understand what website and mobile-app technology is being used on the website(s) and what information it shares with third parties.
- Disclose the use of website and mobile-app technology at the direction of experienced privacy counsel. It is important to work with counsel because a “cut-and-paste” approach is dangerous as a tailored approach based on multiple unique factors will likely be needed.
- Review agreements with third parties who are responsible for maintaining the website and mobile-app technology.
- Explore privacy settings in the website and mobile-app technology.
If you have questions, are facing a potential lawsuit, or need someone to help ensure your company is in compliance with the most current recommendations and regulations, we are ready to assist.