California businesses have reported receiving an increase in demand letters from lawyers claiming that the use of tracking technologies on the business owner’s website violates California privacy law. The letters typically demand statutory damages be paid to the claimant, alleging that the use of cookies and/or pixels (often Meta Pixel) to track website users violates California’s Invasion of Privacy Act. Claimants may not necessarily be patients or prospective patients — they could be anyone who visited the site.
The legal theory behind these claims is questionable and the legal landscape is still uncertain. Still, CDA encourages members to analyze exactly how their practice website functions, as these tracking technologies could be running without their intent or knowledge. Even if cookies/pixels are being used only for website analytics rather than advertising, the dental practice may still be at legal risk.
Six tips to mitigate potential exposure to CIPA violation claims
If your website uses these technologies, it is important to consider the following tips to help mitigate potential exposure to the CIPA violation claims:
- Consider disabling the technologies if they are not necessary for your practice.
- Review the privacy policy/statement on your website to ensure it accurately describes how the website uses tracking technologies.
- Consider using a pop-up cookie banner explaining how the website uses cookies/pixels to track users, and provide options for site visitors to accept or decline tracking.
- Only collect user data that is necessary for the website to function as intended.
- If you use a vendor for website management, check with them about their knowledge of and experience with this issue and ask for their suggestions to mitigate potential claims.
- Seek legal counsel immediately if you receive a demand letter or are served with a lawsuit. You can also contact your professional liability carrier for advice.