Businesses facing the growing wave of website tracking litigation should pay close attention to a recent Illinois federal court decision involving Hyatt Hotels. In Juhyun So v. Hyatt Hotels Corp., 2026 U.S. Dist. LEXIS 98893 (N.D. Ill. May 5, 2026), the court dismissed a federal Wiretap Act claim based on Meta and Adobe tracking technology embedded on Hyatt’s booking website.

Not everybody loves a good cookie, and plaintiffs’ lawyers are proving it. In California, routine website cookies, pixels, and analytics tools are increasingly being cited as evidence of illegal “interception” under the California Invasion of Privacy Act (CIPA), particularly when users were never given a meaningful choice.

Picture this: you run an online store. You add the Meta Pixel to track conversions and improve ads. It’s standard practice, until a demand letter arrives accusing you of “wiretapping” your own customers under a 1967 California privacy law.

The California Invasion of Privacy Act (CIPA) is keeping a lot of lawyers busy these days, and not just in California. We’ve seen clients receive demand letters from California plaintiffs' firms claiming that the use of third-party cookies, pixels, and other tracking technology on their websites violates CIPA by functioning as a “trap and trace” device.