As if keeping up with website accessibility issues weren’t enough, website owners now face a new challenge in the form of privacy laws from … you guessed it … the state of California.
Okay, maybe not so new, but what is newer, is that lawsuits around this are unfortunately on the rise.
From Termageddon –
“The California Invasion of Privacy Act, otherwise known as CIPA, is a 30 year old privacy law originally intended to protect Californians from phone tracking software. However, this law is being reinterpreted to now apply to website owners, and there has recently been a significant jump in website related CIPA lawsuits being issued to business owners (both small and large).
What makes CIPA risky for businesses is that it allows California consumers to sue businesses directly for violations and obtain damages of $5,000 per violation (aka per site visitor whose rights were infringed upon). This law can apply to businesses formed outside of California, and the size of the business does not matter.”
Even if your business isn’t located in California, it doesn’t mean you’re off the hook. The reality is that some California residents are almost certainly landing on your website—and if your site uses any form of third-party tracking technology, you could be at risk of violating this law.
Common tracking tools that may trigger violations include:
- Third-party video or map embeds (e.g., YouTube, Google Maps)
- Analytics or heatmap tracking scripts
- Visitor intelligence platforms
- Ad tracking pixels
What are “Tracking Technologies”?
Tracking technologies are scripts or services embedded on your website that collect data about your visitors—such as their location, browsing behavior, and contact information. While they offer valuable marketing insights, they can also raise serious privacy concerns.
How to Avoid CIPA Violations
The best way to avoid violating CIPA is to reduce or remove third-party tracking features on your website—or obtain explicit user consent before tracking.
Here are some specific actions you can take:
- Google Fonts – If you’re using Google Fonts, download the font files and host them locally on your own server instead of embedding them from Google’s servers.
- Google Maps – Instead of embedding the map, take a screenshot and add it as an image.
- Embedded Videos –
Instead of embedding YouTube or Vimeo videos, consider uploading the video files directly to your site. This avoids loading third-party trackers. (Note: This is only recommended if your website hosting plan has enough bandwidth and storage.) - Google Analytics – Switch to privacy-focused alternatives like Fathom Analytics or Matomo, which don’t rely on invasive tracking methods.
- Google reCaptcha – Try alternatives such as Friendly Captcha, which prioritize user privacy without compromising security.
- Ad Tracking Pixels – If you’re not running a lot of ads, it’s best to skip adding any additional ad tracking pixels altogether.
- IP Address Intelligence Services – Avoid services that identify and track visitor IPs to gather contact information. If you absolutely must use such tools, ensure you get prior consent from site visitors.
What If You Still Need These Tools?
If third-party trackers are necessary for your site, you must get user consent before tracking. This is because explicit consent is considered an established exception to CIPA (according to Termageddon). One of the easiest and most effective ways to gather consent is by using a cookie consent banner.
Back in 2018, cookie banners became standard with the introduction of GDPR, but many site owners have since moved away from using them. With this new wave of CIPA lawsuits, it’s clear that cookie consent banners are making a comeback—and they’re something most of us will need to implement sooner rather than later.
My Recommendation: CookieYes Plugin
I recommend using the CookieYes plugin. The free version is:
- Highly customizable to match your website branding
- Easy to implement
- Offers an opt-out feature for users
It works with WordPress and most major website platforms, making it a simple solution for most businesses.
What Happens Next?
If you’re one of my clients on a monthly Maintenance Plan, I’ll be logging into your website and installing this cookie banner for you within the next couple of weeks. If for some reason you do not want this on your website and prefer to remove these tracking tools, please contact me as soon as possible.
If you’re not on a maintenance plan, but would like me to install and customize the plugin for you, just reply to this email and I’ll be happy to take care of it.
What should you do next?
If you’re managing your website yourself, there are steps you can take to determine what course of action you need.
- Audit your website for any third-party services that collect visitor data.
- Replace or remove unnecessary trackers.
Install a cookie consent banner if you use tracking tools. - Reach out to me if you need help identifying and fixing potential issues.
Final Thoughts
The CIPA lawsuits are a wake-up call. Taking steps now to either limit tracking or gain proper consent will not only help protect your business—it will also build trust with your website visitors.
Have questions? Want me to audit your site for CIPA risks? Just reach out—I’m here to help.
👉🏻Resources –
