California's wiretapping statute is the engine behind the session-replay and pixel lawsuit wave. Here's how it applies to websites — in plain language.
The California Invasion of Privacy Act (CIPA), at Penal Code § 631 and § 632, prohibits intercepting or recording a communication without the consent of all parties. California is an "all-party consent" state.
Plaintiffs' firms have applied § 631 to websites by arguing that session-replay, analytics, and chat tools which capture what a visitor types or does — before the visitor consents — are intercepting a communication in real time, often with the help of a third-party vendor. The theory turns on timing: whether the tool recorded the interaction before consent was given.
This is why a consent banner alone is not a defense. If a session recorder or pixel fires and transmits data before the visitor clicks "accept," the banner didn't prevent the interception it was supposed to prevent.
Whatever the statute, the underlying test is practical: do third-party trackers collect or transmit visitor data before the visitor consents? RegSentry runs a real browser against your site and shows you exactly that — which scripts fire, when, and whether a consent banner actually held them back.
See what fires on your site before consent — free, 30 seconds, no signup.
Real browser scan, no signup to run it. You see a summary of the findings; the full report with every tracker unlocks with your email.