The headline CIPA story of the past three years has been the tracking-pixel litigation wave — Meta Pixel cases, session-replay claims, the Javier v. Assurance IQ line, the high-volume Custodio & Dubey docket. That is the story most compliance teams are reading. It is not the whole story.
Schedule a 15-minute Demo with a Data Privacy Expert
Running parallel to the pixel docket is a quieter, equally consequential lane of CIPA litigation built around two different statutory hooks: Penal Code §631 wiretapping claims directed at customer-communications platforms, and Penal Code §632.7 cellular-recording claims directed at the most ordinary call-recording practice imaginable — “this call may be recorded for quality assurance.” The plaintiff firm most identified with this lane in recent California state-court practice is Plows Counsel, and the firm’s docket is the best available read on a class of CIPA exposure that most in-house programs are still under-resourcing.
For privacy and compliance leads, the value in studying this docket is not the firm’s individual filings. It is the structural lesson: the same statute that produced the pixel wave reaches well past the website, into the contact center, the SMS marketing platform, the AI voice agent, and the inbound-sales line. Programs that have hardened the website and ignored the rest of the communications stack are addressing one CIPA risk while leaving another fully exposed.
The Shape of Plows Counsel’s Practice
Plows Counsel files predominantly in California state court, predominantly under §631 and §632.7, predominantly against businesses that record customer communications without the kind of all-party consent that CIPA — at the high end of California appellate interpretation — actually requires. That last clause does a lot of work, because what counts as “all-party consent” in the cellular-recording context has been the subject of significant California Supreme Court and Court of Appeal attention since 2021.
The strategic logic of the firm’s docket is consistent with how high-volume California consumer litigation generally works. CIPA’s statutory damages are large enough to make individual cases viable ($5,000 per violation under both §631 and §632.7, or treble actual damages, whichever is greater). The fee-shifting provision pays plaintiffs’ counsel from the defendant if the plaintiff prevails. The motion-to-dismiss bar in California state court is forgiving compared to federal pleading standards. And §632.7 in particular touches a near-universal business activity: recording calls. The economic envelope of the practice writes itself.
What distinguishes Plows Counsel within the broader CIPA bar is the deliberate focus on call-recording and platform-access fact patterns rather than on website tracking. That focus produces a docket that tells in-house teams something the pixel cases do not: how California courts handle the recording-without-consent fact pattern, how the doctrinal cracks have widened, and where the next wave of filings is going to land.
Why §632.7 Is the Sleeper Statute
CIPA has two adjacent provisions that matter here. Section 632 prohibits the intentional recording of a “confidential communication” without the consent of all parties. Section 632.7 prohibits the intentional recording of any communication transmitted between two cellular phones, between a cellular phone and a landline, or between a cellular phone and a cordless phone — without the words “confidential communication” anywhere in the operative text.
That difference looks small. It is not. It is the entire battleground.
For a §632 claim, the plaintiff has to plead that the communication was confidential — meaning that at least one party had an objectively reasonable expectation that no one was listening or recording. Under Flanagan v. Flanagan (2002) and the line of California authority that followed, business calls about routine commercial matters are often held not to be “confidential” within the statute’s meaning, because customers calling a business line have no reasonable expectation that the call is unrecorded. The §632 confidentiality requirement is the single most useful merits defense in the call-recording context.
Section 632.7 has no equivalent text. The California Supreme Court’s 2021 decision in Smith v. LoanMe — the most consequential CIPA decision of the last decade for cellular call recording — held that §632.7 applies broadly to any party who intentionally records a covered cellular communication without all-party consent, including a party to the call itself. The court rejected the previously-prevailing reading under which §632.7 reached only third-party eavesdroppers. After Smith v. LoanMe, a business that records its own customer service line — where most calls touch a cellular network — is squarely inside §632.7’s prohibited conduct, regardless of whether the conversation would qualify as “confidential” under §632.
That single decision is what made the modern §632.7 litigation lane viable. Before Smith v. LoanMe, defendants had a clean argument that the statute did not reach a business recording its own calls. After it, that argument is gone. Every Plows Counsel §632.7 filing rests on the Smith v. LoanMe reading; every defense to those filings has had to shift from “the statute does not reach us” to “we obtained consent” or “this call was not on a cellular line” or “the recording does not qualify as a recording within the statute’s meaning.”
The post-LoanMe California appellate activity has been mixed for defendants. The Court of Appeal’s 2024 decisions on the meaning of “intentional,” the application of the statute to soft-recording technologies (voicemail capture, callback systems, IVR greeting recording), and the question of whether automated transcription constitutes “recording” within the statute’s meaning have all narrowed the doctrinal space the defense bar has to work with. The Mirkarimi, Kuschner, and related lines have established that §632.7 reaches further than most contact-center compliance frameworks were built to handle.
The §631 Side of the Docket
Plows Counsel’s §631 filings are doctrinally adjacent to the pixel wave but operationally distinct. The pixel cases focus on ad-tech vendors capturing website behavioral data. The Plows Counsel §631 cases focus on customer-communications platforms — live chat tools, contact-center-as-a-service vendors, omnichannel customer-engagement suites, AI chatbot platforms — that retain access to the content of customer communications.
The §631 theory in this context tracks the Javier v. Assurance IQ (9th Cir. 2022) reasoning. When a third-party communications platform stores, processes, or transmits the content of a customer’s chat or call, the plaintiff argues, the platform is “reading” the contents of a communication “in transit” within §631(a)’s prohibition, and the platform’s access does not benefit from the website operator’s “party to the communication” exception unless the platform is purely a service provider acting only on the operator’s instructions.
The same defense lever that has produced wins in the pixel space — the Smith v. Google / service-provider line — is available here, but only when the underlying contracts and data flows actually support a service-provider posture. A communications platform that uses customer interaction data to train its own AI models, to improve its own product, or to feed its own advertising or analytics business is not acting as a service provider in the sense the defense doctrine requires. The pleadings exploit exactly that gap.
The compliance picture is the same lesson the pixel cases have been teaching, applied to a different vendor stack: the contractual and data-flow posture of the vendor is now part of the legal posture of the business.
What the “Consent” Bar Actually Requires
Most defendants who lose §632.7 motions to dismiss do so on consent. The shorthand most contact centers operate on — “this call may be recorded” played at the start of an inbound call — is necessary in California, but it is not always sufficient, and in the post-LoanMe environment the gap between necessary and sufficient is where plaintiffs win.
A short tour of where the consent analysis breaks down in real-world deployments.
The notice plays after the recording starts. Many telephony systems begin recording the moment the call connects, with the IVR-side disclosure played a few seconds in. The consent fails for the seconds before the disclosure. A handful of state-court rulings have allowed cases to proceed on exactly this fact pattern.
Outbound calls without disclosure. Inbound-call disclosures are typically scripted into the IVR; outbound calls — sales follow-ups, collection contacts, appointment reminders — frequently are not. An outbound dialer that begins recording at connect, with the human agent supposed to recite a disclosure at the start of the conversation, is depending on agent compliance for legal protection. Random sampling of recordings will reliably find calls in which the disclosure was clipped, mumbled, or skipped.
Cellular-to-landline edge cases. §632.7 reaches communications between a cellular phone and a landline. A business that records calls coming into its landline-style PBX will frequently capture cellular communications without realizing it. The statute does not require the business to know which medium the customer is calling from.
Implicit-consent theories that no longer hold. The pre-LoanMe defense argument that a customer who continues the conversation after a recording disclosure has implicitly consented is still good law in some contexts, but the post-LoanMe California courts have tightened the requirements considerably. Disclosures that are mumbled, played at low volume, played in a language the customer does not speak, or buried inside a longer IVR script will not always carry the day.
Third-party platform recording. A meaningful slice of the docket targets cases where the recording is done not by the business itself but by a third-party communications platform. The contractual chain from business → platform → recorded customer creates a §631 claim against the platform layered on top of the §632.7 claim against the business. Plows Counsel’s pleadings frequently structure around exactly this dual-statute exposure.
The defense response is not to find a magic-words script. It is to engineer the recording infrastructure so that the consent moment is unambiguous, the recording start is gated on the consent, and the per-call evidentiary record proves both.
Where the Theory Is Expanding
The 2026 frontier of §631 / §632.7 litigation is not the legacy contact center. It is the AI-mediated customer interaction layer.
AI voice agents. A customer service line that routes customers to a generative-AI voice agent is recording, transcribing, and (in most deployments) storing the audio and transcript for model improvement, quality assurance, and auditability. Each of those data flows is a potential §632.7 problem if the consent and disclosure architecture is not engineered for it. The disclosure requirement is now a dual disclosure: that the call is being recorded, and that the customer is interacting with an AI rather than a human.
SMS and chatbot capture. §631 reaches “wire” communications, which California courts have read broadly enough to cover SMS interactions and chat sessions in some cases. Marketing automation platforms that retain SMS conversations, chatbot platforms that store transcripts for training, and omnichannel CDPs that ingest customer communications all create §631 questions that the plaintiffs’ bar has begun testing.
Voice biometrics and emotion analysis. A growing class of customer-service technology analyzes the audio of recorded calls for sentiment, emotion, fraud signals, or biometric identity verification. The data flow is recording-plus-derivation, and at least one open question in the case law is whether the derivation step is itself a separate “recording” within the statute’s meaning. Plows Counsel-adjacent firms have begun filing on exactly this fact pattern.
Video calls and telehealth. Recorded video customer interactions — telehealth visits, video customer service, recorded sales demos — engage both §632 (confidential communication, plausibly applicable) and §632.7 (cellular component, often present). The compliance posture for these flows is generally less mature than for voice calls, and the plaintiffs’ bar has noticed.
The pattern is the same one that has driven the pixel docket: every new layer of customer-communications technology widens the surface area, and the plaintiffs’ bar files into the gap between deployment and consent infrastructure.
A Hardened Compliance Posture for Recorded Communications
The defense-side playbook that works in pixel litigation has a parallel in the call-recording context. A short list of the work that actually moves the needle.
Audit every recording surface in the communications stack. Inbound calls, outbound calls, voicemail, callback systems, IVR captures, AI voice agents, video interactions, SMS, chat, social DMs, email-to-text gateways. The audit produces a complete map of what is recorded, by what system, for what retention period, with what disclosure, accessible to which vendors. The audit is the foundation of every other defense.
Engineer the consent moment into the recording infrastructure, not the agent script. The recording should not begin until the disclosure has been played. The disclosure should be in the language the customer is using. The disclosure should be clear, audible, and at the start of the call before any substantive conversation. For outbound calls, the disclosure should be system-enforced rather than agent-enforced. The single most reliable defense against a §632.7 case is a per-call evidentiary record that proves the disclosure preceded the recording.
Capture the customer’s affirmative response where feasible. Best practice — “to continue with the call understanding it will be recorded, please say yes or press 1” — converts an implied-consent posture into an express-consent posture. The friction is real; the litigation insurance is real too. For higher-stakes verticals (healthcare, financial services, debt collection) the affirmative-consent step is increasingly the standard.
Reform vendor contracts on the §631 surface. Every customer-communications platform — telephony, contact center, chat, AI voice, transcription, SMS, omnichannel CDP — needs a contract that places the vendor in a service-provider posture: strict purpose limitation, no model training on customer communications without separate authorization, no use of communication content for vendor product improvement, audit and termination rights. A vendor that resists these terms is creating §631 exposure regardless of the strength of the operator’s consent flow.
Geographic-routing alone is not enough. The article on the source side of this rewrite mentions area-code-based routing as a control. It is useful but incomplete. California residents call from non-California area codes; non-California residents call from California area codes. A defensible posture treats the consent flow as the floor for all calls and adds California-specific layers (affirmative consent, language localization, recording-start gating) where the customer’s California status is reliably identifiable. Building the floor at the California level is the operational shortcut most mature programs converge on.
Update the Privacy Policy and pre-collection disclosures to match the actual recording posture. Specific identification of recording categories (voice, video, SMS, chat, transcription, AI processing), specific identification of vendors with access, specific reference to CIPA where the customer is in a covered jurisdiction, specific articulation of the legal basis for any vendor reuse of communication content. The privacy notice is no longer a generic compliance artifact in this lane; it is a litigation document.
Build the per-call evidentiary record. When the demand letter arrives, the defense posture lives or dies on whether the business can produce, on demand, a per-call record showing the disclosure, the recording-start timestamp, the consent capture (where applicable), the channel of communication, and the vendor processing chain. Programs that have not engineered this record into the telephony platform discover the gap during discovery and pay for it in settlement.
Handle SMS, chat, and AI voice as full first-class members of the same compliance regime. A program that has hardened voice but not text is solving half the problem. The same all-party-consent logic, the same vendor-contract reform, and the same evidentiary discipline need to extend to every channel through which the business communicates with California consumers.
What the Plows Counsel Docket Predicts
The forward pattern from the firm’s filings — and from the broader CIPA call-recording bar — clusters in a few directions worth watching.
The first is AI-mediated customer service, where the convergence of generative AI, voice synthesis, transcription, and analytics has produced a customer-interaction layer that is both more useful and more legally complex than the legacy IVR. Filings against businesses deploying AI voice agents without redesigned consent flows are likely to dominate 2026 and 2027 dockets. The second is fintech and consumer financial services, where the regulatory overlay (CFPB, state AGs, banking supervision) compounds the CIPA exposure and where call-recording practices have historically been built for federal one-party-consent compliance and not for California’s all-party regime. The third is healthcare and telehealth, where the combination of recorded video visits, AI-driven triage, and patient communications via SMS creates a multi-statute exposure that most provider compliance programs are not yet organized to handle.
The firm itself is not the strategic question. The doctrinal trajectory is. Smith v. LoanMe removed the structural defense to §632.7. The post-LoanMe appellate line has tightened consent. The plaintiffs’ bar has the economic structure to file at scale. The defense posture that works is engineered, not ad hoc, and the businesses that build it ahead of the demand letter are the ones who will resolve cases at a meaningfully different scale than the businesses that wait.
Pixel Cases in California Courts
The pixel cases are loud. The §632.7 cases are quiet, and they are coming for a different part of the business. A compliance program that has rebuilt the website’s consent banner and left the contact center, the SMS platform, and the AI voice agent on their pre-2021 posture is not a compliant program. It is a program that has solved one CIPA problem and is exposed on the other.
Plows Counsel’s docket is the clearest available reminder that the statute reaches the entire customer-communications stack. The right read for in-house teams is to extend the same rigor — audit, vendor contracts, consent engineering, evidentiary record — that the pixel wave has forced on the website to every other channel through which the business talks to California consumers. The audit is cheap. The retrofit is moderate. The litigation is not.
