Have you received a certified letter from the Tauler Smith Law Firm concerning a trap and trace lawsuit claim? Have you received one regarding a California Invasion of Privacy Act (CIPA) Claim? If its not a trap and trace wiretapping claim they also send out demand letters over Database SDK claims. Either way we can get your website or your client (if you’re a lawyer) compliant right away.
Tauler and Smith LLP has been sending out hundreds of demand letters a month recently. Letters are sent to the registered agent and to the address registered for the business. If you’ve received a demand letter contact the team here at Captain Compliance immediately and our privacy team will help you as there are about 8 other law firms just like Tauler and Smith waiting to file privacy claims for technology running on your website. We have extensive experience in helping to protect business owners against pen register trap and trace device privacy lawsuits.
BOOK A DEMO CLICK HERE TO SEE HOW CAPTAIN COMPLIANCE CAN HELP GET YOUR CASE DISMISSED AND PROTECT YOU AGAINST FUTURE PRIVACY LAWSUITS
Tauler Smith will send out notices with the notice of violation of a pen trap and trace for California privacy. The firm is run by Matthew Smith and operates out of 626 Wilshire Boulevard Suite 550, Los Angeles, CA 90017. Notices will typically say something like this:
Our firm represents (Plaintiffs Name) (“Plamiff”), a California consumer whose privacy rights were violated during his/her recent visit to (this is where your website that committed the privacy violation would go) (the “Website”), forensic analysis confirms the Website actively deploys (Linkedln tracking software) that constitutes an illegal “trap and trace” device under the California Invasion of Privacy Act (“CIPA”), Cal. Penal Code 638-51.
A. Linkedin’s SDK is a Trap and Trace Process.
Linkedin offers commercial tracker software through its Software Development Kit (“SDK”), often implemented as the “Linkedin Insight Tag” or similar embedded tracking code. This SDK captures the electronic impulses that identify a software consumer that constitutes a trap and trace” device under the California device that captures the incoming electronic or other impulses that identify … signaling information reasonably likely to identify the source of a wire or electronic communication.” Cal. Penal Code 638-50(6).
By installing and running this code on your Website, you enable Linkedin to match user activity to their Linedkin profiles or other identifiers, Courts recognize this as a “process” because it identifies consumers, gather data, and correlates that data with external records. See Vishal Shah v. Fandom Inc, No 24-cv-01062-RFL, 2024 U.S. District. LEXIS 19032 (N.D. Cal. Oct. 21, 2024) (determining software trackers qualify as “processes that record users’ IP addressing information”)
B. Linkedin’s Invasive Tracking Tools and Commoditization of Data.
Data has surpassed oil as the world’s most valuable resource. Linkedin markets itself as “the world’s largest professional network” and continues to build its lucrative advertising business through sophisticated data collection and analysis. The company generated $17.14 billion in revenue in 2024, achieving an 8.6% year-over-year increase and capturing roughly 1.5% of global ad spending. This aggressive monetization strategy conflicts with widespread consumer privacy expectations. Research confirms that 92% of Americans demand companies obtain consent before sharing their data, while 79% express significant concerns about how companies utilize their personal information. This fundamental disconnect between corporate data practices and consumer privacy expectations creates substantial regulatory and litigation risk.
Our investigation revealed that Linkedin’s tracking tools de-anonymize website visitors and send identifiable data to Linkedin without their consent. The screenshot below demonstrates how the Linkedin SDK captures electronic impulses and transmits user information to LinkedIn’s servers:
This is where they will insert a photo of a HAR file and a screenshot of the website without a Cookie Consent Banner running that would give the user consent options. LinkedIn’s advertising platform leverages this data to deliver hyper-targeted marketing campaigns, track user behavior across the web, and develop personalized profiles-activities that proceed without visitor awareness or permission. Given Linkedin’s extensive user base and professional focus, the potential for data misuse is significant.
C. Companies Liability
Under CIPA, installing or using a trap and trace device subjects you to civil liability, including statutory damages of $5,000 for each violation and injunctive relief. Cal. Penal Code§ 637.2. California courts confirm that”§ 637.2 expressly states that all CIPA violations, including § 638.51, confer a private right of action.” Moody v. C2 Educ. Sys. Inc., No. 2:24-CV-04249-RGK-SK, 2024 U.S. Dist. LEXIS 132614, at *2 (C.D. Cal. July 25, 2024) (rejecting defendant’s argument that § 638.51 does not provide a private right of action). Each unauthorized data capture—triggered by a page load, script, or endpoint call— constitutes a separate violation. Plaintiff may also seek data disgorgement of improperly collected information and an injunction to halt further tracking. Additionally, your actions violate California’s Unfair Competition Law (Business and Professions Code § 17200 et seq.), which prohibits unlawful, unfair, and fraudulent business practices. Remedies under the UCL include disgorgement of profits derived from unauthorized data collection and injunctive relief to prevent future violations.
Accordingly, the anticipated class action will demand:
- $5,000 in statutory damages per violation
- Data disgorgement of all information obtained via Linkedln’s trap and trace technology,
- Disgorgement of profits realized from these practices, and
- An injunction banning all trap and trace software on your Website.
Multiple courts have confirmed that tracking software like Linkedln’s SDK falls within CIPA’s definition of a pen register or trap and trace device. In Greenley v. Kochava, Inc., the court held that tracking software could plausibly constitute a pen register, concluding that courts “should focus less on the form of the data collector and more on the result.” 684 F. Supp. 3d l 024, l 050 (S.D. Cal. 2023). Similarly, in Mirmalek v. Los Angeles Times Communications LLC, the court found that third-party trackers recording IP addresses were “pen registers” within the meaning of CIPA. No. 24-cv-01797-CRB, 2024 WL 5102709 (N.D. Cal. Dec. 12, 2024). Further, in Rodriguez v. Autotrader.com the court denied dismissal on Section 638.51 claims, finding that tracking software collecting various user data “plausibly falls within the scope of 638.50 and 638.51.” No. 2:24-cv-08735-RGK-JC, at *6-7 (C.D. Cal. Jan. 8, 2025). Despite the serious nature of these violations, our client remains open to a pre-litigation resolution of this matter. To discuss a settlement that addresses statutory damages, data disgorgement, and injunctive relief, please contact me at the email above and this is where they give you a short deadline to reply back by.
If this looks like something you received and you need an expert witness to help and insurance defense for litigation we can help with that as well as protect against future privacy lawsuits like this. If you haven’t already been sued by Swigart Law, Pacific Trial Attorneys, Gutride Safier, Levi & Korsinsky, and Almeida Law Group then expect to receive letters and notices from them next as there is a long line of litigators waiting to protect consumers and sue over privacy violations. The best way to stop this is to have software that actually works like the integration and setup of our Consent Management Platform, Data Subject Request Portal, Privacy Notice Generator, and Cookie Transparency page.
While most of these CIPA cases are around Google Analytics, Hotjar, and Facebook Metapixel with demand letters going out all at once to hundreds of unwilling defendants there are some cases to be aware of that are slightly different than the Linkedin tracker claims that Tauler Smith LLP is sending out.
Greenley v. Kochava Inc. is a notable litigation case we’ve been following that underscores the growing tension between digital surveillance practices and consumer privacy rights under U.S. state laws. Filed in 2022, the case alleged that Kochava, a data broker, unlawfully collected and sold vast amounts of sensitive geolocation data from mobile devices without proper user consent. This data was detailed enough to potentially reveal visits to reproductive health clinics, places of worship, and addiction recovery centers—raising serious privacy and ethical concerns. The plaintiff, Amanda Greenley, argued that such practices constituted an unfair and unlawful business act under state consumer protection statutes, and potentially opened the door to legal theories under the California Invasion of Privacy Act (CIPA), although CIPA was not the central claim in this suit but here we are 3.5 years later and we’re still dealing with it.
While Greenley v. Kochava was primarily based on unfair competition and deceptive practice claims, it reflects the broader trend of CIPA litigation, especially in California, where plaintiffs are testing the limits of the 1967 wiretapping statute in the digital context. CIPA claims have increasingly been applied to cases involving session replay tools, pixel tracking, and other real-time surveillance technologies on websites and apps. Courts are split on how broadly CIPA applies to these technologies, but the case highlights the increasing appetite among plaintiffs to use older privacy statutes to challenge modern tracking practices. Greenley v. Kochava, even outside a direct CIPA claim, illustrates the privacy litigation landscape where location data, third-party sharing, and consent mechanisms are under heavy legal scrutiny.
Book a demo below to get protected and stay out of harms way for privacy violations.