Link to A nationwide call recording and analytics service, uniformly deployed nationwide, that merely operates in California is not sufficient, standing alone, to establish specific personal jurisdiction under the California Invasion of Privacy Act (CIPA), according to a recent decision from the Central District of California. A nationwide call recording and analytics service, uniformly deployed nationwide, that merely operates in California is not sufficient, standing alone, to establish specific personal jurisdiction under the California Invasion of Privacy Act (CIPA), according to a recent decision from the Central District of California.
At issue was a wiretapping allegation arising out of call tracking and analytics technology used across a car dealership network. The plaintiff alleged that the deployment of call recording and analytics constituted unlawful interception of communications. The court disagreed, not on the merits of the technology, but on a threshold issue: whether the court even had personal jurisdiction over the defendant.
Link to The Jurisdictional Framework The Jurisdictional Framework
The court applied the familiar Ninth Circuit three-part test for specific personal jurisdiction:
- The defendant must purposefully direct its activities at the forum or purposefully avail itself of the privilege of conducting activities in the forum
- The claim must arise out of or relate to the defendant’s forum-related activities
- The exercise of jurisdiction must be reasonable
For claims sounding in tort, courts evaluate the first prong using the Calder effects test (465 U.S. 783 (1984). That test requires the plaintiff to show that the defendant:
- Committed an intentional act
- Expressly aimed that act at the forum state
- Caused harm the defendant knew was likely to be suffered in the forum
The failure to establish any one of these elements is fatal.
Link to Intentional Act Was Not the Problem Intentional Act Was Not the Problem
The court had little trouble finding that the “intentional act” prong was satisfied. The dealership network contracted for, paid for, and caused call recording and analytics technology to be installed on customer phone lines across its dealership locations.
Link to “Express Aiming” Did the Work “Express Aiming” Did the Work
The case turned on the second element of the Calder test: whether the defendant’s conduct was expressly aimed at California. The court held that it was not. Two issues were dispositive.
Link to 1. Nationwide Deployment Is Not Targeting California 1. Nationwide Deployment Is Not Targeting California
The plaintiff failed to show that the installation or use of the call recording technology was directed at California customers, tailored to the California market, or implemented in a California-specific manner.
Instead, the platform was deployed on a nationwide basis and the deployment of the technology in California was simply the result of a broader national implementation. The court was not dissuaded by the fact that California dealerships accounted for around 17 percent of the locations using the platform.
Link to 2. No Control or Direction of California-Specific Conduct 2. No Control or Direction of California-Specific Conduct
The plaintiff also failed to allege facts showing that the dealership network directed, controlled, or ratified any subsidiary conduct giving rise to the alleged misconduct in California.
In this case the defendant had not:
- Adopted California-specific policies regarding call recording
- Required California-specific deployment or functionality
- Directed the vendor to configure the platform differently for California
- Instructed subsidiaries to use the technology in a California-distinct manner
Link to A Key Distinction From Other CIPA Cases A Key Distinction From Other CIPA Cases
An important differentiating factor from those considered in other California Invasion of Privacy (CIPA) cases was that the dealership network did not directly interact with California residents through their own conduct, such as operating websites that collected data from California users. Here, by contrast, the interaction occurred at the subsidiary level, through a system deployed uniformly nationwide.
Link to Practical Takeaways Practical Takeaways
On the Form:
This decision signals that companies that operate a national strategy, especially through subsidiaries, without California-specific targeting or policies, may in some cases avoid California-based claims at the threshold stage on personal jurisdiction grounds.
In other words, where a company’s conduct reflects a uniform nationwide deployment, rather than intentional targeting of California as a forum, plaintiffs may face challenges establishing “express aiming” under the Calder framework.
That said, this is a fact-specific inquiry. Evidence of California-specific configuration, directives, or consumer engagement could change the outcome.
On the Substance:
While the defendant prevailed on jurisdiction here, the underlying allegations highlight a broader point. The deployment of recording, tracking, and analytics technologies can give rise to a range of legal risks beyond CIPA.
Companies deploying such technologies would do well to consider:
- Wiretapping exposure across jurisdictions
- Could the conduct be characterized as wiretapping under other two-party consent state laws or under the federal Electronic Communications Privacy Act?
- If so, can those risks be mitigated through clear, timely disclosures and appropriate consent at the outset of the call?
- Vendor use and “sale” considerations
- Does the technology vendor use call data for its own purposes, such as improving its platform or analytics models?
- If so, has the potential characterization of that data sharing as a “sale” or similar regulated transfer been evaluated and addressed?
- Artificial intelligence implications
- Is artificial intelligence used to analyze or derive insights from call recordings?
- If so, do applicable state or local AI laws come into play, and do they impose additional requirements such as notice, opt-out rights, or consent?
The bottom line:
Even where jurisdictional defenses succeed, and this case gives a blueprint for such path in some cases, the underlying practices remain squarely in scope for privacy, wiretapping, and emerging AI regulation analysis and may require some compliance to mitigate litigation risk.