Hi CIPAWorld! We are seeing a lot of creative attempts by plaintiffs to manufacture standing in website tracking cases, but courts are definitely starting to draw a hard line when it comes to what actually constitutes a privacy injury.
A federal judge in the Central District of California just handed a definitive win to the defense, tossing a privacy class action over the alleged interception of website search queries. In Vivek Shah v. Talentbridge, Inc., No. 2:26-cv-00222-AH-SSCx, 2026 WL 1507888 (C.D. Cal. May 28, 2026), the court granted the defendant’s motion to dismiss the plaintiff’s first amended complaint completely without leave to amend. The judge concluded the plaintiff failed to establish both diversity jurisdiction and Article III standing, ruling that generic job searches simply do not create a legally protectable privacy interest.
Plaintiff Vivek Shah is a serial California Invasion of Privacy Act and Fair Credit Reporting Act litigator–who apparently has a bit of a criminal history. Vivek Shah has previously been convicted for orchestrating a multimillion-dollar extortion scheme:
But he continues to file these CIPA actions.
Here, Shah sued under the CIPA, specifically section 631(a), which prohibits the unauthorized interception of electronic communications while in transit and the disclosure of the intercepted communications. Shah alleged that he selected “Reject All” on the defendant’s cookie banner and then searched for terms similar to “felony-friendly jobs” and “jobs no background check” on the company’s job search website. He claimed the website embedded third-party tracking code that transmitted these specific search queries to Google Analytics and UserWay without his notice or consent.
The defendant moved to dismiss the case under Federal Rule of Civil Procedure 12(b)(1) for lack of subject matter jurisdiction. The defense first argued Shah failed to establish the $75,000 amount in controversy required for diversity jurisdiction. Shah tried to bypass this requirement by arbitrarily labeling his single cause of action as “Counts One Through Sixteen” in an attempt to multiply the statute’s $5,000 per-violation penalty. The judge rejected this tactic, ruling that a mere label is a conclusory assertion and fails to affirmatively allege the actual number of violations.
The defendant also successfully argued the plaintiff lacked Article III standing because he suffered no concrete injury in fact. The court agreed, holding that a statutory violation alone is not enough to confer standing. A plaintiff must identify the disclosure of specific personal information that implicates a protectable privacy interest. The judge ruled that generic search terms like “felony-friendly jobs” do not reveal a searcher’s specific identity or criminal history. The court pointed out that anyone, from a researcher to a schoolteacher, could enter those exact same terms on a publicly accessible website.
The court further noted that the disclosure of an IP address and basic metadata alongside these generic searches does not automatically turn the data into personally identifiable information. Because the information concerned how the plaintiff interacted with the website rather than his private, identifying information, the court dismissed the case. The judge also denied leave to amend, noting that any further amendments would be futile because the underlying search terms simply do not implicate a protected privacy interest.
So hopefully more courts will follow suit here and find that, individuals cannot just manufacture standing out of thin air by typing a generic search term into a public website and crying foul when an IP address gets logged.
Subscribe to stay informed on all the latest CIPA news!