Skip to content

Defeating the CIPA Call-Recording Wave: Strategic Lessons from Guerra v. Papa John’s

For privacy litigators and in-house counsel defending consumer class actions in California, the California Invasion of Privacy Act (CIPA) has felt inescapable and unfairly malleable. Plaintiffs’ firms have aggressively weaponized legacy statutory language to target modern digital infrastructure from website chatbots to session-replay software.

However, the tide appears to be turning with a number of positive rulings. In a fresh example, the June 23, 2026, ruling in Guerra v. Papa John’s International, Inc. and Cognizant Technology Solutions  (Case No. 23-cv-01933-LB) has fundamentally shifted the defense landscape for corporate call centers. Handed down by U.S. Magistrate Judge Laurel Beeler of the Northern District of California, this summary judgment draws a sharp, textual line against the runaway expansion of CIPA Section 632.7.

The Threshold Issue: The Voice-over-IP (VoIP) Defense

The litigation in Guerra centered on California Penal Code § 632.7, a section originally enacted to prevent the intercepting and recording of calls bouncing off radio towers or passing through legacy physical hardware. Specifically, the statute prohibits recording communications "transmitted between" designated devices: landline telephones, cellular radio telephones or cordless telephones.

The plaintiffs’ bar argued that because the defendant's call-center operators used computers connected via wired Ethernet cables to handle consumer calls, these systems were functionally equivalent to a "landline."

The defense successfully dismantled this argument by forcing the court to confront the strict, unambiguous definitions within the California Penal Code.

 "There is no genuine dispute that Cognizant call centers do not use landline, cordless, or cellular telephones," the court ruled.

 Judge Beeler emphasized that the California Legislature explicitly enumerated five specific device combinations in § 632.7. By intentionally specifying those exact hardware pairings, the legislature left no room for courts to retroactively rewrite the law to include modern cloud-based infrastructure. Because an Ethernet-connected computer running Voice-over-Internet Protocol (VoIP) software is fundamentally distinct from a traditional "landline telephone," the strict all-party consent requirements of Section 632.7 were simply never triggered. The litigators in the case successfully moved the court away from the abstract question of “what is a phone call in the internet age” to the specific question of "what does the statute expressly cover?" 

What's Next?

While the Guerra decision provides a powerful shield, it requires a precise, proactive litigation approach to maximize its utility. As companies face a relentless onslaught of privacy class actions involving CIPA, the Video Privacy Protection Act (VPPA) and the Electronic Communications Privacy Act (ECPA), the defense framework must adapt immediately:

  • Do not wait until class certification to analyze your telecom architecture. A detailed technical audit of your call center infrastructure (confirming the absence of traditional landlines or cellular hardware at the endpoint) can lay the groundwork for an early, dispositive motion to dismiss or a targeted motion for summary judgment.

  •  Plaintiffs often try to conflate website tracking cases (like Thomas v. Papa John’s, which involved session-replay software) with call-center recording claims. A top privacy litigator will strictly isolate these theories. Website data tracking looks at what is intercepted; call recording under § 632.7 looks strictly at how it is transmitted. Keeping these boundaries rigid prevents plaintiffs from importing favorable website wiretapping case law into the call center space.

  • Even with a strong VoIP defense, reliance on technical statutory loopholes should be a secondary shield. The gold standard remains bulletproof operational disclosure. Ensure your automated interactive voice response (IVR) scripts feature clear, unskippable recording disclosures ("This call may be monitored or recorded...") before a live agent or vendor ever joins the line.

Moving Forward

The Guerra decision confirms that the judiciary increasingly pushes back against the overextension of 20th century privacy laws to 21st century cloud technology. Companies should deploy deep technical literacy and rigorous statutory expertise to ground defense strategies in the literal architecture of modern networks. In this way, corporate defendants can successfully shut down predatory statutory damages claims before they escalate into catastrophic class liabilities.