By Steven G. Stransky, Kip T. Bollin, and Jennifer A. Adler, Thompson Hine LLP.

Mr. Stransky is a Partner in the Cleveland, OH office of of the firm and Co-Chair of the Privacy & Cybersecurity group. Mr. Bollin is Partner-in-Charge of the firm’s Cleveland office. Ms. Adler is Counsel in the firm’s Atlanta, GA office.


Like many other states, California has enacted a statute regulating the use of pen registers and trap and trace devices. Cal. Penal Code § 638.50-55 (the “California Pen/Trap Law”). Pursuant to this law, “a person may not install or use a pen register or a trap and trace device” without first obtaining certain types of court orders or to the extent other statutory exceptions apply. Id. at § 638.51(a). As described in greater detail below, pen registers and trap and trace devices are surveillance tools used to identify telephone numbers and similar sources of communication, but from different perspectives: pen registers track outgoing telephone calls and communication sources, while trap and trace devices track incoming calls and communication sources.

Recently, there has been a rise in legal claims that argue website advertising cookies and pixels should be considered pen registers and/or trap and trace devices pursuant to the California Pen/Trap Law. Thus, a website end-user’s privacy rights are violated each time an advertising cookie or pixel collects their data if no court has issued an order allowing such collection. To date, no judicial precedent supports this position. Instead, these claims appear to be based on a misunderstanding of a recent federal court decision.

The California Pen/Trap Law is a criminal statute and an individual who violates its terms can be subject to both monetary penalties and imprisonment. Id. at § 638.51(c). If a court were to adopt the position that a website advertising cookie or pixel is considered a pen register or trap and trace device, that absurd result could subject every organization with a public-facing website that uses this technology (without a court order or qualification for an exception) to criminal and civil liability.

This Working Paper explains why the use of advertising cookies and pixels does not violate the California Pen/Trap Law. That conclusion is supported by (i) the plain text and structure of the California Pen/Trap Law, (ii) the legislative intent behind the California Pen/Trap Law, (iii) the scope of court orders authorizing the use of pen registers and trap and trace devices, (iv) other California laws governing website cookies and pixels, and (v) the “user consent” provisions within the California Pen/Trap Law. After some important background information, the Working Paper offers a detailed discussion of each of these five points.

Click HERE or the download button above to continue reading the full Working Paper