In Perez v. Romantix Online, Inc., Judge Noël Wise (N.D. Cal.) dismissed a putative privacy class action accusing adult retailer Romantix and its tech partners—Innov8, Google, and NextRoll of unlawfully intercepting user data through website trackers.
The ruling turned on a familiar problem for privacy plaintiffs: a failure to plausibly allege lack of consent.
Background
Plaintiffs Paul Perez and Bradley alleged that cookies and pixels on Romantix.com collected user data revealing sexual preferences and purchases, violating CIPA (§631), the Federal Wiretap Act, and related privacy laws.
Yet the site displayed a cookie banner stating: “By using [Romantix.com], you consent to all cookies in accordance with our Cookie Policy.”
A linked Privacy Policy expressly referenced Google Analytics. Plaintiffs nonetheless claimed they “reasonably believed” their information would remain private.
The Court’s Ruling
Judge Wise held the complaint failed to allege any facts showing non-consent, calling it a “simple but fatal flaw.”
Citing Silver v. Stripe Inc., 2021 WL 3191752, and Smith v. Facebook, Inc., 745 F. App’x 8 (9th Cir. 2018), the court reaffirmed that privacy policies and cookie notices can establish consent as a matter of law.
Because the plaintiffs relied on the Privacy Policy in their own pleading, their bare denial of consent was insufficient under Iqbal and Twombly. The court dismissed Counts I–IV (CIPA, Wiretap, and privacy claims) and Count VIII (negligence) the latter with prejudice.
UCL and Unjust Enrichment
The UCL claims (Counts V–VI) failed for lack of economic injury. Plaintiffs’ statement that they “would not have purchased” had they known about data tracking was deemed too conclusory, untethered to their experiences,” echoing Libman v. Apple, Inc., 2024 WL 4314791 (N.D. Cal. Sept. 26, 2024). Unjust enrichment (Count VII) was dismissed outright: California does not recognize it as a stand-alone cause of action (De Havilland v. FX Networks, LLC, 21 Cal. App. 5th 845 (2018)).
Key Takeaways:
- Consent remains the cornerstone: clear cookie banners and privacy policies continue to defeat CIPA and Wiretap claims.
- Bare denials don’t work: plaintiffs must allege how and why consent was lacking.
- Privacy ≠ economic injury: UCL standing requires real financial harm, not theoretical loss of privacy.
- California courts stay consistent: Perez fits the trend – dismissals where transparent consent mechanisms exist.
Bottom Line
The Northern District’s decision in Perez v. Romantix Online reinforces what privacy defendants have been arguing for years: you can’t plead around a cookie banner.
When a site provides visible consent prompts and a coherent Privacy Policy, courts are closing the door on CIPA and Wiretap Act claims at the pleading stage.
