E-commerce and retailers faced a dynamic and challenging 2025, with significant developments across privacy, telemarketing, false advertising, and class action and mass-arbitration fronts. This year-end article distills some of the most important legal trends and updates, providing practical takeaways for e-commerce legal, privacy, and marketing teams. We recap the year’s key developments and highlight material updates. Looking ahead to 2026, we discuss continuing and emerging risks and compliance priorities to help you stay ahead of the curve.
Telemarketing: Quiet hours, post-McLaughlin patchwork, Texas SB 140, and opt-out risk
Plaintiffs filed an increasing number of “quiet hour” suits (see our guidance in Tick‑Tock, Don’t Get Caught: Navigating the TCPA’s Quiet Hours) targeting messages a few minutes outside the Federal Communication Commission’s (“FCC’s”) 8 a.m.–9 p.m. window, even when they were sent with the recipient’s prior express consent.
As 2025 progressed, we also saw divergent district court rulings in the wake of McLaughlin (see How McLaughlin is Reshaping the TCPA) on such fundamental questions as what constitutes a “call” or “telephone solicitation,” and how text messaging fits under Do-Not-Call provisions—creating a patchwork without appellate resolution. This patchwork creates uncertainty for businesses relying on short message service (“SMS”) and telemarketing.
Texas is the other headline. Effective September 1, 2025, Senate Bill 140 (“SB 140”) expanded the term “telephone solicitation” to cover text messages and similar electronic transmissions and introduced a direct private right under the Deceptive Trade Practices Act (“DTPA”). Since our June alert, several developments followed: In September, a group of plaintiffs filed a challenge to SB 140. In opposing the preliminary injunction, the Texas Attorney General raised procedural defenses but expressed that it does not interpret SB 140 or the relevant registration provisions to apply to consent‑based programs. The parties then jointly moved to dismiss the case without prejudice, each bearing its own costs. Shortly thereafter, the state posted a notice on its website FAQ advising that businesses that send text messages with prior consent are not required to complete the Telephone Solicitation Registration Statement. This notice is welcome and indicates the state’s current enforcement posture, but by its nature is non‑precedential. Accordingly, several private litigants (including notable serial filers) have continued to bring non‑registration claims.
As we explained in Stop Me If You’ve Heard: FCC Says Any Reasonable SMS Opt‑Out Counts, the FCC codified an “any reasonable means” revocation standard—meaning callers must honor revocation requests made in any reasonable form, not just via specific keywords or designated channels. That standard has started to fuel lawsuits alleging failures to recognize and process non‑standard opt‑out language (e.g., “Please cease”). Recently, the FCC sought comment on amending the rule to allow businesses to designate specific opt-out mechanisms. There is no timetable for an order, and litigation risk remains for opt‑out handling under the current reasonable‑means regime.
Mass arbitration: California’s 30‑day fee rule and Hohenshelt
California’s 30‑day arbitration‑fee statutes—Code of Civil Procedure sections 1281.97 and 1281.98—state that the drafting party in consumer and employment arbitrations must pay invoiced provider fees within 30 days. If payment is late, the drafting party may be in “material breach” and “in default,” and the claimant may withdraw from arbitration and proceed in court, with potential fee‑shifting and sanctions. We previously discussed a split that developed in the Courts of Appeal (see Pay or Lawsuit? The 30‑Day Countdown That’s Fueling Arbitration Disputes), which culminated in the Hohenshelt case in the California Supreme Court (see California Supreme Court Hears Oral Argument on 30-Day Arbitration Fee Rule: Key Takeaways from Hohenshelt).
In August, the Court rejected a hair‑trigger reading of the statute (see Rigid vs. Reasonable: Supreme Court Clarifies Arbitration Fee Payment Rules in California). The Court confirmed that honest mistakes, inadvertence, or other excusable neglect can be relieved, and that only willful, bad‑faith, or grossly negligent nonpayment results in forfeiture of the right to arbitrate. At the same time, strategic nonpayment could constitute a “material breach” that can trigger sanctions and a return to court. In practice, Hohenshelt reduces hair‑trigger waiver risk but does not eliminate mass‑arbitration exposure: businesses should still employ disciplined fee‑payment workflows and consider revising agreements to specify payment timelines, extension mechanics, and scalable administration.
CIPA and SB 690: Website Tracking Litigation Remains “Hot”
The summer got off to a promising start with Senate Bill 690 (“SB 690”). As we discussed in our June alert, the bill was intended to address an aggressive plaintiffs’ bar advancing meritless “pen register” and “trap and trace” theories under the California Invasion of Privacy Act (“CIPA”) against common website technologies (pixels, cookies, session replay, and chat tools), leveraging statutory damages of $5,000 per violation to drive mass filings and quick settlements. As passed by the Senate, SB 690 would (i) exempt from CIPA liability the interception/recording of communications when done for a commercial business purpose, (ii) clarify that devices or processes used consistent with a commercial business purpose are not “pen registers” or “trap and trace” devices, and (iii) specify that CIPA’s private right of action does not apply to the processing of personal information for a commercial business purpose—each provision designed to neutralize pen‑register/trap‑and‑trace and similar web‑tool theories in the ordinary ecommerce context.
Since then, however, momentum has slowed. First, legislators removed the bill’s retroactivity language that would have applied the reforms to cases pending as of January 1, 2026. Then, the bill stalled in the Assembly and will not move forward until 2026 at the earliest. With no immediate legislative fix, plaintiffs have continued to pursue CIPA theories against website tracking technologies, live‑chat tools, and call‑center solutions (see Ninth Circuit scrutiny of CIPA for website chat and analytics; Gutierrez v. Converse defense win ). Inconsistent court rulings, a select few plaintiff‑friendly decisions, and statutory damages exposure of $5,000 per violation has helped fuel, rather than slow, the momentum. We expect similar pen‑register/trap‑and‑trace and related CIPA claims to continue at pace in 2026.
Reference pricing and email marketing: Litigation Begins to Accelerate
As we discussed in Win Customers, Avoid Lawsuits: Minimizing Reference Price Litigation Risk, plaintiffs allege retailers inflate “original,” “compare at,” or MSRP prices, run perpetual or serial “limited‑time” promotions, and use urgency claims that suggest meaningful savings when the “sale” price is effectively the everyday price. Drawing on the Federal Trade Commission’s Guides Against Deceptive Pricing and state statutes (e.g., California’s FAL § 17501, UCL, and CLRA), complaints typically target phantom markdowns, ill‑founded list prices, and misaligned “was/now” comparisons. In 2025, we saw an increasing number of lawsuits filed—fueled by attorney advertising, template pleadings, and several eye‑catching settlements—and we expect an active 2026 docket.
In Retailers’ Alert: The New Wave of Email Marketing Lawsuits, we flagged the parallel risk in email marketing: plaintiffs—especially in Washington and California—are leveraging state anti‑spam statutes to challenge subject‑line urgency (e.g., “Ends Tonight,” “Today Only”), shifting deadlines, broad discount claims that mask exclusions, and header/traceability issues. These statutes can provide per‑email statutory damages and private rights of action, which has emboldened the plaintiffs’ bar and spawned a steady and growing stream of demand letters and lawsuits. The trend accelerated through late 2025 and is poised to continue in 2026.
Conclusion
The end of one year is a great time to reflect, and the start of a new year is the perfect moment to set concrete compliance resolutions. 2025 brought sustained litigation across telemarketing, privacy, pricing, and email marketing; 2026 could be even busier. Retailers should talk with counsel now and lock in a 2026 plan that aligns stakeholders, sequences fixes, assigns owners, and documents compliance.
Businesses are encouraged to review and update telemarketing and SMS consent and opt-out processes, review arbitration agreements and fee-payment workflows, assess website tracking technologies and privacy disclosures, scrutinize pricing and promotional practices, and ensure email marketing campaigns comply with state anti-spam laws.
