CIPA/ECPA Website-Tracking Privacy Litigation in 2026

Routine website instrumentation – pixels, session-replay tools, analytics SDKs, chat widgets, and ad-serving tags – is now a class-action target in multiple jurisdictions. What began as a wave of California-specific claims under the California Invasion of Privacy Act (CIPA) has matured into a multistate, multi-statute litigation campaign in which companies with ordinary AdTech stacks face statutory-damages exposure, expensive motion practice, and class certification risk. Marketing and IT teams are not equipped to manage this risk because it is now a legal problem, not a technical one.

As of April 2026, the center of gravity is still California, but plaintiffs are increasingly pairing or replacing CIPA claims with claims under the federal Electronic Communications Privacy Act (ECPA or the Wiretap Act), Florida’s Security of Communications Act (FSCA), Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (WESCA), and adjacent theories such as the Video Privacy Protection Act (VPPA), state privacy torts, and consumer-protection claims. These claims are not only brought by plaintiffs firms, such as Tauler Smith, Swigart Law Group, and Manning Law, they are also brought by a pro se plaintiffs like Vivek Shah who copy prior pleadings and file arbitration demands without notice. The result is a litigation environment in which ordinary website instrumentation can create outsized statutory-damages exposure, expensive motion practice, reputational risk, and business pressure to re-architect data flows.

CIPA and ECPA Claims

At a high level, these suits contend that a company allowed a third party (typically an analytics, advertising, or session-replay vendor) to intercept or receive a visitor’s communications with the company’s website or app without legally sufficient consent. Under the Wiretap Act, 18 U.S.C. § 2511  prohibits intentional interception, disclosure, or use of wire, oral, or electronic communications, subject to exceptions including consent and the party exception.

California’s statute is broader and more varied than many businesses initially appreciate. The provisions most commonly invoked in website-tracking suits are:

• Penal Code § 631, which targets wiretapping and unauthorized reading or learning of the contents of communications in transit; 
• § 632, which addresses recording of confidential communications; and
• Increasingly, § 638.51, California’s pen-register/trap-and-trace provision.

Civil plaintiffs typically sue through Penal Code § 637.2, which authorizes the greater of $5,000 per violation or treble actual damages, plus injunctive relief. That statutory menu explains why CIPA remains so attractive to plaintiffs. It offers a private right of action, potentially massive statutory damages, and fact patterns that are easy to plead at scale:

• A website had a pixel, chat widget, replay script, or analytics tool;
• The plaintiff visited the site; and 
• Information about the visit allegedly flowed to a third party.

By late 2025, CIPA litigation had escalated sharply, and hoped-for legislative fixes had stalled, leaving businesses exposed entering 2026.

What Plaintiffs Usually Claim

The standard plaintiff theory is no longer just “you recorded me.” It is usually some variation of the following:

First, the plaintiff alleges that their interaction with a website or app – clicks, keystrokes, search terms, form entries, login activity, appointment requests, checkout behavior, or chat communications – constituted a protected “communication.” Second, the plaintiff alleges that a third-party technology vendor simultaneously captured that communication or its contents. Third, the plaintiff alleges that the business either directly violated the statute or aided and abetted the third party’s interception. Fourth, the plaintiff alleges that notice buried in a privacy policy, cookie policy, or footer link was insufficient to establish valid consent.

The fact patterns most likely to draw suit are those involving sensitive or quasi-sensitive contexts: health systems, appointment scheduling, prescription or symptom pages, financial services, insurance, account logins, application portals, children’s services, and sites with robust AdTech stacks. Courts and commentators alike continue to note that cases become more dangerous when the alleged disclosure involves health, financial, or other sensitive personal information.

Why CIPA Has Been Such a Problematic Plaintiff Statute

CIPA has become the plaintiffs’ preferred statute because it combines old statutory language with modern technology and a private damages remedy. For years, plaintiffs pressed “wiretap” theories under § 631 against chat tools and session-replay vendors. More recently, as defendants developed stronger arguments around whether a vendor truly intercepted data “in transit,” plaintiffs expanded aggressively into § 638.51 pen-register theories, which avoid some of the doctrinal friction of classic interception analysis.

At the same time, California courts have not produced a uniform body of law. Some judges have been receptive to broad, internet-era readings of CIPA, especially at the pleadings stage; others have been more skeptical, particularly where the alleged data is limited to IP-address-like information or where the asserted privacy invasion looks untethered from the statute’s text and purpose. California federal courts have often allowed § 638.51 theories to proceed, while California state trial judges have more often read the pen-register provisions narrowly in website cases.

Common Defense Themes: 2025–2026

1. No interception “in transit”

One of the most meaningful defense developments is the renewed emphasis on whether the challenged technology actually acquires readable content while the communication is in transit. In one case, a California federal court granted summary judgment on a § 631 claim after concluding the session-replay vendor could not read the data in transit; rather, the data became intelligible only after transmission, storage, and reassembly. That decision has become a significant defense authority because it directly attacks the core interception element in classic website-wiretap cases. For defendants, this case matters beyond its facts. It supports a more technical, architecture-driven defense strategy: force the court to analyze when data becomes intelligible, whether the vendor is actually receiving contents versus telemetry, and whether the challenged tool is better characterized as post-transmission storage, analytics, or processing rather than contemporaneous interception.

2. Consent remains the single most important merits defense

Consent is still central, but courts are increasingly separating real consent from ornamental disclosure. A general privacy policy reference to analytics or sharing with service providers may not be enough if the challenged tool loads before the user has any meaningful opportunity to agree, or if the disclosure does not match the actual data flows. At the same time, some courts have dismissed claims where banner language, click flows, or the overall user experience was deemed sufficient to establish consent objectively. Pennsylvania courts, for example, have applied an objective consent framework in WESCA cases. The practical lesson is straightforward: consent must be technically sequenced and substantively accurate. Counsel should assume that a court will care not only about what the banner says, but whether the tag actually waited, whether the user had a real choice, and whether the site’s data-sharing description was specific enough to match reality.

Courts are now holding that contradictory statements in a privacy policy can defeat a consent defense even where the policy adequately discloses the challenged tracking technology in isolation. If a site’s privacy policy says “we do not sell your information” in one section and discloses third-party ad-network sharing in another, a court may conclude the overall consent mechanism was not sufficiently clear to be legally effective. Counsel reviewing consent flows should audit the entirety of the user-facing disclosure, not just the tracking-specific section.

3. Standing challenges

Standing remains a serious threshold defense, especially in federal court. In August 2025, the Ninth Circuit clarified the need for a concrete injury and has since been invoked by defendants in CIPA pen-register and related cases. Post August 2025, defendants have had some success arguing that vague allegations about unspecified metadata or generalized privacy concerns do not establish a sufficiently concrete injury for Article III standing. That said, this case is not a silver bullet. It is most useful where the complaint is abstract, the allegedly captured data is thin, or the plaintiff cannot tie the asserted invasion to a recognized privacy harm. It is less likely to end a case early where the complaint alleges actual form entries, medical scheduling details, login activity, or other concrete content disclosures.

4. Attack the “third party” characterization

A recurring defense position is that the vendor is not an outsider “listening in,” but an extension of the website operator providing a tool to enable the site’s own functionality or analytics. This “party” or “extension” framing has had mixed traction, but it remains important because many website suits rise or fall on whether the vendor is truly a separate interceptor or instead functions more like the business’s processor or agent. Courts continue to examine the vendor’s contractual rights, reuse rights, independent business purposes, and technical role.

5. Narrow construction of pen-register theories

Defendants continue to argue that CIPA’s pen-register and trap-and-trace provisions were aimed at law-enforcement-style routing capture, not ordinary web telemetry. This argument has found some traction, especially in California state court and in decisions emphasizing that IP-address collection is necessary to basic internet functionality or does not itself reflect the kind of privacy invasion the statute was designed to address.

A related defense, gaining traction in California state court, is that the website operator itself qualifies as an “electronic communication service provider” under CIPA § 638.50(b). If so, the § 638.51(b)(3) exception, which permits use of pen-register-like collection where necessary to operate, maintain, test, or protect the service, may apply to ordinary analytics and routing data. This argument has been embraced by at least one California trial court and provides a pathway to dismissal at the pleadings stage that does not depend entirely on the IP-address-only theory.

6. Arbitration, class waivers, and procedural pressure

Because these cases are often filed as putative class actions or mass demands, arbitration clauses and class-action waivers remain powerful structural defenses. They do not eliminate liability risk, but they can materially change exposure and settlement dynamics. The plaintiffs’ bar knows this, which is why many suits target contexts in which the plaintiff never clearly assented to terms or where assent is vulnerable.

The Rise of Federal ECPA Theories

For a period, many defendants hoped Wiretap Act claims would be easier to defeat because the statute includes a party/consent framework and because not every disclosure of web data constitutes a prohibited interception. But in 2025 and 2026, plaintiffs gained traction by invoking the federal statute’s crime-tort exception. Under 18 U.S.C. § 2511(2)(d), one-party consent does not immunize interception if it is undertaken for the purpose of committing a criminal or tortious act. Plaintiffs have argued that interception for the purpose of violating privacy laws, unfair competition laws, or common-law privacy rights falls within that exception.

Courts are divided on how demanding that exception is. Some decisions have been willing to infer the exception where the same conduct allegedly violated another privacy law; others require a more specific showing that the interceptor acted with a heightened criminal or tortious purpose, not merely a commercial objective. Recent case law confirms that some courts are dismissing ECPA claims for failure to plead the required purpose with sufficient specificity.

The central unresolved question in ECPA crime-tort litigation right now is the purpose element. Courts have split on at least two axes. First: does a purely commercial motivation foreclose the exception, on the theory that the defendant’s primary purpose was profit rather than tortious conduct? Some courts have said yes, at least at the pleadings stage; others have rejected that framing. Second: must the tortious purpose be the primary purpose of the interception, or is it enough that tortious conduct was an incidental or foreseeable consequence? Early 2026 decisions have addressed this issue with divergent reasoning, and defense counsel should not assume a single strong argument will end an ECPA crime-tort claim; the analysis is highly fact-specific and judge-dependent.

That means the Wiretap Act is now both a growth area and an unsettled one. It is not safe for defendants to treat ECPA as a weak add-on claim. In some jurisdictions and fact patterns, especially where plaintiffs allege sensitive-content capture, ECPA claims are surviving motions to dismiss and complicating defense strategy.

Beyond California: Other State Statutes Now in Play

Florida has become the most important non-California front.

The FSCA requires all parties’ consent for certain interceptions and provides liquidated damages up to $1,000 per violation. Florida has become an increasingly active forum for website-tracking claims, and there is also a growing volume of Florida small-claims filings using the same basic template seen in California demand campaigns. For national companies, Florida is especially important because plaintiffs can pair an all-party-consent statute with sensitive factual allegations involving prescriptions, pet medications, appointment pages, or e-commerce browsing. As a result, companies that designed consent flows with only California in mind are often under-calibrated for Florida risk.

Pennsylvania’s WESCA is also seeing website-tracking claims.

It is an all-party-consent statute, and Pennsylvania courts have treated consent as an objective question. Some recent cases have dismissed WESCA claims where the pleadings were too conclusory or the disclosures were stronger, but that should not be read as broad immunity; it means plaintiffs must plead the interception theory with more specificity. A March 2026 federal decision dismissing claims against Penn Highlands Healthcare emphasized the plaintiffs’ burden to plausibly allege that their communications were actually intercepted.

Massachusetts has taken a somewhat different path.

In 2024, the Massachusetts high court significantly constrained website wiretap theories under the state wiretap statute by focusing on the statute’s reach to communications rather than ordinary web browsing. Even so, Massachusetts litigation has not disappeared; plaintiffs continue to pursue other theories, including the state privacy statute, especially in healthcare contexts. On April 6, 2026, the First Circuit heard argument in a case raising the question of whether website operators face wiretapping liability for use of data-tracking tools under the crime-tort exception to ECPA's party consent rule. A decision is pending and is expected to be among the most significant First Circuit rulings on online wiretap liability in recent years. Counsel with Massachusetts exposure should monitor closely.

Other emerging states: llinois, Maryland, and Washington maintain all-party-consent or similar wiretap statutes that the plaintiffs’ bar has begun to test.

These fronts are less developed than Florida or Pennsylvania as of mid-2026, but companies with significant user populations in those states should treat them as emerging risk vectors, particularly in healthcare, financial services, and e-commerce contexts where the fact patterns map cleanly onto existing CIPA-style theories.

The Newer Plaintiff Theories Beyond Classic CIPA/ECPA

The most important development is that plaintiffs are no longer relying on just one statute. They are building layered pleadings.

• Pen-register/trap-and-trace theory under CIPA § 638.51. Plaintiffs increasingly argue that pixels, SDKs, and related tools capture addressing, routing, or signaling information akin to a pen register. By late 2025 and early 2026, courts had reached inconsistent results, with some permitting claims to proceed and others rejecting the analogy, especially where the alleged capture was limited to IP addresses or routine routing information.
• Federal ECPA crime-tort theory (discussed above). This has allowed plaintiffs to argue that even if a business is a party to the communication, the interception is still actionable because it was undertaken in furtherance of an independently tortious privacy violation. That theory is generating motion-to-dismiss splits nationwide.
• Claims adjacent to wiretap law rather than within it. In health, media, and content businesses, plaintiffs often add VPPA claims or state privacy-tort claims. VPPA remains a live threat where a site or service can be characterized as a “video tape service provider” and the challenged disclosure ties a specific user to video-viewing behavior. Recent federal decisions continue to diverge on VPPA pixel claims, and courts are now also split on what qualifies as a "video tape service provider" for streaming and health-content sites, generating significant motion-to-dismiss divergence. Media, streaming, publisher, education, and health-content sites cannot ignore this theory.
• Common-law and statutory privacy claims: intrusion upon seclusion, invasion of privacy, unjust enrichment, or state consumer-protection statutes. These claims are often less dramatic than CIPA on damages, but they can preserve a case even where the wiretap theory fails. Massachusetts litigation, for example, shows plaintiffs pivoting to the state privacy statute even after setbacks under the wiretap law itself.
• CCPA as a parallel theory. In 2025, at least one federal court allowed CCPA claims to proceed alongside CIPA and ECPA theories where a plaintiff alleged that embedded third-party trackers transmitted personal information without authorization. The court’s analysis treated the deployment of Google and Microsoft tracking pixels on a financial services site as a potential unauthorized disclosure triggering CCPA liability – not a breach in the traditional exfiltration sense, but a business-practice-level violation. For California-based companies or those with substantial California user bases, the CCPA now needs to be part of the risk framework for routine website instrumentation, particularly where the alleged disclosure involves personal information as broadly defined under that statute.

What Clients Should Actually Do About It

The correct response is not “remove every tag tomorrow.” It is to treat website instrumentation as a litigation-risk domain requiring legal, technical, and contractual controls.

Conduct a real tracking-tech audit with privacy counsel.

This means generating an actual inventory of every pixel, SDK, analytics tag, session-replay tool, chatbot, and ad-serving integration deployed across the website and app estate – not just a list from the marketing team’s recollection. The audit should map each tool to the data it collects, where that data goes, whether the vendor has independent reuse or monetization rights, and how long the data is retained. Counsel should drive this process because the output is likely privileged and may become the foundation for a litigation hold or a defense narrative.

Segment by risk.

Not all tools carry the same exposure. A first-party analytics platform with no independent data rights looks very different from a third-party session-replay vendor that retains keystroke data or a social-media pixel that ties visitor behavior to an identifiable profile. Sensitive-context pages like appointment scheduling, health symptom searches, login portals, prescription lookups, and financial account pages carry materially higher litigation risk and should be treated as a separate tier requiring stricter controls or outright tool removal.

Align consent with actual firing logic.

A consent banner is only as good as the tag manager logic that enforces it. Courts now look past the banner to whether tags actually waited, whether the user had a meaningful choice, and whether the site’s description of data sharing matched what the tools actually did in the session. Counsel should request technical confirmation, verified by its web team and not just the vendor, that consent-required categories do not fire before or absent a positive consent signal.

Clean up sensitive pages.

At minimum, configure tools so that health, financial, and other high-sensitivity pages are excluded from session replay, retargeting pixels, and third-party analytics. Page-level exclusions are a standard feature of most major tag management platforms and represent a straightforward risk-reduction step with no meaningful business cost.

Tighten vendor contracts.

Review data processing agreements for language around vendor reuse rights, independent monetization, sub-processor disclosures, and data deletion. A vendor that has independent rights to use, aggregate, or monetize visitor data is a stronger “third-party interceptor” under both CIPA and ECPA theories than a vendor that processes data solely as a service provider. Contractual constraints on reuse reduce both litigation risk and the credibility of an adverse interception argument. Counsel should also ensure the contract clearly states that the vendor acts solely on the company's behalf, may not use the data for its own advertising, analytics, product improvement, or model-training purposes except as expressly authorized, and must delete or return data at termination. Those restrictions help both substantively and rhetorically when rebutting the claim that the vendor functioned as an independent interceptor.

Review arbitration strategy with privacy counsel.

Arbitration clauses and class-action waivers do not eliminate CIPA or ECPA exposure, but they can fundamentally reshape litigation economics. Plaintiffs’ firms bring these cases at scale in part because class certification converts individual $5,000 CIPA claims into eight-figure exposure. If the company’s terms of service are enforceable and contain a class waiver, that changes settlement leverage significantly. Conversely, a terms-of-service assent process that is technically vulnerable invites challenge and can make the consent defense worse, not better.

Prepare a litigation playbook with privacy counsel.

Given the volume of demand letters and class filings in this space, companies that have not thought through their initial response before a letter arrives are at a disadvantage. The playbook should address: litigation hold procedures, initial assessment criteria, demand-letter response protocol, privilege preservation for post-incident investigation, and a pre-authorized list of outside counsel contacts. Once a demand letter or complaint is received, remediation should be sequenced carefully. Turning off a tag immediately may be operationally sensible, but counsel should first ensure preservation of relevant configuration data, tag-manager settings, consent logs, vendor contracts, implementation records, and page-level firing logic. In these cases, the defense often depends on reconstructing exactly what fired, when it fired, what data fields were transmitted, and whether any consent signal existed at that moment.

Operationalizing the Framework: Immediate Organizational Actions

The seven steps above describe the proper strategic posture. Translating them into organizational action requires assigning ownership across functions that do not always coordinate on legal risk. The following actions can and should be initiated by legal, compliance, or privacy leadership without waiting for outside counsel engagement on every point.

Assign a cross-functional tracking-tech owner.

Website instrumentation is almost always a shared-custody problem: Marketing owns the business rationale for the tools; IT or engineering controls deployment; and legal owns the compliance posture. In most organizations, no single function has full visibility into all three. Designating a cross-functional lead, or at minimum a standing working group with representatives from legal, marketing, and technology, closes the information gap that plaintiffs routinely exploit. That group's first deliverable should be a complete, current inventory of every third-party tag, pixel, SDK, and analytics integration deployed across the company's web and mobile properties, with documentation of each tool's data destination, the vendor's independent reuse rights, and the applicable contract terms.

Commission a technical consent audit, not just a policy review.

Outside privacy counsel can, and should, review your privacy policy and banner language. Your web team can tell you if the technology is aligned with these policy reviews: whether the tags actually wait. Direct your technology team to run a network traffic analysis of your consent flow using standard browser developer tools, and document what fires before a user interacts with the consent interface. If third-party tags initialize before consent is captured, that is a configuration defect – not a drafting problem – and it is fixable at the technical level without extensive legal engagement. The audit output should be documented and dated, because it will matter both as a remediation record and, if litigation follows, as evidence of a good-faith compliance effort.

Treat sensitive-context pages as a distinct risk tier.

Empower your technology team to implement page-level tag exclusions on any page that touches health information, financial account data, prescription or symptom content, login credentials, appointment scheduling, or content directed at minors. This does not require a policy decision on every vendor relationship. It requires a configuration decision: those tools should not fire on those pages. Most enterprise tag management platforms support this natively. The cost is low; the litigation exposure reduction is material. Legal should confirm the list of pages that qualify, and technology should implement and document the exclusions.

Conduct a focused review of vendor data rights.

Legal counsel should pull the current data processing agreements for the company's highest-risk tracking vendors and flag any contractual language granting the vendor independent rights to use, aggregate, model-train on, or monetize visitor data for purposes beyond the company's own analytics. That language is precisely what plaintiffs use to characterize a vendor as a third-party interceptor rather than a service provider. This review does not require renegotiating every agreement immediately, but it should produce a prioritized list for outside counsel attention and inform near-term contract renewal positions.

Build a litigation-ready documentation posture now.

The defense of a website-tracking suit depends on the ability to reconstruct, often months or years after the fact, exactly what was happening on the site at the time of the alleged interception: which tags were firing, what the consent flow looked like, what the vendor contract said, and what disclosures were in place. Most organizations lack a systematic practice for preserving that information. Legal or compliance should implement a periodic snapshot protocol: dated exports of tag manager container configurations, versioned copies of privacy notices and consent banner language, and archived data processing agreements. This is a document-retention and records-management function that can be operationalized without outside counsel and that will be worth considerably more than its cost if a demand letter arrives.

Establish a pre-authorized demand-response protocol.

Demand letters in this space frequently carry short response windows and are designed to force rapid settlement decisions before the recipient has assembled the relevant facts. Before a letter arrives, legal leadership should designate an internal response lead, identify who is responsible for pulling tag configuration records and vendor contracts on short notice, confirm outside counsel contacts for immediate engagement, and document the protocol in writing. Companies that have not done this before a demand arrives are consistently at a disadvantage in the early stages of these matters.

The Biggest Mistakes Companies Still Make

The first mistake is relying on a privacy policy alone, especially if that privacy policy was not drafted by privacy counsel. Privacy policies matter, but they are not a substitute for technically enforced consent or page-level configuration. Plaintiffs routinely allege that the disclosures were too general, too late, or contradicted by how the site actually behaved. 

The second mistake is assuming all vendors are alike. A first-party analytics setup, a session-replay tool, a live-chat vendor, a social-media pixel, and a retargeting SDK create very different litigation profiles. Courts look at the particulars. Counsel should too.

Another is over-focusing on California. As of April 2026, a national company should expect plaintiffs to test Florida, Pennsylvania, Massachusetts, and federal ECPA theories wherever the facts allow. The litigation playbook is now multistate.

Finally, companies should not underestimate healthcare and quasi-health contexts. The closer the alleged disclosure gets to appointment scheduling, patient portals, prescriptions, symptom pages, provider searches, or treatment content, the harder it becomes to frame the matter as harmless analytics.

Where The Law Stands Today

As of today, there is still no single defense-side rule that reliably defeats website-tracking suits at the pleadings stage. The current law is best described as fragmented, technology-specific, and jurisdiction-dependent. Three propositions, however, are increasingly clear.

As of today, there is still no single defense-side rule that reliably defeats website-tracking suits at the pleadings stage. The current law is best described as fragmented, technology-specific, and jurisdiction-dependent. Three propositions, however, are increasingly clear.

• Classic CIPA § 631 claims are vulnerable where defendants can show there was no interception of intelligible content in transit.
• CIPA § 638.51 pen-register claims remain very much alive, even though courts are split on their ultimate viability. Defendants should not assume that because one judge rejected an IP-address theory, another will do the same.
• Federal and multistate copycat theories are no longer peripheral. ECPA crime-tort claims are maturing, Florida is an increasingly important battleground, Pennsylvania remains in play, and Massachusetts continues to generate consequential rulings and appeals.
• Consent built for one statute will not necessarily satisfy another. The California, Florida, Pennsylvania, and ECPA consent frameworks differ in material ways: what triggers the requirement, what counts as adequate notice, whether objective or subjective intent governs, and whether pre-load firing is permissible. A company that designed its consent flow in 2022 with California as the sole reference state is likely under-compliant for the current multistate environment. Compliance requires jurisdiction-specific analysis, not a single banner.

Key Takeaways

The core lesson for clients is not that every pixel or analytics tag is unlawful. It is that legacy wiretap statutes are now being used aggressively to police modern digital tracking, and courts are sorting those theories in uneven, fact-intensive ways. Companies that still treat website tracking as a pure marketing issue are materially underestimating the litigation risk. The stronger approach in 2026 is to treat tracking technologies as regulated data infrastructure: inventory them, classify them, constrain them, document consent, rework sensitive pages, and make sure the legal disclosures match the technical reality. That is now the difference between a manageable audit issue and a class-action problem.

Damages Exposure by Statute

• CIPA § 637.2: $5,000 per violation or treble actual damages, plus injunctive relief
• CIPA § 638.51: $2,500 per violation
• ECPA (Wiretap Act): $10,000 or actual damages, whichever is greater
• FSCA (Florida): Up to $1,000 per violation
• WESCA (Pennsylvania): Actual damages, punitive damages up to $100 per day or $1,000 (whichever is greater), plus attorney’s fees. See 18 Pa. C.S. § 5725.

©2026 Barnes & Thornburg LLP. All Rights Reserved. This page, and all information on it, is proprietary and the property of Barnes & Thornburg LLP. It may not be reproduced, in any form, without the express written consent of Barnes & Thornburg LLP.

This Barnes & Thornburg LLP publication should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own lawyer on any specific legal questions you may have concerning your situation.