The Collapse of Capability Theory: Ambriz, Popa, and the Future of Article III Standing in AI Privacy Cases | Student Journal of Information Privacy Law

The Collapse of Capability Theory: Ambriz, Popa, and the Future of Article III Standing in AI Privacy Cases

Caroline Aiello

Introduction

In February 2025, the Northern District of California denied Google’s motion to dismiss in a class action lawsuit that claimed Google’s artificial intelligence (“AI”) tools violated the California Invasion of Privacy Act (“CIPA”) by transcribing phone calls of users.^[1] The court in this case, Ambriz v. Google, ruled that Google’s technical “capability” to use customer call data to train its AI models was enough to state a claim under California’s Invasion of Privacy Act, regardless of whether or not Google actually exploited that data.^[2] Six months later, the Ninth Circuit took the opposite approach. The later ruling in Popa v. Microsoft held that routine website tracking did not constitute actual harm and the claims were dismissed for lack of Article III standing before reaching the merits.^[3]

These two decisions present privacy law with incompatible standards. Ambriz asks what a technology could do with personal data and finds liability in that potential. Popa demands proof of what a technology actually did and requires concrete injury beyond the action itself. The collision between the two theories is inevitable. When a plaintiff sues an AI company under Ambriz’s capability theory, alleging that the defendant’s system has the technical ability to misuse data, and the defendant responds with a Popa-based standing challenge, the courts will face an impossible choice. The capability to cause harm is not the same as harm itself, and if capability cannot satisfy Article III’s concrete injury requirement, then Ambriz’s approach becomes constitutionally unenforceable in federal court. While Popa has not technically overruled Ambriz, the Ninth Circuit will inevitably need to choose which standard to adopt.

Background: wiretapping class actions

Plaintiff’s privacy litigation in the United States is still developing, but key patterns have emerged in the past few years. Often, plaintiffs are suing for damages under anti-wiretapping statutes, alleging that companies are violating these laws by surreptitiously tracking user activity across the internet.^[4] Anti-wiretapping laws date back to the 1930’s, and have evolved throughout the decades. Now, there are laws in every state and at the federal level prohibiting wiretapping in some form.^[5] Often targeted by claims under these laws are technologies like website pixels, cookies, session-replay, and chatbots, that observe and record detailed user data.^[6] Despite long-standing laws against communication interception and technological eavesdropping, these cases have been met with substantial challenges.

Article III standing, and the establishment of harm in privacy litigation has historically been an obstacle for plaintiffs. Spokeo v. Robins, a foundational case in privacy litigation, originated in the Ninth Circuit and escalated to the Supreme Court, where the Court’s decision restricted the ability of plaintiffs to bring wiretapping claims in federal court unless “concrete and particularized” injury occurred beyond merely mishandling or misrepresenting personal information.^[7] The Court extended this reasoning in Transunion v. Ramirez. In that case, the Court held that only class members who were concretely harmed could seek damages in a class action, whittling the number of eligible class members by over 6,000.^[8] However, not every wiretapping class action has been unsuccessful. In 2024, a CIPA case against Oracle settled for over $100 million, one of the largest privacy settlements to date, not involving a data breach.^[9] As a result of this settlement, Oracle shuttered its ad-tech business and stepped away from the advertising industry entirely.^[10] Class actions under wiretapping statutes remain costly for companies, while the standards for succeeding on a claim are being debated nationwide.

Ambriz v. Google

As courts try to determine how to interpret statutes to meet contemporary challenges, lawsuits continue. In Ambriz, the plaintiff class brought a lawsuit against Google for their deployment of AI-powered call transcriptions embedded in customer service centers of other companies.^[11] These companies were using the Google Cloud Contact Center AI (GCCCAI) to manage and transcribe phone calls by customers, sometimes providing suggestions and help to the human agent handling the call.^[12] Google is not a tool, plaintiffs claimed, but a third party using GCCCAI to “eavesdrop upon and record a conversation to which it is not a party.”^[13] Google defended their actions, arguing that their technology is “the modern equivalent of a tape recorder,” and supplying this tool did not violate California law.^[14]

The court sided with the plaintiffs, finding that GCCCAI was a party to the communication under the statute, because the software was capable of recording conversations on behalf of a third party, Google.^[15] Using this “capability test,” the Court extended their reasoning from Javier v. Assurance IQ, LLC.^[16]

Popa v. Microsoft

In August 2025, six months after the Ambriz decision, the Ninth Circuit tipped the scales in the opposite direction. The plaintiffs in Popa v. Microsoft had similar claims to Ambriz, alleging that Microsoft used session replay technology known as “Clarity” to violate Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (“WESCA”).^[17] The Court disagreed, noting that “Popa identifies no embarrassing, invasive, or otherwise private information collected by Clarity,” analogizing the session replay technology to a store clerk observing customers to assess their shopping experience.^[18] They rejected the argument that standing was met merely by violation of the statute, and reiterated the requirement from Spokeo and Transunion that an injury-in-fact analysis must be individualized.^[19]

While the court does not explicitly reject the “capability test” used in Ambriz, it clearly takes the approach that the harm must actually occur, not just that a harm could occur.

Impact on pending and future litigation

Ambriz and Popa address different requirements for bringing a federal claim. Ambriz addresses the standard for surviving a 12(b)(6) motion to dismiss, and Popa deals with a 12(b)(1) motion to dismiss. As long as the defendants do not bring a pre-answer Rule 12 motion, moving for dismissal for failure to state a claim may be brought later in the litigation proceedings.^[20] As well, the right to challenge subject matter jurisdiction is never waived under the federal rules.^[21] For pending litigation, the reasoning in Popa could deal a fatal blow to plaintiffs’ cases relying on the “capability test.” Following Ambriz‘s February 2025 success in surviving Google’s motion to dismiss, plaintiffs’ firms have filed over a dozen similar cases targeting AI call center tools.^[22] Defendants in these cases will now lead with standing challenges, arguing that the mere capability to misuse data cannot satisfy Article III’s concrete injury requirement when Popa held that routine tracking without collection of “embarrassing, invasive, or otherwise private information” fails to establish standing.

Ambriz v. Google may also see a reverse in trajectory. Considering the Popa ruling, Google can, and likely will, appeal the order denying their motion to dismiss, based on the subject-matter jurisdiction challenge to the case’s survival, despite the plaintiffs’ successful statement of a claim under CIPA. If the court finds no meaningful distinction between session-replay and call transcription technology, the capability test dies, taking with it the current wave of AI wiretapping claims. Even if Ambriz survives through careful line-drawing based on phone call privacy or active deception, the ruling will be limited to its facts. Cases that previously survived 12(b)(1) or were dismissed on other grounds pre-Popa are now being dismissed under the new precedent or face even greater standing challenges than before.^[23]

Conclusion

Three distinct paths forward emerge from the current landscape. First, the Ninth Circuit could broadly apply Popa‘s standing framework to reverse Ambriz, holding that capability without concrete harm cannot satisfy Article III regardless of the technology involved. This would end capability-based theories in federal court. Second, courts could craft narrow distinctions that preserve Ambriz within carefully defined boundaries, treating phone call interception as different from website tracking based on historical privacy expectations. A final possibility is an emerging circuit split that would push these questions toward Supreme Court review. The outcome of these questions will be years in the making, but upcoming activity in Ambriz, and other cases relying on this ruling may give us a sense of the direction that the Ninth Circuit, and the national landscape is headed.

^[1] Order Denying Motion to Dismiss at 1, Ambriz v. Google, LLC, No. 5:23-cv-05437 (N.D. Cal. Feb. 10, 2025).

^[2] Id. at 5-6

^[3] Popa v. Microsoft Corp., No. 24-14, slip op. at 2 (9th Cir. Aug. 26, 2025).

^[4] Javier v. Assurance IQ, LLC, No. 21-16351, 2022 WL 1744107 (9th Cir. May 31, 2022); Saleh v. Nike, Inc., 562 F. Supp. 3d 503 (C.D. Cal. 2021); Greenley v. Kochava, Inc., 684 F.Supp.3d 1024 (S.D. Cal. 2023).

^[5] See generally Matthiesen, Wickert & Lehrer, S.C., Recording Conversations in All 50 States: Laws on Recording Conversations in All 50 States Chart, https://www.mwl-law.com/wp-content/uploads/2018/02/RECORDING-CONVERSATIONS-CHART.pdf, (last updated Feb. 14, 2022) (detailing wiretapping laws in every jurisdiction).

^[6] E.g. Javier, supra, note 4.

^[7] Spokeo, Inc, v. Robins, 578 U.S. 330, 334 (2016).

^[8] Transunion, LLC. v Ramirez, 594 U.S. 413, 417 (2021).

^[9] Luis Rijo, Oracle’s $115 Million Privacy Settlement: What Consumers Need to Know, PPC Land (Sept. 2, 2024), https://ppc.land/oracles-115-million-privacy-settlement-what-consumers-need-to-know/.

^[10] Id.

^[11] First Amended Class Action Complaint at 10, Ambriz v. Google, LLC, No. 3:23-CV-05437-RFL (N.D. Cal. Sept. 22, 2024).

^[12] Id.

^[13] Id.

^[14] Google LLC’s Motion to Dismiss Plaintiffs’ Complaint for Failure to State a Claim (Fed. R. Civ. P. 12(b)(6)) at 1, Ambriz v. Google, LLC, No. 3:23-CV-05437 RFL, (N.D. Cal. Jan. 16, 2024).

^[15] Mark David McPherson, W. Kyle Tayman, Collin Grier & Reema Moussa, AI Voice Products Subject to California Invasion of Privacy Claims, Goodwin Law Alert (Feb. 26, 2025), https://www.goodwinlaw.com/en/insights/publications/2025/02/alerts-practices-dpc-ftec-ai-voice-products-subject-to-california-invasion-of-privacy-claims.

^[16] “The Javier court found that ActiveProspect was a third-party based on its capability to use user data to its benefit, regardless of whether or not it actually did so.” Order Denying Defendant’s Motion to Dismiss at 6, Ambriz v. Google, LLC, No. 3:23-CV-05437 RFL, (N.D. Cal. Feb. 10, 2025).

^[17] Popa v. Microsoft Corp., No. 24-14, 2025 WL 2448824, at *6 (9th Cir. Aug. 26, 2025).

^[18] Id. at 14.

^[19] Id. at 15-16

^[20] Fed. R. Civ. P. 12(h)(2).

^[21] Fed. R. Civ. P. 12(h)(3).

^[22] Caitlin F. Saladrigas & William F. Farley, Up Next in Privacy Litigation: Class Actions Begin to Target Consumer-Facing Companies Using Generative AI Tools, Holland & Knight Cybersecurity & Privacy Blog (July 15, 2025), https://www.hklaw.com/en/insights/publications/2025/07/up-next-in-privacy-litigation-class-actions-begin-to-target.

^[23] Wentao Yang, Matthew Verdin & Kathryn Cahoy, Court Applies Popa to Dismiss CIPA Pen-Register Claim for Lack of Article III Standing, Inside Privacy (Oct. 23, 2025), https://www.insideprivacy.com/data-privacy/court-applies-popa-to-dismiss-cipa-pen-register-claim-for-lack-of-article-iii-standing/.