Session Replay Tools Are the Next CIPA Wave on WooCommerce
About 1,500 CIPA lawsuits were filed in the 18 months before August 2025, with automated scanners from Kind Law and Swigart Law cataloguing pre-consent tracker fires at industrial scale. Session replay tools — Hotjar, Microsoft Clarity, FullStory, Lucky Orange, Inspectlet — are the next wave after Meta Pixel, and the case law is genuinely split: Saleh v. Nike survived dismissal, Graham v. Noom came out the other way, and Camplisson v. Adidas survived under the §638.51 pen-register theory in November 2025. No consent banner alone is a reliable defence. The architectural answer: consent-gate the script, never record checkout or logged-in pages, and move behavioural signals server-side where the third-party-eavesdropper theory does not apply.