Website Tracking Lawsuits & Enforcement Actions
The same tools businesses use for advertising — Meta Pixel, Google Analytics, session replay, chat widgets, and form scripts — have already triggered settlements, FTC enforcement, and privacy class actions.
Why This Matters
Even where the law is unsettled, plaintiffs, regulators, and insurers are now asking the same basic question: did you know what your website was sending to third parties, and can you prove you controlled it?
Advocate Aurora Health Pixel Lawsuit
Advocate Aurora Health agreed to a proposed $12.225 million settlement in consolidated litigation alleging that tracking technologies on its website disclosed patient data to Meta and Google without proper authorization.
Novant Health Meta Pixel Case
Novant Health reached a preliminary settlement resolving class action claims that Meta Pixel on its website and patient portal transmitted patient information to Meta without authorization.
Mass General Brigham Cookie & Pixel Case
Mass General Brigham agreed to an $18.4 million settlement in litigation alleging that cookies, tracking pixels, analytics tools, and similar technologies were deployed on its website without obtaining visitor consent.
GoodRx FTC Enforcement Action
The FTC took enforcement action against GoodRx for sharing sensitive health information with advertising platforms. GoodRx agreed to a $1.5 million civil penalty and restrictions on sharing health data for advertising purposes.
BetterHelp FTC Action
The FTC finalized an order banning BetterHelp from sharing sensitive health data for advertising purposes and requiring a $7.8 million payment to consumers.
Cerebral FTC Action
The FTC proposed an order that would prohibit telehealth company Cerebral from using or disclosing sensitive data for advertising purposes and require a $7 million payment.
In re Meta Pixel Healthcare Litigation
This is the consolidated multidistrict litigation encompassing numerous claims that Meta Pixel on hospital and health system websites transmitted patient data — including portal interactions, appointment details, and registration information — to Meta.
Javier v. Assurance IQ (Ninth Circuit)
The Ninth Circuit held that the California Invasion of Privacy Act requires prior consent for recording communications, and that retroactive consent was not sufficient. The case involved alleged session-replay recording of website visitors.
Popa v. Harriet Carter Gifts (Third Circuit)
The Third Circuit allowed claims to proceed involving third-party session tracking under Pennsylvania's wiretap law, expanding potential liability for session replay and behavioral tracking tools.
Camplisson v. Adidas (CIPA Pen-Register)
In 2026 coverage, the court allowed CIPA pen-register claims tied to tracking pixels to proceed, rejecting arguments that weak browsewrap consent was sufficient.
Tax Prep Meta Pixel Investigation
A congressional report found that tax preparation companies shared taxpayers' sensitive financial data with Meta and Google through tracking pixels embedded on their websites. Lawmakers later urged the Department of Justice to take action.