California’s strict privacy laws, particularly the California Invasion of Privacy Act (CIPA), are fueling a surge in class action lawsuits against major companies over their use of online tracking technologies. In recent weeks, prominent brands including Estée Lauder, Nike, and Luxottica have been hit with proposed class actions in the Northern District of California, all alleging unlawful surveillance of website visitors’ personal data. Here’s a breakdown of these cases.
Estée Lauder
Estée Lauder Inc. has been sued by Taajudin Elmarouk, a California resident, who claims the beauty company “secretly deployed” Google and Facebook tracking software on its website without obtaining user consent. The complaint, filed in federal court, alleges Estée Lauder violated CIPA by using tracking technologies that allegedly function as illegal “pen registers” or “trap and trace devices.” Under California law, these tools are likened to surveillance devices and require explicit user permission or a court order.
The lawsuit seeks:
- Class certification for all California residents who visited the website;
- Statutory damages;
- Injunctive relief; and
- Attorney fees.
Significantly, the complaint notes this case is one of many targeting businesses over so-called “pixel trackers,” a trend rising amid concerns over opaque and challenging CIPA requirements, which even federal judges have called difficult to interpret.
Nike
Nike Inc. is the latest global brand facing a CIPA suit over online tracking. Plaintiff Saleha Abdullah filed a proposed class action claiming Nike’s website deploys tracking technologies from Google, Meta, and The Trade Desk without user consent, collecting:
- IP addresses;
- Browsing data; and
- Device information.
The complaint alleges these trackers serve as unlawful “pen registers” and “trap and trace devices,” just as in the Estée Lauder suit. It further claims Nike uses the acquired data for targeted advertising and real-time bidding, where user profiles are sold to advertisers behind the scenes.
The lawsuit seeks:
- Class certification on behalf of thousands of California users;
- Injunctive relief; and
- Statutory damages.
Additionally, the complaint describes pending state legislative efforts that could curb online tracker suits and echoes the critique from the bench that CIPA is difficult to interpret.
Luxottica
The eyewear giant Luxottica of America Inc. (which operates sites such as Oakley.com, LensCrafters.com, and Ray-Ban.com) is facing a class action alleging it continued tracking users via third-party cookies even after users opted out. Plaintiffs Brandon Moore, Daniel Aldana, and Hope Kambick allege Luxottica violated CIPA by allowing Google, Meta, and Adobe to collect personal browsing data in defiance of users’ explicit choices.
Lawsuit highlights include allegations of:
- Invasion of privacy;
- Unjust enrichment;
- Fraud and deceit; and
- Violations of CIPA’s wiretapping and pen-register provisions.
The suit aims to represent all California residents who rejected cookies but whose data was still collected. Plaintiffs are seeking:
- Statutory damages of at least $5,000 per violation;
- Compensatory and punitive damages;
- Restitution;
- Injunctive relief;
- Attorneys’ fees and costs; and
- Pre- and post-judgment interest.
These lawsuits reflect a growing trend of privacy litigation in California focused on the use of online tracking and data analytics tools. With federal judges expressing concerns about the complexity of CIPA and state legislators proposing changes, the legal landscape remains unsettled.
For businesses it is critical to audit and disclose all data collection and third-party integrations; providing explicit, informed user consent is more important than ever.
For consumers, expect more transparency and notices, but also more complex privacy landscapes until the law evolves or is clarified by the courts or legislature. As the outcomes of these cases unfold, any clarifications or amendments to CIPA will be closely watched by privacy advocates, technologists, and business leaders alike.