CIPA & Pixel Litigation

Meta’s Engage-Through Window Is Toggleable — Most WooCommerce Stores Don’t Know

by

In March 2026, Meta redefined click-through attribution to include only link clicks — moving likes, saves, shares and video views into a new engage-through bucket with a fixed 1-day window. Reported click-through conversions dropped 15–40% overnight across WooCommerce stores. The engage-through window is toggleable (advertisers can turn it off or leave it at 1-day), but most stores haven’t adjusted it. For WooCommerce operators running CAPI, the fix is server-side event deduplication with proper event_id matching and optimising toward purchase signals within the tighter 24-hour engagement window.

Meta Pixel Is a $5,000-Per-Fire CIPA Lawsuit Risk for WooCommerce Stores

by

Plaintiffs’ firms argue that every Meta Pixel fire on a California visitor before consent is a potential $5,000 violation under CIPA Section 631. 1,500 CIPA lawsuits were filed in the 18 months before August 2025, and automated scanners from Kind Law and Swigart Law catalog pre-consent pixel fires at scale. Consent banners are a procedural defense that scanners are built to defeat. Delivering Meta events server-side via the Conversions API — with no client-side third-party script loading — is a structural defense, because the real-time-interception element of Section 631 cannot be alleged without a browser-based third-party transmission.

Your Tracking Pixels May Be a Lawsuit: CCPA, VCDPA, and the US Privacy Risk Most WooCommerce Stores Are Ignoring

by

The letter arrived without warning. A California plaintiff’s attorney, citing the California Invasion of Privacy Act. The WooCommerce store had installed Google Analytics and Meta Pixel the normal way — through a plugin, in ten minutes — and had never considered that those pixels might constitute wiretapping under California law. CIPA litigation against websites using … Read more

Your Facebook Pixel Could Get You Sued

by

Over 1,500 CIPA lawsuits were filed against website owners in just 18 months. Most of the defendants had no idea their standard marketing setup carried legal risk. They were running the same Meta Pixel, TikTok Pixel, and Microsoft Clarity tags that millions of WordPress stores install in minutes—and California plaintiffs’ attorneys argued every one of … Read more

Your GTM Container Is an Open Door for Payment Skimmers

by

165,000 shoppers had their payment card details stolen—not through a database breach, not through a phishing attack, but through a tool that looked exactly like legitimate analytics code. Google Tag Manager containers on WooCommerce checkout pages were weaponised with Magecart-style skimming scripts, silently harvesting card numbers, expiry dates, and CVVs. According to Recorded Future’s Insinkt … Read more

Microsoft Clarity Is Free. It Could Cost You $5,000 Per User.

by

If you installed Microsoft Clarity on your WooCommerce store for the free heatmaps, you’re in good company. Over 5 million websites use it. But courts are now applying California’s wiretapping law—CIPA—to session replay tools, and the math is severe: $5,000 per violation per consumer, with no cap on class size (California Penal Code § 630, … Read more

Your Meta Pixel Is Evidence in a CIPA Wiretapping Lawsuit

by

A wave of lawsuits under California’s 1967 Invasion of Privacy Act (CIPA) is targeting websites running Meta Pixel, GA4, and TikTok Pixel as illegal wiretapping devices. Over 2,797 digital tracking lawsuits have been filed in the US, with statutory damages of $5,000 per violation (Eckert Seamans, 2025). Courts are split—the November 2025 Camplisson v. Adidas decision survived dismissal, creating maximum legal uncertainty. WooCommerce store owners with California visitors face class action exposure. Server-side tracking through first-party infrastructure reduces CIPA risk by processing data on your own server rather than transmitting it to third parties in the browser.