Blog

TikTok faces latest class action over pixel tracking

Julie Rubash, Chief Privacy Counsel
June 5, 2023

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

United States


Texas Privacy Bill Sent to Governor

Texas HB 4, implementing the Texas Data Privacy and Security Act, was unanimously passed by both chambers, sending the bill to the Governor for signature.

TAKEAWAY

The Texas bill borrows several elements from existing privacy laws and also contains some unique elements.

For example, requirements for sensitive data are dictated based on the size of the company: large companies must obtain opt-in consent for all processing of sensitive data, while small companies must only obtain consent for the sale of sensitive data.

The Texas bill also requires specific language (“NOTICE: we may sell your [sensitive personal data / biometric personal data]”) be disclosed with the privacy notice, where applicable.

Finally, although opt-out preference signals must be recognized under the bill, Texas includes some exceptions absent in the other laws, including if a company “does not possess the ability to process the request”. Texas would be the fifth state (after California, Colorado, Connecticut and Montana) to require such recognition of opt-out preference signals.

TikTok Receives Class Action Over Pixel Tracking on Unaffiliated Properties

A class action lawsuit was filed against TikTok in the Central District of California, alleging various California statutory, common law and constitutional claims based on TikTok’s collection and use of ad event information, IP address, and cookie information from users of third-party properties that install the TikTok SDK.

According to the complaint, a multitude of users of the third-party properties were not TikTok users and never consented to or had any notice of TikTok’s interception and collection of the users’ data.

TAKEAWAY

This case relies, in part, on the anti-wiretapping provisions of the California Invasion of Privacy Act, which imposes liability for reading the contents of a communication while in transit without consent of all parties to the communication.

Class action lawsuits under various state anti-wiretapping laws and the Federal Wiretap Act have been surging in recent years, targeting both third-party providers of tracking software and first parties who incorporate first or third-party trackers on their owned and operated properties.

For more coverage, read our previous post about the ruling against adtech company Navistone on this blog and the recent announcement of an investigation of trackers on starbucks.com.  

Europe

Irish DPC Proposes Microsoft Fine For LinkedIn Targeted Advertising

Microsoft announced that it received a non-public Preliminary Draft Decision from the Irish Data Protection Commission, proposing a fine of approximately $425 million based on allegations that LinkedIn’s targeted advertising practices violated the GDPR.

Microsoft said it will dispute the legal basis for the decision and amount of the fine. 

NEXT STEPS

This announcement comes shortly after the French Data Protection Authority (CNIL) announced its closure of a case against Microsoft for alleged privacy violations related to ad fraud tracking on bing.com without user consent.

The nature of the alleged violations on LinkedIn were not publicly disclosed. 

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

New Privacy Requirements Took Effect October 1 In Three States

October 7, 2024

New Privacy Requirements Took Effect In Montana, Maryland &...

[WEBINAR] Consent is not enough: Protecting against new U.S. privacy litigation risks

October 2, 2024

Join Sourcepoint and privacy litigation expert Matthew Pearson, Partner...

How Haymarket Uses Sourcepoint to Manage Vendor Compliance

October 1, 2024

Haymarket sought to elevate their level of compliance by...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]