Federal Wiretap Pixel Case Survives Motion to Dismiss as CPPA Forces Opt-Out Investigation Of Tractor Supply Company

Want to receive these privacy recaps in your inbox each week? Subscribe here.

United States

Retailer Is Denied Motion to Dismiss Federal Wiretap Pixel Case

A Northern District of California judge ruled that plaintiffs in a class action against Rack Room Shoes adequately pled that the retailer violated the federal Wiretap Act when it sent information regarding visitor behavior on its website (including search queries, buttons clicked, items viewed and placed in the cart, and hashed name, address, phone number and email address) to Meta through pixels embedded on the website. 

The court found that, although the federal Wiretap Act contains an exception if any party to the intercepted communication gave consent, and the plaintiffs do not contest that Rack Room, a party to the conversation between Rack Room and the visitor, gave consent to interception of the communication by Meta, the plaintiffs adequately alleged that an exception to the exception applies in this case. Specifically, single-party consent is not sufficient under the federal Wiretap Act if the interception of the communication was “for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State”. 

In this case, the plaintiffs alleged that Rack Room’s sending of the communication to Meta for advertising contradicted commitments in Rack Room’s privacy policy, which the court found to plausibly constitute a tortious invasion of privacy. Thus, Rack Room allegedly had a tortious purpose in engaging in the interception sufficient to satisfy the crime-tort exception to the single-party consent rule. 

TAKEAWAY

Most wiretapping class actions based on third-party pixels on a company’s website have focused on certain state wiretapping laws, such as the California Invasion of Privacy Act, that require two-party consent for an exception to the wiretapping prohibition to apply. The federal Wiretap Act contains an additional hurdle for plaintiffs to overcome since only single-party consent is necessary for an exception to apply (and typically, the party embedding the pixel on their own website has consented to the third party collecting information through such pixel). However, this ruling potentially opens new avenues for plaintiffs in any situation where a website embeds a third-party pixel in a manner that is contradictory to commitments in its privacy policy or that otherwise plausibly constitutes a tortious act. This serves as an additional reminder for companies to not only ensure they have exhaustive, ongoing processes in place to review third-party pixels and other tracking technologies on their websites and apps, but to also ensure, as part of such review, that such activities are consistent with commitments they make in their privacy policy and other disclosures.

CPPA Investigates / Enforces a Subpoena Over CCPA Compliance

In its first public disclosure of an ongoing investigation and first judicial action to enforce an investigative request, the California Privacy Protection Agency (CPPA) announced that it has filed a judicial order to enforce a subpoena against Tractor Supply Company. The subpoena seeks information about the retailer’s compliance with the California Consumer Privacy Act, including whether Tractor Supply Company failed to honor Californians’ right to opt out of the sale and sharing of personal information online. The retailer allegedly refused to answer questions posed by the CPPA within the requested time frame. 

TAKEAWAY

The CPPA Blog posted an article in March 2025 laying out what companies can expect during an investigative process. Although the article listed various approaches the CPPA may take in an investigation, the post ended with the statement that “every case is different, and we don’t proceed the same way every time”, which has been confirmed in the investigation of Tractor Supply Company. Regardless of the approach, the blog post encourages collaboration, communication, and candor and stresses that “the best approach is to own the facts, build credibility, and work constructively with us”.