The Perplexity CIPA Lawsuit Affirms that Tracker and Consent Risk Continues to Grow
A lawsuit against Perplexity applies a traditional privacy theory to a new setting: tracking technology inside a high-trust user experience. In Doe v. Perplexity AI, Inc. et al., filed March 31, 2026 in the Northern District of California, the plaintiff alleges that Perplexity disclosed users’ conversations and identifiers to Meta and Google without consent and asserts claims under CIPA (California's Invasion of Privacy Act) and other privacy-related theories.
The alleged tracking stack included Meta Pixel, Google Ads, Google DoubleClick, Meta’s Conversions API, Firebase, and Google Analytics. The complaint alleges those tools began sharing data with these parties as soon as a user landed on the homepage, before the user clicked a button or entered a prompt. It further alleges that once users began interacting with the product, Perplexity disclosed opening prompts, follow-up questions, email addresses, cookies, and other identifiers to Meta and Google for advertising and analytics purposes.
The complaint also alleges consent problems. It says users were not adequately informed that their conversations and related data would be disclosed to third parties, and that some sign-up flows did not require affirmative agreement to terms or privacy disclosures before use. Those allegations have not yet been proven out by law, but the complaint should but organizations on notice that CIPA complaints are no longer a fringe risk.
We’re not surprised. For the last six months we’ve seen wiretapping claims increase in both volume and size of targeted organization. Reuters recently noted that pixel-tracking litigation continues to expand in 2026, with disputes often focusing on whether companies deployed tracking tools in ways users did not expect, especially where sensitive information may be involved. Reuters also points to a practical problem many organizations know well: tracking technologies can accumulate across tags, plug-ins, marketing tools, and app components over time, making them difficult to fully map or govern internally.
In practice, that means some deployments may sit outside normal governance channels and become hard for legal, privacy, security, or leadership teams to see clearly. A focused web-tracking outside audit can test the site or app as it actually behaves, identify what loads before consent, show where data is going, and surface tools that may not be fully documented internally. If issues are found, remediation can narrow or remove unnecessary tracking from sensitive workflows, or prompt a change of terms or consent conditions, providing a perfect opportunity to capture and archive proof-of-behavior with artifacts that can be used to efficiently resolve legal complaints.
The Perplexity case is still in the complaint phase for now, leaving us to see how parties and the court treat this cause of action. However, this is good reminder that from small to large organizations, privacy risk often comes from ordinary technical choices that stay unnoticed until someone looks closely. If your organization hasn’t looked closely at your tracking, consent, and terms of use choices with artifacts to prove behavior, it’s past time to mitigate this risk.
If resolving risks related to tracking have stalled or have not started in your organization, review our Web-Tracking Services page for the process that we use that may help you frame your own process, and always, feel free to contact us if you need additional support.
Footnotes:
The Doe v. Perplexity AI, Inc. et al. complaint can be found here: https://cdn.arstechnica.net/wp-content/uploads/2026/04/Doe-v-Perplexity-Complaint-3-31-26.pdf
The Reuters article can be found here: https://www.reuters.com/legal/legalindustry/your-website-is-satisfying-target-what-you-need-know-about-pixel-tracking--pracin-2026-04-13