Chicago Business Litigation Lawyer Blog
A new wave of class action lawsuits is sweeping into the Northern District of Illinois. The defendants are not telecom companies. They are healthcare practices, retailers, fintech companies, telehealth platforms, employers running candidate portals, and any business with a website that uses analytics or advertising tools.
The legal theory is the same in almost every case. The plaintiff alleges that a tracking pixel, often the Meta pixel, the TikTok pixel, or the Google tag, captured information the user typed into the defendant’s website and quietly transmitted that information to a third party advertising platform. The plaintiff then alleges that this transmission violated the federal Electronic Communications Privacy Act, also known as the Wiretap Act, 18 U.S.C. section 2511.
The financial pressure of these cases is enormous. The Wiretap Act allows statutory damages of the greater of $100 per day or $10,000 per plaintiff, plus attorney fees. Multiplied across a putative class of website visitors, the demand letter is designed to force a settlement. That math is the plaintiffs’ bar’s business model.
There is a powerful defense to most of these cases. It is called the party exception, and Illinois federal courts are increasingly willing to enforce it.
The party exception is not buried in a regulatory annex. It is in the statute itself. 18 U.S.C. section 2511(2)(d) provides that the prohibition on intercepting electronic communications does not apply where one of the parties to the communication has consented, or where the defendant is itself a party to the communication. When a customer or patient fills out a form on your website, the customer’s communication is being directed at you. You are not eavesdropping on someone else. You are the recipient.
That sounds obvious. It is also dispositive in most pixel cases when the defense is properly pleaded.
The Northern District of Illinois has issued a series of decisions applying this exact logic. In Kurowski v. Rush System for Health, the court held that Rush, not Facebook or Google or a downstream ad platform, was the intended recipient of the patient communications submitted through Rush’s website and patient portal. Sloan v. Anker Innovations Ltd. went further, holding that even where a defendant later uploads information to a third party server, the defendant remains a party to the original communication, not a non party interceptor. The Zak v. Bose Corp. line of cases rejected the plaintiffs’ bar’s relabeling tactic of recasting the website operator as a redirector of someone else’s data flow. And in Doe v. Genesis Health System, the court explained the principle in plain language. The communications could not have occurred without the plaintiff communicating with the defendant as the intended recipient and party.
What this means in practice is that when a plaintiff sues your business for embedding analytics on your own website that collected information the plaintiff voluntarily submitted to your business, you have a real defense at the motion to dismiss stage. The defense does not require discovery. It does not require expert testimony. It requires careful pleading and an early motion that frames the issue correctly.
Pleading the party exception is not automatic.
Plaintiffs’ lawyers know about this defense, and they draft around it. The most common attack is to recharacterize the defendant’s role. They allege the defendant did not receive the communication so much as redirect it, process it, or facilitate the transmission to a third party. Federal courts in Illinois have rejected those framings repeatedly, but defendants who do not anticipate this pleading move can lose ground at the dismissal stage.
A second attack is the so-called crime tort exception written into the same subsection of the Wiretap Act. It says the party exception does not apply if the interception is for the purpose of committing any criminal or tortious act. Plaintiffs invoke that clause, plead a HIPAA violation or an invasion of privacy as the predicate, and argue the party exception is unavailable. That argument is its own active battleground in Illinois federal courts, and we have written separately about it.
The defense playbook works in three stages.
The first is a clean motion to dismiss that frames the website operator as exactly what it is, the intended party to the communication. The motion should explain how the pixel works in technical terms a judge can understand without an expert, and it should anchor the legal argument in the statute and the Northern District precedent. Hand waving will not survive a sophisticated plaintiffs’ team.
The second stage is preserving the alternative grounds. Even if the court declines to dismiss outright on the party exception, the plaintiff still has to plead actual disclosure of statutorily protected content, not the mere existence of tracking code. Illinois federal courts have repeatedly dismissed pixel cases where the complaint relied on screenshots and metadata without alleging that protected content was actually transmitted. The defense should preserve that argument as well.
The third stage is the standing inquiry. After TransUnion v. Ramirez, the United States Supreme Court has made clear that plaintiffs need standing for each form of relief sought, and theories like diminished data value, anxiety, and lost benefit of the bargain do not always survive. Pairing a party exception defense with a tight standing motion can narrow or eliminate the case before discovery.
If your business is facing a tracking pixel class action, or if your in-house counsel is asking how exposed your website is to one, the time to plan a defense is before the demand letter arrives. DiTommaso Lubin, P.C. represents Illinois businesses defending wiretap, privacy, and class action claims tied to website analytics and advertising tools. Call 630-333-0333 for a free consultation or contact us online. This post is for general information and is not legal advice.