California residents filed two federal class actions this week alleging that OpenAI embedded Google Analytics and Meta’s Facebook Pixel into ChatGPT.com, transmitting user queries, email hashes, and account identifiers to advertising platforms in real time. The suits invoke the Electronic Communications Privacy Act and California wiretap law. OpenAI has not publicly responded.
What the Complaints Allege
Plaintiff Saje Lim filed a class action against OpenAI Global LLC in California federal court, followed by a second complaint filed by Amargo Couture in the Southern District of California on behalf of all U.S. users who entered queries into ChatGPT.com. Lim claims OpenAI shared ChatGPT queries with Meta and Google without users’ knowledge or consent. The suit claims OpenAI disclosed users’ chat topics, identifiers, and contact details to Meta and Google without consent, in violation of the federal Electronic Communications Privacy Act, California’s Invasion of Privacy Act, and state constitutional privacy rights.
Plaintiff Saje Lim claims OpenAI disclosed the ChatGPT queries to Meta and Google by incorporating technology owned by the tech giants into the code of its website. The mechanism alleged is not novel. For Meta, the complaint centers on the Facebook Pixel code embedded in ChatGPT’s web pages, which allegedly triggers silent, real-time HTTP requests to Facebook’s servers every time a user interacts with the site. These requests are said to include both the content-derived context (for example, the browser tab title “Super Bowl 2005 Winner” derived from a user query) and a set of cookies such as c_user, fr, and fbp that can be tied back to a specific Facebook account via the user’s Facebook ID.
The complaint includes technical detail. On the Google side, the complaint alleges that Google Analytics and associated Google Ads tags capture hashed email addresses used to sign up or log in to ChatGPT, as well as device and browser identifiers and other Google Signals cookies that map activity to logged-in Google profiles. Sample network traces in the file show event payloads where a hashed email appears under an “em” field, alongside cookies such as Secure-3PSID that are associated with Google account identities. Meta’s own documentation is cited to argue that this telemetry is then fed into its “Core Audiences,” “Custom Audiences,” and “Lookalike Audiences” systems for highly granular ad targeting across Facebook and Instagram.
The plaintiff demands a jury trial and requests declaratory and injunctive relief and an award of statutory damages of $5,000 per violation or three times the amount of actual damages. Lim wants to represent a nationwide class and California subclass of individuals who had their personally identifiable information and communications with ChatGPT disclosed to third parties as a result of using the website.
The Context: CIPA and Embedded Trackers
The Google Analytics and Meta Pixel integrations described are standard instrumentation across the commercial web. Using Google Analytics and Facebook’s tracking pixels is very common across most websites, no matter the industry. Yet pixel-based monitoring on consumer AI services has become a new front for privacy litigation.
CIPA, passed in 1967, meant to criminalize traditional wiretapping and eavesdropping, primarily in the context of landline telephone calls. The law was never meant to wrangle the complexities of the digital age, yet plaintiffs’ firms now invoke it routinely to challenge tracking pixels, session replay scripts, and chat widgets. The lawsuit comes amid a growing wave of privacy litigation targeting common website-tracking tools. Over the past few years, plaintiffs’ firms have filed thousands of lawsuits accusing companies of violating California wiretapping laws by using analytics scripts, pixels, chat widgets.
A separate suit filed earlier this year accused Perplexity AI of similar conduct involving Meta and Google trackers. The Perplexity complaint alleged that Incognito mode did not block the data flow. The new case follows a 2023 class action against OpenAI focused on personal data used for model training. Regulators in several jurisdictions continue to scrutinize the chatbot. Recent reviews include action by a Japanese privacy watchdog and a GDPR complaint filed by NOYB in Europe.
This is not a novel theory, but the application to AI chat interfaces is new. Health sites have faced pixel litigation for years. That body of law treated analytics on medical intake forms or patient portals as wiretaps. The present complaints argue that ChatGPT queries deserve equivalent treatment.
What This Reveals About Expectation Mismatch
The lawsuits turn on what users expect. The case argues that consumers had reasonable privacy expectations when using the chatbot. The complaint cites a Cyberhaven report estimating that around one percent of data employees paste into ChatGPT is confidential. The figure refers to leaked corporate material. The complaint extends that concern to individuals who use the assistant for advice on health, money, and legal matters.
A privacy researcher quoted by Cybernews argued the opposite. “OpenAI’s privacy policy does disclose that it shares your information with a ton of third parties, including advertisement partners”, and therefore users cannot claim surprise. If you agree to any AI company’s privacy policy, you cannot reasonably expect truly private AI, in other words.
Both positions are defensible. The expectation gap is structural. Users treat conversational interfaces differently than they treat search boxes. They ask chatbots questions they would not ask Google. They upload tax documents, describe symptoms, rehearse arguments with spouses. The interface invites disclosure. People increasingly use AI systems to discuss issues they would normally reserve for therapists, lawyers, doctors, or close family members. The lawsuit taps into a growing fear inside the AI era: users may trust these systems far more deeply than they trust traditional websites, even though many of the same advertising and analytics technologies still operate behind the scenes.
The technical mechanism, however, treats the chatbot as a website. Tab titles update dynamically to reflect query topics. If a user asks “Who won the Super Bowl in 2005?” the browser tab updates accordingly. If a user asks ChatGPT, “Who won the Super Bowl in 2005?” the browser tab updates to display that topic. According to the lawsuit, Meta Pixel and Google Analytics then transmit that information, along with identifiers tied to the user’s accounts, to external servers. The instrumentation was not designed for AI chat. It was designed for e-commerce conversion funnels. The pixel fires. The data flows.
Whether the court accepts the plaintiffs’ theory may hinge on how judges interpret consumer expectations around AI services. The level of disclosure OpenAI provided at signup will likely matter as well. Privacy policies disclosed third-party sharing for analytics. Whether that disclosure is sufficient is the question the lawsuits pose.
Why Email Is Caught in the Middle
The complaint alleges that Google Analytics captured hashed email addresses associated with ChatGPT accounts. Email addresses serve as stable identifiers across devices and services. Google Analytics is then accused of enriching this data with cross-device behavior, demographic signals, and remarketing features, enabling OpenAI and Google to retarget users based on their ChatGPT activity and to fold those events into broader advertising and analytics products.
This is the architecture that makes surveillance capitalism function. Google and Meta built identity graphs spanning billions of accounts. When a user logs into ChatGPT with an email address, and that email is hashed and transmitted to Google via Analytics tags, Google can map the ChatGPT session to the user’s existing profile. The chatbot session becomes another data point in a file assembled from search history, YouTube views, Gmail metadata, location pings, and ad clicks.
The same applies to Meta. The filing claims Meta received Facebook cookies, including the unencrypted “c_user” identifier and “fr” cookie tied to a Facebook ID. Google allegedly received data tied to Google profile cookies such as “Secure-3PSID,” along with hashed login-related identifiers. If a user is logged into Facebook in the same browser session, the Pixel can tie the ChatGPT query to the Facebook account. The user who asked about tax deductions or divorce lawyers is no longer anonymous. They are a named individual with a known advertising profile.
Email is the hinge. Unlike IP addresses, which can be shared or masked, or device fingerprints, which drift over time, email addresses are persistent and self-asserted. They tie identity to action. This is why email services matter. A user who asks sensitive questions via a chatbot interface while logged in with a Gmail account has transmitted not just the query but also a stable cross-platform identifier. The pixel does not need to guess who the user is. The email tells it.
Architecture as Exposure
The complaint frames the issue as intentional wiretapping. The suit asserts that OpenAI “intentionally installed wiretaps” on ChatGPT.com by embedding Meta and Google tracking scripts, thereby aiding third-party interception of users’ communications in transit. This is a legal characterization, not a technical one. From an engineering perspective, OpenAI instrumented its site with industry-standard analytics. From a legal perspective under California’s 1967 wiretap statute, that instrumentation may constitute interception of electronic communications.
What matters is the category shift. When tracking pixels fire on e-commerce sites, courts have been reluctant to apply wiretap law. When they fire on telehealth portals or mental health intake forms, courts increasingly treat them as wiretaps. AI chat interfaces are closer to therapy intake than to product browsing. Users disclose personal facts in natural language, often in private contexts, expecting confidentiality.
If certified and successful, the case could expose OpenAI to massive statutory damage exposure and effectively put browser-based tracking of AI chats under the same legal microscope as health-site pixels and session-replay scripts that have recently drawn aggressive enforcement and litigation. California’s statutory damages of $5,000 per violation, multiplied across millions of ChatGPT users, produce a liability figure in the billions. The financial stakes are secondary. The primary consequence is categorical: AI chat would be treated as confidential communication, not as browsing behavior.
The complaint’s detailed network captures, from tab titles to cookie values, offer a blueprint for how plaintiffs’ experts are now inspecting AI properties for covert data flows to third-party domains. Organizations integrating commercial LLM front-ends or building their own should expect similar scrutiny and urgently revisit their telemetry, cookie consent flows, and data-sharing contracts. This is no longer hypothetical. Plaintiffs’ firms are running packet captures on AI tools. Every HTTP request to Meta or Google domains is discoverable. Every cookie passed is evidence.
The principle is simple: if the architecture transmits user input to third parties in real time, the architecture is the liability. Privacy policies do not override wiretap statutes. Consent flows do not absolve real-time interception if courts find the interception unreasonable. The question is not whether OpenAI disclosed third-party analytics in its terms of service. The question is whether embedding Meta and Google tracking in a conversational interface constitutes unlawful interception of communications.
Email addresses used to authenticate AI chat sessions become tracking keys that link queries to advertising profiles across platforms. Services that accept cryptocurrency and operate without requiring verified identity or linking accounts to advertising profiles avoid this architecture entirely. Queries routed over Tor with anonymous addresses cannot be stitched into cross-platform identity graphs. The infrastructure does not permit it. Post-quantum cryptography implementations such as PQCServer, released under AGPL-3.0, demonstrate forward secrecy in messaging infrastructure where session data cannot be retroactively decrypted even if intercepted. The principle is that communication tools should not leak metadata to advertising networks by default, regardless of what privacy policies permit.
What Comes Next
For OpenAI, the timing is awkward. The company is preparing for an expected initial public offering. It has reportedly fallen short of its revenue and user targets for the year. A drawn-out class action over privacy could complicate that path. Hearings have not yet been scheduled, and OpenAI has not publicly responded to the filing.
The lawsuits are at the earliest stage. OpenAI will move to dismiss. The plaintiffs will seek class certification. Discovery, if it proceeds, will produce internal communications about analytics instrumentation and data sharing agreements with Google and Meta. The legal question is narrow: does embedding standard web analytics on an AI chatbot violate wiretap law? The outcome will depend on whether courts treat conversational AI as analogous to telehealth portals or analogous to e-commerce sites.
Together, the cases point to growing legal pressure on AI providers. Regulators want clearer rules for how user inputs are collected and routed. Pixel litigation is now routine in California. What is new is the application to AI. If plaintiffs succeed, every AI provider that instrumented its interface with Google Analytics or Meta Pixel will face similar claims. The outcome will define whether conversational interfaces are governed by e-commerce norms or by confidential-communication norms.
The structural point is this: AI chat has become confidant-class infrastructure before confidant-class legal protections materialized. Users treat it as private. Providers instrument it as a website. The law has not caught up. These lawsuits are the collision.