OpenAI Hit with Class-Action Privacy Lawsuit for Sharing ChatGPT Data with Google and Meta

Home Cyber Security News OpenAI Hit with Class-Action Privacy Lawsuit for Sharing ChatGPT Data with Google and Meta By Guru Baran May 14, 2026 OpenAI Global LLC is facing a new class‑action complaint in the Southern District of California that accuses the company of quietly wiring its ChatGPT web interface with Meta’s Facebook Pixel and Google Analytics, turning highly sensitive chatbot conversations into monetizable tracking data for online advertising ecosystems. Filed by California resident Amargo Couture on behalf of all U.S. users who entered queries into ChatGPT.com, the suit claims OpenAI disclosed users’ chat topics, identifiers, and contact details to Meta and Google without consent, in violation of the federal Electronic Communications Privacy Act (ECPA) , California’s Invasion of Privacy Act (CIPA) , and state constitutional privacy rights. According to the complaint , ChatGPT is routinely used to discuss “sensitive and personal topics” such as finances, health, and legal issues, with some estimates suggesting that a significant portion of company data pasted into ChatGPT is confidential. Users allegedly had a reasonable expectation that these conversations would remain between themselves and OpenAI, not be piped to third‑party ad tech platforms. The litigation lands amid a broader wave of privacy and copyright fights over generative AI and follows earlier suits that challenged OpenAI’s data‑collection and training practices. OpenAI Hit With Privacy Action Lawsuit For Meta, the complaint centers on the Facebook Pixel code embedded in ChatGPT’s web pages, which allegedly triggers silent, real‑time HTTP requests to Facebook’s servers every time a user interacts with the site. These requests are said to include both the content‑derived context (for example, the browser tab title “Super Bowl 2005 Winner” derived from a user query) and a set of cookies such as c_user, fr, and fbp that can be tied back to a specific Facebook account via the user’s Facebook ID. Meta’s own documentation is cited to argue that this telemetry is then fed into its “Core Audiences,” “Custom Audiences,” and “Lookalike Audiences” systems for highly granular ad targeting across Facebook and Instagram. On the Google side, the complaint alleges that Google Analytics and associated Google Ads tags capture hashed email addresses used to sign up or log in to ChatGPT, as well as device and browser identifiers and other Google Signals cookies that map activity to logged‑in Google profiles. Sample network traces in the file show event payloads where a hashed email appears under an “em” field, alongside cookies such as Secure‑3PSID that are associated with Google account identities. Google Analytics is then accused of enriching this data with cross‑device behavior, demographic signals, and remarketing features, enabling OpenAI and Google to retarget users based on their ChatGPT activity and to fold those events into broader advertising and analytics products. Substantively, the suit asserts that OpenAI “intentionally installed wiretaps” on ChatGPT.com by embedding Meta and Google tracking scripts, thereby aiding third‑party interception of users’ communications in transit. Under ECPA, the plaintiffs argue that each ChatGPT interaction constitutes an “electronic communication,” and that copying those communications to Meta and Google via client‑side JavaScript and tracking pixels qualifies as an unlawful interception, disclosure, and use. Under CIPA Sections 631 and 632, they characterize the Meta Pixel and Google Analytics tags—as well as the associated cookies and servers as “machines, instruments, or contrivances” used to read or learn the contents of communications and to eavesdrop on confidential sessions without all‑party consent. The proposed nationwide class covers all U.S. residents whose personally identifiable information (PII) and ChatGPT communications were disclosed to third parties via the website, with a California subclass seeking statutory damages under CIPA of up to 5,000 USD per violation. Plaintiffs are also pursuing injunctive relief to force OpenAI to remove or re‑architect its tracking integrations and to prohibit further disclosures of chatbot‑derived data to ad tech partners. If certified and successful, the case could expose OpenAI to massive statutory damage exposure and effectively put browser‑based tracking of AI chats under the same legal microscope as health‑site pixels and session‑replay scripts that have recently drawn aggressive enforcement and litigation. For security and privacy teams, the allegations cut to the heart of how AI front‑ends are instrumented: embedding generic marketing pixels and analytics tags into AI tools that handle highly sensitive, free‑form text may create unexpected surveillance channels that regulators and courts treat as wiretaps. The complaint’s detailed network captures, from tab titles to cookie values, offer a blueprint for how plaintiffs’ experts are now inspecting AI properties for covert data flows to third‑party domains. Organizations integrating commercial LLM front‑ends or building their own should expect similar scrutiny and urgently revisit their telemetry, cookie consent flows, and data‑sharing contracts to ensure that sensitive AI conversations are not silently leaking into ad ecosystems under legacy web‑tracking configurations. Follow us on Google News , LinkedIn , and X to Get More Instant Updates. Tags cyber security cyber security news privacy Copy URL Linkedin Twitter ReddIt Telegram Guru Baran https://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Critical GitLab Vulnerabilities Enables XSS and Unauthenticated DoS Attacks Critical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information macOS Malware Leverages Google Ads and Legitimate Claude.ai Shared Chats to Deliver Malware Trending Hugging Face Repo With 200k Downloads Executes Malware on Windows Machines New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials Load more Latest News Cyber Security News Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets Cyber Security News Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network Cyber Security News New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass Cyber Attack News node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain Attack Cyber Security News Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security