Earlier this month, two investors filed a putative class action challenging the deployment of third-party tracking tools—including the Meta Pixel, LinkedIn Insight Tag, and Google Analytics—on the website and mobile app of a major asset management firm.

Similar to previous class action litigation in healthcare, retail, and other industries, this lawsuit claims that these tools are deployed without user consent, in violation of state anti-wiretapping statutes (such as the California Invasion of Privacy Act) and the federal Wiretap Act.

The plaintiffs allege that the tools at issue captured real-time account logins, trade instructions, fund tickers, and search queries, and then funneled that data—paired with unique identifiers—to the third-party platforms for advertising and analytics. The complaint seeks certification of nationwide and statewide classes, along with aggregated, classwide damages for each purported statutory violation.

The case is in its early stages, and the asserted claims appear vulnerable to multiple challenges—both on the merits and at class certification—including the lack of common classwide injury, and the likelihood of user consent via applicable privacy policies. In the meantime, asset management and investment firms with similar online properties may wish to consider the following steps:

1. Inventory every tag. Identify all third-party scripts that load, particularly behind authenticated investor pages.
2. Pause sensitive flows. Disable any code that transmits account or transaction data until consent and data-minimization strategies are assessed and validated.
3. Update notices and banners. Review disclosures to site users— especially as part of annual privacy evaluations.

Pixels and similar tools that once seemed like innocuous adjuncts to online marketing may present significant class action risk if not properly analyzed and deployed. If your digital stack includes social media driven analytics, now is the time to audit, remediate, and evaluate disclosures