Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.”  Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025).  Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. 

The two plaintiffs in this case asserted that Defendant Ubisoft, Inc., a video game company, used a third-party website pixel that allegedly collected and disclosed plaintiffs’ personal information and website activity without plaintiffs’ consent.  Ubisoft moved to dismiss, arguing, among other grounds, that “an essential element of each of Plaintiffs’ claims [was] lack of consent,” but plaintiffs had in fact “consented to the use of cookies and pixels . . . at least three times during the purchase process”: when plaintiffs (1) “interacted with the Cookies Banner” upon first visiting the website; (2) created accounts, which required them to affirmatively “accept Ubisoft’s Terms of Use, Terms of Sale, and Privacy Policy”; and (3) “made purchases,” when plaintiffs were again shown the Privacy Policy.  

The Court agreed.  Taking judicial notice of certain Ubisoft policies and website pages, including its Privacy Policy, Cookies Banner, and Cookies Settings, the Court held that plaintiffs’ consent defeated each of plaintiffs’ claims:

  • Federal Wiretap Act Claim:  The court held Ubisoft had established that the Wiretap Act’s consent exception applied.  Section 2511(2)(d) of the Wiretap Act authorizes interception of communications where “one of the parties to the communication has given prior consent to such interception,” provided the interception is not “for the purpose of committing any criminal or tortious act[.]”  Here, the court found that Ubisoft “clearly disclose[d]” that it “allows partners to use cookies on the Website,” that “specific analytics and personalization cookies would be used,” and that “cookie identifiers and other similar data connected to the use of the site could be collected and shared.”  The Court found no support for requiring the sort of “highly granular disclosure” urged by plaintiffs, who argued that Ubisoft must disclose by name the third-party partner that would collect data through the website pixel and Ubisoft’s “specific practice of exposing Plaintiffs’ [personally identifiable information].”  Finally, the court rejected plaintiffs’ argument that the crime-tort exception to consent applied, concluding plaintiffs had not alleged that “the purpose of the interception” was to “perpetuate torts on millions of Internet users,” but rather, to “make money.”
  • CIPA, California Constitution, and Common-Law Invasion of Privacy Claims:  The Court held that consent was also a “defense to all three claims” under CIPA, the California Constitution, and California common law, citing two Northern District of California cases, and dismissed them for the same reasons as the federal Wiretap Act claim.
  • VPPA Claim:  Finally, the court held that Ubisoft’s disclosures satisfied each element of VPPA’s consent provision.  Section 2710(b)(2)(B) of the VPPA authorizes disclosure of a consumer’s personally identifiable information with the consumer’s “informed, written consent”—defined as: (i) “in a form distinct and separate from any form setting forth other legal or financial obligations of the consumer”; (ii) given when “the disclosure is sought” or “in advance for a set period of time” not exceeding two years; and (iii) where the consumer received “an opportunity, in a clear and conspicuous manner,” to opt out.  Here, the Court concluded that Ubisoft’s Cookies Banner satisfied the “written” and “informed” elements, and that its Privacy Policy and Cookies Banner satisfied both (i) the “distinct and separate” requirement—agreeing that “courts routinely classify such policies as ‘disclosures’ or ‘statements’ by companies, not as obligations of the users”—and also (ii) the timing requirement, since “consent is elicited with each and every purchase on the Website . . . which for every class member, must have fallen within the last two years.”

The Court denied plaintiffs’ request for leave to amend and dismissed the claims with prejudice, concluding amendment would be “futile” because plaintiffs could not “amend their complaint to overcome the issue of consent.”  This decision illustrates a company’s ability to wield a consent argument to potentially defeat, at the pleading stage, federal and state-law claims arising from their use of commonplace website marketing or analytics pixels.

Tags: California, Privacy, Wiretap Act, Wiretap Litigation
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer…

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.

Read more about Kathryn CahoyEmail
Show more Show less
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations. 

Chambers USA 2024 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie CanterEmail
Show more Show less
Photo of Lindsey Tonsager Lindsey Tonsager

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection…

Lindsey Tonsager co-chairs the firm’s global Data Privacy and Cybersecurity practice. She advises clients in their strategic and proactive engagement with the Federal Trade Commission, the U.S. Congress, the California Privacy Protection Agency, and state attorneys general on proposed changes to data protection laws, and regularly represents clients in responding to investigations and enforcement actions involving their privacy and information security practices.

Lindsey’s practice focuses on helping clients launch new products and services that implicate the laws governing the use of artificial intelligence, data processing for connected devices, biometrics, online advertising, endorsements and testimonials in advertising and social media, the collection of personal information from children and students online, e-mail marketing, disclosures of video viewing information, and new technologies.

Lindsey also assesses privacy and data security risks in complex corporate transactions where personal data is a critical asset or data processing risks are otherwise material. In light of a dynamic regulatory environment where new state, federal, and international data protection laws are always on the horizon and enforcement priorities are shifting, she focuses on designing risk-based, global privacy programs for clients that can keep pace with evolving legal requirements and efficiently leverage the clients’ existing privacy policies and practices. She conducts data protection assessments to benchmark against legal requirements and industry trends and proposes practical risk mitigation measures.

Read more about Lindsey TonsagerEmail
Show more Show less
Photo of Matthew Verdin Matthew Verdin

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in…

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in securing dismissals at the pleadings stage. For example, he won dismissal at the pleadings stage of over a dozen wiretapping class actions involving the alleged use of website analytics tools to collect data about users’ website visits. He also advises companies on managing litigation risk under federal and state wiretapping laws.

Matthew is also dedicated to pro bono legal services. Recently, he helped a domestic violence survivor win a case in the California Court of Appeal. Matthew’s oral argument led to the court ordering renewal of his client’s restraining order just one day later.

Read more about Matthew VerdinEmail
Show more Show less
Photo of Rachel Bercovitz Rachel Bercovitz

Rachel Bercovitz is an associate in the firm’s Washington, DC office, where she is a member of the Litigation and Data Privacy and Cybersecurity groups. She maintains an active pro bono practice, with a particular focus on gun violence prevention.

Read more about Rachel BercovitzEmail
Photo of Natalie Dugan Natalie Dugan

Natalie Dugan is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity Practice Group.

Natalie advises clients on a broad range of data privacy and cybersecurity issues and across industries. Natalie’s practice includes helping clients…

Natalie Dugan is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity Practice Group.

Natalie advises clients on a broad range of data privacy and cybersecurity issues and across industries. Natalie’s practice includes helping clients comply with existing and emerging state privacy laws, such as the California Consumer Privacy Act and the California Privacy Rights Act, along with federal privacy frameworks such as those set forth by the Federal Trade Commission and consumer protection laws and guidance.

With a focus on AdTech and related privacy issues, Natalie routinely partners with clients to develop privacy notices and choices, draft and negotiate privacy terms with vendors and third parties, and design related governance programs and new products. Additionally, Natalie helps clients strategically engage with and respond to privacy-related inquiries from regulators like the FTC, the California Privacy Protection Agency, and state attorneys general.

Natalie also counsels clients on various other technology-related consumer protection issues, such as state “right-to-repair” legislation and anti-tying warranty provisions under the Magnuson-Moss Warranty Act.

Read more about Natalie DuganEmail
Show more Show less