In Re Meta Pixel Tax Filing Cases, 5:22-cv-07557

Plaintiffs brought a class action against Meta Platforms, Inc., alleging Meta’s Meta Pixel tracking tool violated the California Invasion of Privacy Act (CIPA) by operating as a pen register and as a wiretap.
The Meta Pixel is a JavaScript tool provided by Meta to third-party websites, including prominent tax-filing services, and it transmits user data back to Meta when users interact with those sites.
Plaintiffs allege the Pixel sent sensitive tax-related user data (e.g., filing status, income, refund amounts) from services like TaxAct, H&R Block, and TaxSlayer to Meta, enabling the linkage of users and their private data to their Facebook profiles.
Plaintiffs amended their complaint to add a claim that the Meta Pixel violated CIPA’s pen register provisions, which prohibit installing or using a pen register without a court order.
Meta moved to dismiss the pen register claim, arguing the Pixel could not legally be both a wiretap and a pen register, and that Meta did not "use" or "install" the Pixel within CIPA’s meaning.
The matter was before the court on Meta’s motion to dismiss for failure to state a claim under Federal Rule 12(b)(6).

Issue	Plaintiff's Argument	Defendant's Argument	Held
Did Meta "use" a pen register under CIPA section 638.51?	Meta used the Pixel, which records and transmits user data directly to Meta's servers, constituting use of a pen register.	Third-party websites install/use Pixel; Meta only uses received data, not the device.	Plaintiffs plausibly allege Meta used the Pixel as a pen register.
Can the Pixel be both a wiretap and a pen register under CIPA?	Pixel has capabilities of both; CIPA’s purpose is to protect privacy, so both claims can proceed for same device.	Statute precludes dual liability; device cannot be both under CIPA’s definitions.	A device can be both; CIPA should be construed to maximize privacy protections.
Does the exclusion of “contents of communication” bar the claim?	Pixel collects dialing/routing (metadata) as well as contents; functionalities are separate within the Pixel.	Statute excludes devices recording contents from pen register definition—collecting contents disqualifies.	Pixel’s functionalities can be distinct; collecting both does not preclude pen register liability.
Is Meta liable if only the data, not the device, is used by Meta?	Meta is directly involved in the real-time collection/transmission, not a passive recipient; integral to data flow.	Only tax services directly interact with/operate the Pixel; Meta just receives and uses resultant data.	Meta’s involvement in real-time collection means plausible use of the pen register is alleged.

Ashcroft v. Iqbal, 556 U.S. 662 (2009) (sets federal pleading standard for plausibility on motions to dismiss)
Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007) (plausibility standard for pleading under Rule 12(b)(6))
Flanagan v. Flanagan, 27 Cal. 4th 766 (2002) (CIPA should be interpreted to maximize privacy protection)
Rowe v. Educ. Credit Mgmt. Corp., 559 F.3d 1028 (9th Cir. 2009) (pleading standards for Rule 12(b)(6) motions)