I have a Shopify store and am based in California. I am being sued for violation of CIPA; the plaintiff’s attorney is saying that I installed spyware from TikTok onto my site. I did not do this, but I do have integrated stores on social media. Is anyone else in California experiencing this? Research shows that:
Shopify is facing potential legal issues in California related to the [California Invasion of Privacy Act (CIPA)]. Specifically, the Ninth Circuit reversed a previous dismissal of the case, finding that Shopify’s actions, including embedding tracking software on California consumers’ devices, established personal jurisdiction over the company in California. This means Shopify may be held accountable in California courts for privacy violations.
I think that these attorneys will come after CA Shopify stores because the CIPA law has a lot of gray areas. How do we protect ourselves? How do we ensure that we are compliant?
Can anyone help? Thank you. I"ve consulted an attorney and they say that these lawyers are coming after small businesses in CA who use Shopify as their platform.
1 Like
Hi @Christi2 ,
I’m sorry to hear about that. From my experience, the only way around it is to make sure your cookie consent bar/popup is working appropriately (actually blocking cookies/tracking scripts until the user consents). If the user rejects cookies, and the tracking pixels are still loaded in, than this would not be compliant.
If this was useful, a Like or marking it as a Solution is appreciated. Need more help? Feel free to reach out anytime using the email address/phone number in my signature.
2 Likes
Yes, done. The problem is that the TikTok pixel was loading faster than my consent banner, AND I hadn’t finished even connecting TikTok. It’s all very weird, and I wish that Shopify would be more helpful.
Hi @Christi2 ,
I’m happy to take a further look into your store if you’d like. The TikTok pixel shouldn’t even begin loading in until a visitor on your site clicks “Accept” on your consent banner.
Feel free to send me an email using the link in my signature.
1 Like
Hey
I can only imagine how unsettling it is to find yourself pulled into a CIPA lawsuit over something you never intentionally added. The reality is that any third-party script TikTok, Facebook, analytics tools can trip those privacy wires in California’s strict environment.
To protect yourself, make sure your privacy policy clearly lists every tracker you use and add a cookie-consent banner so visitors opt in before any nonessential code runs. Then give your theme a quick audit remove any scripts you don’t absolutely need.
Finally, keep good records. Save dated versions of your policy, note when you added or removed each pixel, and archive screenshots of your consent settings. That way, if anyone comes knocking, you’ll have a clear paper trail showing you’ve always tried to stay on the right side of the law. Hang in there if you’ve got this.
1 Like
Thanks so much for helping me out. Working with you yesterday to ensure that my site was compliant was extremely helpful. And thank you for your thoroughness and patience!
Hey Christi. Just wanted to hop in here and say what you likely already know, which is that you’re very much not alone here. My company is going through the exact same misery with this and its just been an incredible waste of time and money getting lawyers involved for such an obviously frivolous claim. I really feel like there needs to be better support for small businesses from both Shopify and Meta on this as they are clearly not the ones being sued and the burden on the small businesses (and the stress) is crap. If nothing else we CA small businesses should start a support group if there isn’t one already.
1m
While this is definitely best practice moving forward, I would argue that this isn’t exactly a solution to all of these existing cases. Unfortunately I think the only real long term solution is getting proper legislation passed to get these loopholes of abuse in CIPA closed up. Write your state reps and tell them to get SB690 passed!
My case is slightly different as it involves the Facebook Meta pixel that comes installed in the Shopify Facebook App. But case is still a claimed CIPA violation.
Hi, so glad to hear I’m not alone. I wonder if we are being sued by the same a$$hole? I think we need a support group too. I have heard that the law will probably be ‘edited’ but it won’t take effect until 2026 AND it’s not retroactive. I’m all for exposing this scam if I can do it without getting sued, haha. Anyway, my email is info@crashjewelry.com if you want to compare notes. The only other thing that has been suggested to me is to file a class action suit against this crook which is what he it threatening to do to me to the tune pof $150k.
1 Like
California merchants are being sued under CIPA because of tracking scripts such as pixels or session recordings To mitigate risk audit your site using privacy compliance tools remove unnecessary tracking pixels add clear consent banners and update your privacy policy A compliance app or privacy consultant can provide extra protection for your store