News

A new class action complaint filed in the Southern District of California takes aim at OpenAI over a privacy theory that should get attention from lawyers, technologists, and any business deploying third-party tracking tools on sensitive user interfaces.

The case is Amargo Couture v. OpenAI Global, LLC, and the complaint was filed on May 13, 2026. The plaintiff alleges that OpenAI operated ChatGPT.com while allowing Meta and Google tracking technologies to receive users’ personally identifiable information and ChatGPT communications without consent.

The complaint is careful to frame the issue as more than ordinary website analytics. It alleges that ChatGPT users ask questions about highly sensitive subjects, including finances, health, legal issues, and other private matters. It then alleges that OpenAI incorporated Meta’s Facebook Pixel and Google Analytics into the website code, resulting in disclosures of query information, identifiers, and other data to those third parties.

That is the heart of the lawsuit: the plaintiff says users thought they were talking to ChatGPT, but their browsers were allegedly also sending information to Meta and Google. The complaint alleges that those transmissions happened in real time and included information that could connect a user’s identity to the subject matter of the user’s ChatGPT query.

The Meta allegations are especially direct. According to the complaint, when a user entered a query into ChatGPT, OpenAI allegedly disclosed that information to Meta in real time. The complaint gives an example: a query asking who won the Super Bowl in 2005 allegedly became the browser tab header value, and the Facebook Pixel allegedly sent a simultaneous transmission to Meta containing both topic information and Facebook cookies tied to the user’s Facebook ID.

The Google allegations follow a similar path. The complaint alleges that when users entered information into ChatGPT, OpenAI disclosed that information to Google in real time through Google Analytics. It also alleges that when a user created or logged into a ChatGPT account using an email address, Google Analytics intercepted a hashed version of that email address. The complaint further alleges that OpenAI transmitted a Google cookie containing a Google profile ID, along with other Google Signals cookies.

The legal theory is familiar, but the AI context raises the stakes. The complaint asserts claims under the Electronic Communications Privacy Act, the California Invasion of Privacy Act, and invasion of privacy under the California Constitution/Intrusion Upon Seclusion. In plain English, the plaintiff is trying to characterize common advertising and analytics tools as unlawful interception or eavesdropping when deployed on a platform where users are entering sensitive communications.

The proposed class is broad. The complaint seeks to represent all persons who, during the class period, allegedly had their personally identifiable information and ChatGPT communications disclosed to third parties as a result of using the ChatGPT.com website. It also proposes a California subclass for California residents whose personally identifiable information and ChatGPT communications were allegedly disclosed to third parties as a result of using the ChatGPT.com website while in California.

The requested remedies are significant. For the ECPA claim, the plaintiff seeks statutory damages of $10,000 or $100 per day for each alleged violation, on behalf of the plaintiff and the putative class. For the CIPA claims, the plaintiff seeks the greater of $5,000 per alleged violation or three times actual damages for the plaintiff and California subclass members. The complaint also seeks class certification, injunctive relief, damages, attorneys’ fees and costs, prejudgment interest, and a jury trial.

For lawyers, the case is worth watching because it sits at the intersection of three litigation trends: pixel-tracking claims, wiretap statutes, and AI privacy. The plaintiff’s theory depends heavily on the idea that third-party code did not merely collect generic analytics, but allegedly duplicated or transmitted the contents or meaning of user communications along with persistent identifiers. That distinction will matter because the complaint frames Meta and Google as alleged third-party eavesdroppers receiving data for targeted advertising, analytics, and profile-matching purposes, rather than as passive service providers.

For business clients, the practical takeaway is simple: if users are sharing sensitive information through your platform, your tracking stack may be as important as your privacy policy. This complaint treats pixels, cookies, browser headers, hashed emails, and account identifiers as the factual infrastructure for statutory privacy claims. Companies using AI chat tools, health tools, financial tools, legal intake tools, support portals, or other sensitive interfaces should understand exactly what third-party scripts fire, what data they receive, and whether the user has meaningfully consented.

This is still just a complaint. The allegations have not been proven, OpenAI has not yet had its full say in the pleadings, and the court has not certified a class. But the filing is a strong reminder that “standard” adtech can look very different when it is placed next to highly personal AI prompts.

The next wave of AI litigation may not be only about model training, copyright, hallucinations, or bias. It may also be about the plumbing around the model: the pixels, tags, cookies, analytics tools, advertising integrations, and consent flows that sit quietly in the background.

That is where plaintiffs’ lawyers are looking. That is where regulators and defense counsel should be looking as well.