Crocs Privacy Class Action Over Meta & Google Tracking
Privacy · Website Tracking · Lawsuit Filed

Crocs Website Tracking Class Action: Lawsuit Alleges Meta and Google Intercepted Shoppers' Purchases

Published July 5, 2026

A new complaint says tracking code on crocs.com sent shoppers' names, emails, and purchase details to Meta and Google without consent — despite a cookie banner promising the data would not identify them. Anyone who bought from the site could fall within the proposed class, but there is nothing to claim yet.

Crocs website tracking privacy class action lawsuit over Meta Pixel and Google Analytics purchase data interception 2026
Allegations Only · No Settlement Yet

This article describes a class action complaint. The statements below are unproven allegations. Crocs, Inc. has not been found liable, there is no certified class, and there is nothing to claim at this time. This page is general information, not legal advice.

What Is the Crocs Privacy Lawsuit About?

Crocs, the footwear brand behind the foam clog, is facing a proposed class action alleging that its online store quietly let third-party advertising trackers intercept and disclose shoppers' activity. The case is Kirkpatrick v. Crocs, Inc., No. 4:26-cv-06792, in the U.S. District Court for the Northern District of California. The named plaintiff, a Concord, California resident, filed the complaint on July 2, 2026, through the law firm Bursor & Fisher.

According to the complaint, Crocs embedded tracking tools from Meta (Facebook) and Google into crocs.com that contemporaneously duplicated shoppers' communications with the site and transmitted them to the two companies. The complaint alleges the intercepted data included the shopper's name, email address, the products they viewed and added to their cart, and their purchase details, along with cookie values that can be matched back to individual Facebook and Google accounts. The complaint alleges this happened even though crocs.com displayed a cookie banner assuring visitors that the site's cookies "do not store directly personal information" and collected only "aggregated" data that "does not directly identify you." None of the claims has been proven, and no court has ruled on the merits.

Status Complaint Filed · No Settlement filed July 2, 2026 in the Northern District of California
Case Kirkpatrick v. Crocs, Inc. No. 4:26-cv-06792 (N.D. Cal.)
Can I Claim? No — nothing to claim yet no certified class, no settlement, no claim form

The Trackers Named in the Complaint

The complaint centers on two widely used advertising and analytics tools:

Meta Pixel — a snippet of code, formerly called the Facebook Pixel, that Meta offers advertisers to measure conversions and build ad audiences. The complaint alleges the pixel redirected the contents of a shopper's communications to Meta as they browsed and checked out, and that cookies such as c_user, datr, fr, and _fbp let Meta tie that activity to a specific Facebook profile. It also points to Meta's "Advanced Matching" feature, which the complaint says scans for recognizable fields like name and email to match visitors to their Facebook accounts.
Google trackers — the complaint alleges Crocs used Google Analytics and the Google DoubleClick advertising technology, which received URLs disclosing the products a user purchased along with identifiers like the "cid" (Client ID) and "auid" (Advertiser User ID). It alleges a shopper's email address was transmitted to Google in an encoded form the company could decode and match to its own records, and that Google can also identify users through browser fingerprinting.

Meta and Google are described as the recipients of the data; neither is named as a defendant. The allegations about how these tools operated on crocs.com remain unproven.

What the Named Plaintiff Alleges Happened

The named plaintiff says she accessed crocs.com and purchased Crocs around November and December 2025 while in California, using the same device and browser she uses for her Facebook and Google accounts. She alleges that her communications during those visits — including her identity and purchase information — were intercepted and disclosed to Meta and Google without her consent, and that she was not on notice that the tracking was occurring. The complaint argues that when shoppers hand over their name, email, and payment details to buy a product, they reasonably expect that information to stay between them and the retailer, especially where the site's own cookie banner promised the data would not directly identify them.

What Laws Does the Complaint Invoke?

The complaint asserts five causes of action:

Federal Electronic Communications Privacy Act (ECPA / Wiretap Act), 18 U.S.C. § 2511 — alleging Crocs intentionally intercepted, disclosed, and used the contents of shoppers' electronic communications by embedding the Meta and Google tracking code, and that the "party exception" does not apply because the interceptions were allegedly for a tortious or unlawful purpose. Plaintiff seeks statutory damages under 18 U.S.C. § 2520.
California Invasion of Privacy Act, Penal Code § 631 — the wiretapping provision, alleging Crocs aided and enabled the third parties to read shoppers' communications in transit without all-party consent. CIPA provides statutory damages of $5,000 per violation.
California Invasion of Privacy Act, Penal Code § 632 — the eavesdropping provision, alleging the trackers functioned as recording devices that captured confidential communications.
California Comprehensive Computer Data Access and Fraud Act (CDAFA), Penal Code § 502 — alleging Crocs knowingly accessed and, without permission, took, copied, and used data from shoppers' devices.
Invasion of privacy under the California Constitution — alleging the conduct amounted to an intrusion on class members' reasonable expectation of privacy.

Courts have applied CIPA to internet communications, but whether these statutes reach the conduct alleged here — and whether advertising and analytics trackers count as third-party eavesdroppers — is exactly what the litigation will test.

Who Could Be Affected?

The complaint proposes a nationwide class of all U.S. residents who made a purchase on crocs.com during the class period, plus a California subclass of California residents who did the same. The complaint estimates the classes number in the hundreds of thousands. Exact class definitions and the applicable time period would be decided later if the case advances past the pleading stage.

Is This the Same as the Crocs "Shrinking Clogs" Lawsuit?

No. This privacy case is separate from the earlier consumer complaint alleging that Crocs clogs shrink and deform when exposed to heat and sunlight, which we cover in our Crocs shrinking class action lawsuit article. That case is about the physical product; Kirkpatrick v. Crocs is about the website itself, alleging shoppers' purchase activity was disclosed to advertising platforms. Both remain pending, and the allegations in each remain unproven.

What Are Plaintiffs Seeking?

The complaint seeks class certification, statutory damages under the ECPA and CIPA, punitive damages where warranted, prejudgment interest, injunctive and declaratory relief stopping the challenged practices, and attorneys' fees and costs. A jury trial is demanded. Because the case is unresolved, no money is available now and any recovery is uncertain unless and until plaintiffs prevail or a settlement is reached.

What Should You Do Now?

There is nothing to file at this stage — no settlement and no claim form exist. If you have shopped on crocs.com and are following the case, you can keep your own records (order confirmations and the dates you used the site). If you want legal advice, consult a privacy or consumer-protection attorney licensed in your state; you can find one through your state bar association's lawyer referral service. OpenClassActions.com is a consumer news site, not a law firm, and does not provide legal advice or process claims.

Pixel- and tag-based wiretap suits are a fast-growing corner of consumer privacy litigation. For related examples that also name the Meta and Google trackers, see our coverage of the OpenAI ChatGPT Meta and Google privacy class action, the JetBlue website tracking class action, the Fender website cookie-tracking class action, and the Kalshi website tracking class action.

Read the Complaint

You can read the full class action complaint below:

Your browser can't display the embedded PDF. Open the complaint PDF in a new tab.


Kirkpatrick v. Crocs, Inc. — Class Action Complaint (PDF, filed July 2, 2026)

Frequently Asked Questions

What is the Crocs privacy lawsuit about?

A proposed class action, Kirkpatrick v. Crocs, Inc. in the Northern District of California, alleges that Crocs embedded the Meta Pixel and Google tracking tools on crocs.com and that those tools intercepted and disclosed shoppers' activity — including their names, email addresses, and the products they viewed and purchased — to Meta and Google without consent, in violation of the federal Wiretap Act (ECPA) and California privacy laws. The complaint says this contradicted a cookie banner that told shoppers the site's cookies did not store directly personal information. These are unproven allegations; Crocs has not been found liable.

Is there a Crocs settlement or claim form yet?

No. The case is at the complaint stage. There is no certified class, no settlement, and no claim form. The complaint was filed July 2, 2026, and nothing can be claimed at this time.

Who could be affected by the Crocs tracking lawsuit?

The complaint proposes a nationwide class of all U.S. residents who made a purchase on crocs.com during the class period, plus a California subclass of California residents who did the same. Exact class definitions would be decided later if the case advances.

What laws does the Crocs complaint invoke?

Five causes of action: the federal Electronic Communications Privacy Act (Wiretap Act), 18 U.S.C. § 2511; California Invasion of Privacy Act sections 631 and 632; the California Comprehensive Computer Data Access and Fraud Act (CDAFA), Penal Code § 502; and invasion of privacy under the California Constitution. The ECPA claim seeks statutory damages under 18 U.S.C. § 2520, and the CIPA claims seek statutory damages of $5,000 per violation under Penal Code § 637.2. Whether these statutes apply to the conduct alleged is what the litigation will test.

What did the Crocs cookie banner say?

According to the complaint, crocs.com showed a cookie banner telling visitors the site's cookies did not store directly personal information and that they collected aggregated data that did not directly identify the user. The lawsuit alleges that, contrary to that assurance, identifiers such as names, email addresses, and cookie values tied to Facebook and Google accounts were shared with the two companies. That characterization of the banner and the tracking is an allegation the court has not ruled on.

Is this a Crocs data breach?

No. This is not a hacking or data-breach case — no one is accused of breaking into Crocs' systems or stealing data. The complaint is a website-tracking (wiretap) case: it alleges Crocs itself installed the Meta Pixel and Google trackers on crocs.com and let them share shoppers' identities and purchase activity with Meta and Google for advertising, without consent. These are unproven allegations.

Sources

Kirkpatrick v. Crocs, Inc., No. 4:26-cv-06792 (N.D. Cal.) — Class Action Complaint, filed July 2, 2026
• Meta, "Announcing Facebook Pixel" — Meta for Developers (cited in the complaint)
• Federal Trade Commission, "No, hashing still doesn't make your data anonymous" — FTC (cited in the complaint)



For more class actions keep scrolling below.
Status Complaint filed — no settlement, no certified class
Case Title Kirkpatrick v. Crocs, Inc.
Case Number 4:26-cv-06792
Court U.S. District Court, Northern District of California
Date Filed July 2, 2026
Claims Federal ECPA / Wiretap Act · CIPA § 631 · CIPA § 632 · CDAFA § 502 · California Constitution
Trackers Named Meta Pixel · Google Analytics / DoubleClick (not defendants)

Related Privacy & Tracking Lawsuits