Crocs Privacy Class Action Over Meta & Google Tracking
Privacy · Website Tracking · Lawsuit Filed
Crocs Website Tracking Class Action: Lawsuit Alleges Meta and Google Intercepted Shoppers' Purchases
PublishedJuly 5, 2026
A new complaint says tracking code on crocs.com sent shoppers' names, emails, and purchase details to Meta and Google without consent — despite a cookie banner promising the data would not identify them. Anyone who bought from the site could fall within the proposed class, but there is nothing to claim yet.
This article describes a class action complaint. The statements below are unproven
allegations. Crocs, Inc. has not been found liable, there is no certified class, and there
is nothing to claim at this time. This page is general information, not legal advice.
What Is the Crocs Privacy Lawsuit About?
Crocs, the footwear brand behind the foam clog, is facing a proposed class action alleging that its
online store quietly let third-party advertising trackers intercept and disclose shoppers' activity.
The case is Kirkpatrick v. Crocs, Inc., No. 4:26-cv-06792, in the U.S. District Court for the
Northern District of California. The named plaintiff, a Concord, California resident, filed the
complaint on July 2, 2026, through the law firm Bursor & Fisher.
According to the complaint, Crocs embedded tracking tools from Meta (Facebook) and Google into
crocs.com that contemporaneously duplicated shoppers' communications with the site and transmitted
them to the two companies. The complaint alleges the intercepted data included the shopper's name,
email address, the products they viewed and added to their cart, and their purchase details, along
with cookie values that can be matched back to individual Facebook and Google accounts. The complaint
alleges this happened even though crocs.com displayed a cookie banner assuring visitors that the
site's cookies "do not store directly personal information" and collected only "aggregated" data that
"does not directly identify you." None of the claims has been proven, and no court has ruled on the
merits.
StatusComplaint Filed · No Settlementfiled July 2, 2026 in the Northern District of California
CaseKirkpatrick v. Crocs, Inc.No. 4:26-cv-06792 (N.D. Cal.)
Can I Claim?No — nothing to claim yetno certified class, no settlement, no claim form
The Trackers Named in the Complaint
The complaint centers on two widely used advertising and analytics tools:
• Meta Pixel — a snippet of code, formerly called the Facebook Pixel, that Meta offers
advertisers to measure conversions and build ad audiences. The complaint alleges the pixel redirected
the contents of a shopper's communications to Meta as they browsed and checked out, and that cookies
such as c_user, datr, fr, and _fbp let Meta tie that activity to a specific
Facebook profile. It also points to Meta's "Advanced Matching" feature, which the complaint says scans
for recognizable fields like name and email to match visitors to their Facebook accounts.
• Google trackers — the complaint alleges Crocs used Google Analytics and the Google
DoubleClick advertising technology, which received URLs disclosing the products a user purchased along
with identifiers like the "cid" (Client ID) and "auid" (Advertiser User ID). It alleges a shopper's
email address was transmitted to Google in an encoded form the company could decode and match to its
own records, and that Google can also identify users through browser fingerprinting.
Meta and Google are described as the recipients of the data; neither is named as a defendant. The
allegations about how these tools operated on crocs.com remain unproven.
What the Named Plaintiff Alleges Happened
The named plaintiff says she accessed crocs.com and purchased Crocs around November and December 2025
while in California, using the same device and browser she uses for her Facebook and Google accounts.
She alleges that her communications during those visits — including her identity and purchase
information — were intercepted and disclosed to Meta and Google without her consent, and that she was
not on notice that the tracking was occurring. The complaint argues that when shoppers hand over their
name, email, and payment details to buy a product, they reasonably expect that information to stay
between them and the retailer, especially where the site's own cookie banner promised the data would
not directly identify them.
What Laws Does the Complaint Invoke?
The complaint asserts five causes of action:
• Federal Electronic Communications Privacy Act (ECPA / Wiretap Act), 18 U.S.C. § 2511 —
alleging Crocs intentionally intercepted, disclosed, and used the contents of shoppers' electronic
communications by embedding the Meta and Google tracking code, and that the "party exception" does not
apply because the interceptions were allegedly for a tortious or unlawful purpose. Plaintiff seeks
statutory damages under 18 U.S.C. § 2520.
• California Invasion of Privacy Act, Penal Code § 631 — the wiretapping provision,
alleging Crocs aided and enabled the third parties to read shoppers' communications in transit without
all-party consent. CIPA provides statutory damages of $5,000 per violation.
• California Invasion of Privacy Act, Penal Code § 632 — the eavesdropping provision,
alleging the trackers functioned as recording devices that captured confidential communications.
• California Comprehensive Computer Data Access and Fraud Act (CDAFA), Penal Code § 502 —
alleging Crocs knowingly accessed and, without permission, took, copied, and used data from shoppers'
devices.
• Invasion of privacy under the California Constitution — alleging the conduct amounted to
an intrusion on class members' reasonable expectation of privacy.
Courts have applied CIPA to internet communications, but whether these statutes reach the conduct
alleged here — and whether advertising and analytics trackers count as third-party eavesdroppers — is
exactly what the litigation will test.
Who Could Be Affected?
The complaint proposes a nationwide class of all U.S. residents who made a purchase on crocs.com during
the class period, plus a California subclass of California residents who did the same. The complaint
estimates the classes number in the hundreds of thousands. Exact class definitions and the applicable
time period would be decided later if the case advances past the pleading stage.
Is This the Same as the Crocs "Shrinking Clogs" Lawsuit?
No. This privacy case is separate from the earlier consumer complaint alleging that Crocs clogs shrink
and deform when exposed to heat and sunlight, which we cover in our
Crocs shrinking class action lawsuit
article. That case is about the physical product; Kirkpatrick v. Crocs is about the website
itself, alleging shoppers' purchase activity was disclosed to advertising platforms. Both remain
pending, and the allegations in each remain unproven.
What Are Plaintiffs Seeking?
The complaint seeks class certification, statutory damages under the ECPA and CIPA, punitive damages
where warranted, prejudgment interest, injunctive and declaratory relief stopping the challenged
practices, and attorneys' fees and costs. A jury trial is demanded. Because the case is unresolved, no
money is available now and any recovery is uncertain unless and until plaintiffs prevail or a
settlement is reached.
What Should You Do Now?
There is nothing to file at this stage — no settlement and no claim form exist. If you have shopped on
crocs.com and are following the case, you can keep your own records (order confirmations and the dates
you used the site). If you want legal advice, consult a privacy or consumer-protection attorney
licensed in your state; you can find one through your state bar association's lawyer referral service.
OpenClassActions.com is a consumer news site, not a law firm, and does not provide legal advice or
process claims.
A proposed class action, Kirkpatrick v. Crocs, Inc. in the Northern District of California, alleges that Crocs embedded the Meta Pixel and Google tracking tools on crocs.com and that those tools intercepted and disclosed shoppers' activity — including their names, email addresses, and the products they viewed and purchased — to Meta and Google without consent, in violation of the federal Wiretap Act (ECPA) and California privacy laws. The complaint says this contradicted a cookie banner that told shoppers the site's cookies did not store directly personal information. These are unproven allegations; Crocs has not been found liable.
Is there a Crocs settlement or claim form yet?
No. The case is at the complaint stage. There is no certified class, no settlement, and no claim form. The complaint was filed July 2, 2026, and nothing can be claimed at this time.
Who could be affected by the Crocs tracking lawsuit?
The complaint proposes a nationwide class of all U.S. residents who made a purchase on crocs.com during the class period, plus a California subclass of California residents who did the same. Exact class definitions would be decided later if the case advances.
What laws does the Crocs complaint invoke?
Five causes of action: the federal Electronic Communications Privacy Act (Wiretap Act), 18 U.S.C. § 2511; California Invasion of Privacy Act sections 631 and 632; the California Comprehensive Computer Data Access and Fraud Act (CDAFA), Penal Code § 502; and invasion of privacy under the California Constitution. The ECPA claim seeks statutory damages under 18 U.S.C. § 2520, and the CIPA claims seek statutory damages of $5,000 per violation under Penal Code § 637.2. Whether these statutes apply to the conduct alleged is what the litigation will test.
What did the Crocs cookie banner say?
According to the complaint, crocs.com showed a cookie banner telling visitors the site's cookies did not store directly personal information and that they collected aggregated data that did not directly identify the user. The lawsuit alleges that, contrary to that assurance, identifiers such as names, email addresses, and cookie values tied to Facebook and Google accounts were shared with the two companies. That characterization of the banner and the tracking is an allegation the court has not ruled on.
Is this a Crocs data breach?
No. This is not a hacking or data-breach case — no one is accused of breaking into Crocs' systems or stealing data. The complaint is a website-tracking (wiretap) case: it alleges Crocs itself installed the Meta Pixel and Google trackers on crocs.com and let them share shoppers' identities and purchase activity with Meta and Google for advertising, without consent. These are unproven allegations.
Sources
• Kirkpatrick v. Crocs, Inc., No. 4:26-cv-06792 (N.D. Cal.) — Class Action Complaint, filed July 2, 2026
• Meta, "Announcing Facebook Pixel" —
Meta for Developers (cited in the complaint)
• Federal Trade Commission, "No, hashing still doesn't make your data anonymous" —
FTC (cited in the complaint)
Free settlement alerts
Get notified when new class actions open to claims
Join thousands of readers who get the latest class action settlements you may qualify for — delivered straight to your inbox.
For more class actions keep scrolling below.
Status
Complaint filed — no settlement, no certified class
Case Title
Kirkpatrick v. Crocs, Inc.
Case Number
4:26-cv-06792
Court
U.S. District Court, Northern District of California
Trackers Named
Meta Pixel · Google Analytics / DoubleClick (not defendants)
Related Privacy & Tracking Lawsuits
Kalshi Website Tracking Class Action: A similar Bursor & Fisher wiretap suit says the LinkedIn Insight Tag and Google Analytics intercepted users' bets. Read more →
JetBlue Website Tracking Class Action: A wiretap suit says FullStory and Dynamic Yield intercepted travelers' data on JetBlue.com. Read more →
Fender Website Cookie-Tracking Lawsuit: Suit says Fender let third-party cookies track shoppers on its site without consent. Read more →
GM OnStar Driving-Data Privacy Lawsuit: Drivers say GM collected and sold their driving data to data brokers without consent. Read more →
AutoZone Website-Tracking Settlement: A privacy settlement over website session-replay and tracking tools. See who qualifies →