OpenAI Faces Class-Action Lawsuit Over Alleged ChatGPT Data Sharing With Meta And Google

OpenAI is facing a proposed class-action lawsuit that accuses the company of sharing ChatGPT users’ query topics and identifying information with Meta and Google through website tracking tools.

The case, Couture v. OpenAI Global, LLC, was filed on May 13, 2026 in the U.S. District Court for the Southern District of California. The complaint names California resident Amargo Couture as the plaintiff and OpenAI Global, LLC as the defendant.

The lawsuit claims OpenAI embedded Meta’s Facebook Pixel and Google Analytics-related tracking code into ChatGPT.com. According to the complaint, those tools allegedly transmitted information connected to ChatGPT activity without users’ clear consent.

What the lawsuit alleges

The complaint centers on the idea that ChatGPT conversations can contain highly sensitive information. Users may ask about health, finances, legal issues, workplace problems, relationships, and personal decisions.

The lawsuit alleges that users had a reasonable expectation that those conversations would stay between them and OpenAI. Instead, the complaint claims ChatGPT.com sent query-related signals, identifiers, and contact-related data to Meta and Google through third-party tracking scripts.

OpenAI has not been found liable. The case is at an early stage, and the claims will need to survive court review before the proposed class can move toward certification or damages.

Case detail	Information
Case name	Couture v. OpenAI Global, LLC
Case number	3:26-cv-03000-H-GC
Court	U.S. District Court for the Southern District of California
Plaintiff	Amargo Couture
Defendant	OpenAI Global, LLC
Filed	May 13, 2026
Main claim	Alleged sharing of ChatGPT query-related data with Meta and Google through tracking tools

How Meta Pixel and Google Analytics fit into the complaint

The complaint claims that Meta Pixel was present in ChatGPT’s web interface and could send event data to Meta when users interacted with the site.

According to the lawsuit, those transmissions could include page or tab titles derived from a user’s ChatGPT query, along with cookies or identifiers that may connect activity to a Meta account.

The complaint also alleges that Google Analytics and related Google tags captured hashed email addresses, device data, browser identifiers, and Google-linked cookies. The lawsuit claims this allowed activity on ChatGPT.com to become part of broader analytics and advertising systems.

Why the claim focuses on privacy and wiretapping laws

The lawsuit brings claims under the federal Electronic Communications Privacy Act, the California Invasion of Privacy Act, and California constitutional privacy protections.

At the center of the legal theory is whether ChatGPT prompts and related website events count as private electronic communications, and whether third-party tracking tools allegedly intercepted or disclosed those communications without consent.

The complaint describes the tracking scripts, cookies, and related servers as tools used to learn information about confidential user interactions. OpenAI will have the chance to challenge those claims in court.

Legal claim area	What the complaint argues
Electronic Communications Privacy Act	ChatGPT interactions allegedly count as electronic communications that were intercepted or disclosed
California Invasion of Privacy Act	Tracking tools allegedly functioned as eavesdropping or wiretap mechanisms
California constitutional privacy	Users allegedly had a privacy interest in their ChatGPT activity
Requested relief	Damages, injunctive relief, and changes to tracking practices

OpenAI’s public privacy position

OpenAI’s public consumer data FAQ says the company does not sell user data. It also says OpenAI does not share chat content for marketing or advertising purposes.

The same FAQ says OpenAI may share content with trusted service providers that help provide its services, subject to confidentiality and security obligations. OpenAI’s cookie policy also says it uses cookies and similar technologies, including third-party cookies, pixels, web beacons, device identifiers, APIs, and local storage for certain purposes.

This creates one of the key disputes in the case. The plaintiff alleges ChatGPT-related information flowed to Meta and Google for advertising and analytics systems, while OpenAI’s public materials state that chat content is not shared for marketing or advertising purposes.

What data the lawsuit says was shared

The complaint does not simply claim that OpenAI used generic analytics tools. It alleges that data connected to user activity and identity flowed to third parties in a way that could reveal what users were asking ChatGPT.

For Meta, the lawsuit focuses on query-derived page context and cookies that may connect activity to a Facebook account. For Google, it focuses on hashed email addresses, browser signals, Google-linked cookies, and analytics identifiers.

The lawsuit argues that these signals could make ChatGPT activity useful for ad targeting, remarketing, audience building, and cross-device profiling.

• ChatGPT query topics or page titles allegedly derived from user prompts
• Meta-related cookies and identifiers allegedly tied to Facebook accounts
• Google Analytics and Google Ads-related identifiers
• Hashed email addresses allegedly sent during login or account activity
• Browser, device, and session identifiers
• Advertising and analytics signals allegedly linked to user profiles

Why this lawsuit matters for AI privacy

The case adds a new angle to the privacy debate around generative AI. Many lawsuits against AI companies have focused on training data, copyright, or the collection of public information.

This complaint instead targets the web layer around an AI product. It asks whether common marketing and analytics tools become legally risky when placed inside an AI interface where users enter sensitive, free-form prompts.

That distinction matters for every company building AI products. Even if a model provider protects stored chats, third-party scripts in the website or app can create separate privacy, consent, and compliance risks.

The lawsuit follows a wider wave of tracking-pixel cases

Tracking-pixel lawsuits have already affected health websites, video platforms, job portals, and other services that collect sensitive user information. Plaintiffs increasingly argue that third-party scripts can violate privacy and wiretap laws when they capture meaningful user activity.

AI chatbots create a more complex version of that issue. A search query or page click may reveal some intent, but a chatbot prompt can include full personal stories, legal questions, medical details, financial facts, or business secrets.

That makes the placement of advertising and analytics tags on AI products a higher-risk design decision than it might be on ordinary marketing pages.

What users should know

Users should understand that this case has not proved that OpenAI illegally shared ChatGPT data. It only shows that a plaintiff has filed a complaint and asked the court to treat the claims as a class action.

Still, the lawsuit highlights a practical privacy concern. Users often paste sensitive information into AI tools because the conversation feels private and direct.

People who use consumer AI services for sensitive topics should review privacy settings, cookie settings, shared links, chat history, and workplace policies before entering confidential information.

1. Review ChatGPT data controls and privacy settings.
2. Use temporary or privacy-focused chat options when appropriate.
3. Avoid entering legal, medical, financial, or workplace secrets unless the service and account type fit that use.
4. Check browser cookie settings and third-party tracking controls.
5. Do not share ChatGPT conversation links that contain sensitive information.
6. Use enterprise or business plans with stronger administrative controls for workplace data.

What companies using AI tools should review

Organizations should treat the lawsuit as a reminder to audit AI front ends, not only AI models. Tracking scripts, tag managers, analytics tools, session replay tools, and advertising pixels can all create hidden data flows.

Companies building AI assistants should map what data leaves the page, which vendors receive it, what identifiers travel with it, and whether consent notices clearly cover that activity.

Legal, privacy, and security teams should also review whether user prompts can appear in page titles, URLs, analytics events, logs, telemetry, or support tools.

• Audit third-party scripts on AI pages.
• Remove advertising pixels from sensitive prompt interfaces unless legally reviewed.
• Check whether prompts appear in URLs, titles, event labels, or analytics fields.
• Review cookie consent language and default tracking behavior.
• Limit vendor access to prompt content and user identifiers.
• Document data flows for privacy, security, and compliance teams.

What happens next

The court must still decide whether the complaint can proceed. OpenAI may seek dismissal, challenge the legal theory, dispute the technical allegations, or argue that users received adequate notice and consent.

The plaintiff will also need to meet class-action requirements if the case advances. That means showing that the proposed class can be certified and that common issues can be handled together.

Regardless of the outcome, the complaint increases scrutiny on how AI services use ordinary web tracking tools. For AI companies, the safest approach is to treat prompt pages as sensitive environments and keep advertising technology away from private user interactions unless privacy controls clearly support it.

FAQ