Perplexity AI faces CIPA class action lawsuit over unauthorized sharing of user prompts with advertisers

A proposed class action lawsuit filed on March 31, 2026 alleges that Perplexity AI unlawfully shared its users' private conversations and sensitive data with Meta and Google for targeted advertising.

• Perplexity AI allegedly embedded tracking pixels that shared users' sensitive AI prompts with Meta and Google without their consent
• The complaint claims this unauthorized data sharing occurred even when users enabled the platform's "Incognito" mode
• Plaintiff alleges Perplexity, Google, and Meta violated the California Invasion of Privacy Act (CIPA), Electronic Communications Privacy Act (ECPA), Comprehensive Computer Data Access and Fraud Act (CDAFA), California's Unfair Competition Law, and California Constitution, Article 1, Section 1
• The lawsuit is seeking damages of $5,000 per violation, which could scale very quickly given Perplexity has about 20 million monthly active users in the US
• This case highlights the legal risks of non-compliant data sharing to advertising third parties without effective consent banners

Background to the case

Perplexity AI runs a conversational search engine that relies on large language models to answer user queries. 

According to a recently filed class action complaint, users regularly shared highly sensitive information with the AI, including questions about health conditions, financial planning, and legal issues.

The lawsuit claims Perplexity deployed tracking technologies, including the Meta Pixel, Google Ads, and Google DoubleClick, within its website and mobile application. These trackers allegedly intercepted users' communications in real time.

The advertising connection

Non-compliant data sharing to advertising third parties is the central focus of this litigation. 

The complaint alleges Perplexity shared complete transcripts of users' "Conversational Dialogues" alongside unique identifiers, email addresses, and full-string URLs.

This data was allegedly sent to Meta and Google to optimize advertising and increase profits. 

By capturing these specific queries, Meta and Google could allegedly compile granular user profiles and serve targeted advertising based on the sensitive health or financial information users input into Perplexity.

Bypassing user privacy controls

The lawsuit claims Perplexity failed to use a consent banner to obtain user permission before deploying these advertising trackers.

Furthermore, the complaint alleges that Perplexity's privacy features were deceptive. 

Users who used the platform's "Incognito" mode were told their queries would remain anonymous. However, the lawsuit claims tracking technologies still captured and shared these incognito prompts, alongside unique identifiers that tied the data directly to users' Facebook and Google accounts.

Alleged legal violations

The lawsuit claims Perplexity, Meta, and Google violated laws various privacy and consumer protection laws, including: 

• the California Invasion of Privacy Act (CIPA), California Constitution, Article 1, Section 1, and the federal Electronic Communications Privacy Act (the Wiretap Act) for allegedly sharing or intercepting personal information without consent
• California's Unfair Competition Law, for deceptively promising privacy while monetizing user data
• The Comprehensive Computer Data Access and Fraud Act (CDAFA), for allegedly accessing information on users’ devices without permission

Key takeaways

Targeted advertising and personal data sharing continue to face strict regulatory scrutiny. Businesses running digital advertising should consider the following steps:

• Establish robust digital tracking governance to track all personal data elements shared and all third parties receiving personal data
• Continuously audit websites and apps to ensure that user consent is actually honored and no sensitive data is shared
• Run data protection assessments for any processing of personal data for targeted advertising, selling of personal data, or processing of sensitive data

Reduce your litigation risk with Privado AI solutions that continuously monitor privacy compliance on websites and apps, where companies have the most risk. Web Auditor and App Auditor are the most comprehensive solutions to verify in real-time that your websites, apps, and CMP are compliant with all applicable privacy requirements for each location, including your privacy policies.