Singularity.Kiwi

AI progress, with honesty.
A ChatGPT interface with data streams flowing toward Meta and Google logos, representing the alleged data sharing
News 16 May 2026

OpenAI Sued for Secretly Funneling ChatGPT Conversations to Meta and Google

OpenAI faces a class-action lawsuit claiming ChatGPT sent user queries and personal data to Meta and Google through embedded tracking pixels — turning intimate AI conversations into ad-targeting fuel.

OpenAIPrivacyData TrackingClass Action LawsuitMeta

Answer-First Lead

A class-action lawsuit filed in California alleges OpenAI embedded Meta’s Facebook Pixel and Google Analytics tracking code in ChatGPT’s web interface, silently transmitting user queries, email addresses, and chat topics to both companies’ ad-targeting systems in real time. If true, every private conversation you’ve had with ChatGPT was potential fuel for advertising.

🔍 THE BOTTOM LINE

OpenAI built trust on the promise that your AI conversations were private. This lawsuit alleges they were anything but — and the tracking tech at the centre of it is the same stuff that’s been haunting healthcare and financial websites for years.

What the Lawsuit Claims

Lead plaintiff Amargo Couture filed the complaint in the Southern District of California on behalf of all US ChatGPT users. The core allegation: OpenAI “intentionally installed wiretaps” on ChatGPT.com by embedding third-party tracking scripts that intercepted user communications and sent them to Meta and Google without consent.

This isn’t about training data. The dozens of existing lawsuits against OpenAI already cover that territory. This is different — it’s about real-time surveillance through standard web tracking technology embedded directly in the ChatGPT web interface.

The Meta Side: Facebook Pixel

According to the complaint, OpenAI embedded Meta’s Facebook Pixel in ChatGPT’s web pages. The Pixel allegedly:

  • Fired silent HTTP requests to Facebook’s servers on every user interaction
  • Transmitted browser tab titles derived from user queries (e.g., “Super Bowl 2005 Winner” visible in the page title)
  • Sent Facebook cookies (c_user, fr, fbp) that could be tied to specific Facebook accounts
  • Fed this data into Meta’s “Core Audiences,” “Custom Audiences,” and “Lookalike Audiences” ad-targeting systems

So if you asked ChatGPT about a health condition, a financial problem, or a legal issue, Meta’s advertising systems may have known about it in real time.

The Google Side: Analytics and Ads Tags

The complaint also alleges that Google Analytics and Google Ads tags captured:

  • Hashed email addresses used for ChatGPT sign-up and login
  • Device and browser identifiers
  • Google Signals cookies (like Secure-3PSID) linked to logged-in Google accounts
  • Cross-device behavioural data through Google’s remarketing features

The lawsuit claims these data points enabled OpenAI and Google to retarget users based on their ChatGPT activity and fold those events into broader advertising products.

Why This Matters More Than Previous OpenAI Lawsuits

Most OpenAI lawsuits challenge how training data was collected — scraping the internet, using copyrighted works, ingesting personal information. Important, but abstract. This case is about active, ongoing surveillance of people using ChatGPT right now.

Consider what people type into ChatGPT:

  • Medical symptoms and health questions
  • Financial details and tax problems
  • Legal concerns
  • Personal relationship advice
  • Work documents (often confidential)
  • Political opinions

The complaint notes that some estimates suggest a significant portion of corporate data pasted into ChatGPT is confidential. If all of that was simultaneously being piped to Meta and Google’s ad-targeting systems, the privacy implications are staggering.

The lawsuit rests on three pillars:

  1. Electronic Communications Privacy Act (ECPA) — Argues each ChatGPT interaction is an “electronic communication” and that copying them to Meta and Google via client-side JavaScript qualifies as unlawful interception

  2. California Invasion of Privacy Act (CIPA) Sections 631 and 632 — Characterises the Meta Pixel and Google Analytics tags as “machines, instruments, or contrivances” used to eavesdrop on confidential sessions without all-party consent

  3. California Constitutional Privacy Rights — Users had a reasonable expectation that conversations with ChatGPT would stay between them and OpenAI

The proposed class covers all US residents whose data was disclosed through these tracking mechanisms, with a California subclass seeking up to $5,000 per violation under CIPA.

The Bigger Picture: Tracking Pixels Are a Known Problem

This lawsuit lands in a broader context. Tracking pixels on sensitive websites have been under legal assault for years:

  • Healthcare sites have been caught sending patient data to advertisers via Meta Pixel
  • Financial sites have faced similar lawsuits over tracking technology
  • Session replay tools like Hotjar and FullStory have drawn regulatory scrutiny

The difference? Those sites were leaking data about what pages you visited. ChatGPT is leaking data about what you said in private conversations. The intimacy gap is enormous.

What OpenAI Has Said About Privacy

OpenAI has repeatedly emphasised its commitment to user privacy:

  • ChatGPT settings allow users to opt out of training on their conversations
  • OpenAI released a privacy filter tool for detecting PII
  • Their privacy policy outlines data collection practices

But the lawsuit alleges none of these disclosures adequately informed users that their chat data was being transmitted to third-party ad networks in real time through embedded tracking scripts. An opt-out for model training is not the same as an opt-out for ad-tech surveillance.

What This Means for NZ

For the roughly 500,000 New Zealanders who’ve used ChatGPT, this case raises immediate questions:

  • Privacy Act 2020: NZ’s privacy framework requires organisations collecting personal information to have a lawful purpose and to be transparent about it. If ChatGPT was sending data to ad networks without clear disclosure, that’s a problem under NZ law too
  • Office of the Privacy Commissioner: NZ’s OPC has been increasingly active on digital privacy. This case may prompt a closer look at how AI tools handle NZ user data
  • Enterprise risk: NZ businesses that allow staff to use ChatGPT may need to revisit their AI policies — not just for training data concerns, but for active data exfiltration through tracking technology
Lawsuit TypeFocusKey Difference
Copyright infringement (multiple)Training data scrapingAbout how models were built
NYT v OpenAICopyright in training dataAbout news content reproduction
School shooting liabilityHarmful output liabilityAbout what the model generates
This case (Couture v OpenAI)Active user surveillanceAbout what the website does to current users

What Should ChatGPT Users Do Now?

  1. Check your browser extensions — Privacy tools like uBlock Origin can block tracking pixels
  2. Review your ChatGPT data settings — Settings > Data Controls > Improve the model for everyone (toggle off)
  3. Use the API instead — The API doesn’t embed web tracking scripts; it’s a cleaner interaction
  4. Assume your chat topics are not private — Until OpenAI addresses these allegations, treat ChatGPT web conversations as you would any non-encrypted web form

❓ Frequently Asked Questions

Q: What does this mean for NZ ChatGPT users? NZ’s Privacy Act 2020 requires transparency about data collection. If OpenAI was sending chat data to Meta and Google without adequate disclosure, NZ users may have grounds for complaints to the Privacy Commissioner. The $5,000 per violation figure in the US case doesn’t apply here, but the principles do.

Q: Is this different from the ChatGPT ads story? Yes. Our earlier coverage of ChatGPT serving ads was about OpenAI’s own ad platform and attribution system. This lawsuit is about third-party tracking pixels — Meta’s Facebook Pixel and Google Analytics — silently exfiltrating user data to external ad networks. Different mechanism, arguably more invasive.

Q: What should I do if I use ChatGPT for work? Talk to your IT team about whether your organisation’s data loss prevention policies cover ChatGPT. Consider using the API (which doesn’t embed tracking pixels) or enterprise plans with stricter data handling. And never paste confidential information into the web interface — that was already good advice; this lawsuit makes it urgent.

🔍 THE BOTTOM LINE

The central irony is exquisite: OpenAI, the company that built its brand on building safe, trustworthy AI, allegedly installed the same privacy-violating tracking tech that’s been plaguing healthcare and financial websites for years. The same Meta Pixel that leaked patient data from hospital sites was apparently running on ChatGPT — where people pour out their most intimate questions.

This case won’t just affect OpenAI. It puts every AI company on notice: if you embed ad-tech trackers in your chatbot, you’re wiretapping your users. And the legal bills for that start at $5,000 per conversation.

Sources

  • Bloomberg Law
  • Law360
  • Cryptika Cybersecurity
  • Analytics Insight
Sources: Bloomberg Law, Law360, Cryptika

Related Articles