Judge Rita F. Lin, in the Northern District of California, denied a motion to stay litigation pending arbitration and granted in part, denied in part, a motion to dismiss in a putative class action alleging privacy violations by a credit reporting agency and its affiliates. The decision allows most of the plaintiffs’ claims—including those under California and federal privacy laws—to move forward, while dismissing the unjust enrichment claim with leave to amend.
No Stay Pending Arbitration
Defendants sought to pause the litigation while related arbitration proceedings were resolved. The court rejected this request, finding that the arbitration’s outcome would not bind the court or resolve the non-arbitrable class claims at issue. The court emphasized that a stay would cause unnecessary delay without promoting judicial efficiency, and that any prejudice to the defendants from overlapping discovery was outweighed by the harm to plaintiffs from delayed resolution.
Privacy Claims Survive Dismissal
Plaintiffs allege that defendants used tracking pixels to collect and indefinitely store detailed personal information and web activity, compiling extensive profiles tied to individual identifiers. The court found these allegations sufficient to state a claim for intrusion upon seclusion under California law, noting that the alleged conduct was more invasive than in recent cases where limited tracking did not confer standing. The court also rejected arguments that the California Consumer Privacy Act (CCPA) authorized the conduct, clarifying that the CCPA does not permit interception of communications without consent.
The scope of the alleged tracking in this case is materially more invasive than the limited tracking at issue in the Ninth Circuit’s recent decision in Popa v. Microsoft Corp., 153 F.4th 784 (9th Cir. 2025). In Popa, the tracking of plaintiff’s non-sensitive interactions with a single website, http://www.petsuppliesplus.com, did not give rise to a cognizable Article III injury. Id. at 786, 791–94. Here, Plaintiffs allege that Experian compiled detailed profiles by tracking their interactions across many websites, and that the tracking “across the internet” remains ongoing. Furthermore, while Experian cites Phillips v. U.S. Customs & Border Prot., 74 F.4th 986 (9th Cir. 2023), the Ninth Circuit found a lack of concrete injury there because the plaintiffs had alleged only that the government had retained illegally obtained records, without further disclosing them. See id. at 992. Here, the allegation is that Experian developed extensive profiles that were disclosed on a large scale and sold commercially.
Wiretap and Pen Register Claims Move Forward
Claims under the California Invasion of Privacy Act (CIPA) and the federal Electronic Communications Privacy Act (ECPA) were also allowed to proceed. The court held that the alleged interception of full-string URLs and other web activity constituted the “contents” of communications under these statutes. The court further found that the technology at issue could qualify as a “pen register” under CIPA, and that plaintiffs had a private right of action. Arguments that the conduct was exempt as part of ordinary business operations were rejected or deemed waived.
Unjust Enrichment Dismissed, With Leave to Amend
The only claim dismissed was for unjust enrichment, as plaintiffs failed to allege that they lacked an adequate remedy at law.
Ariel Gilligan, et al., v. Experian Data Corp., Experian Info. Sols., Inc., Experian PLC, Tapad, Inc., No. 25-CV-02873-RFL, 2026 WL 32259 (N.D. Cal. Jan. 6, 2026).
