If there is one law firm that has made website tracker litigation a national conversation, Bursor & Fisher, P.A. deserves significant credit. This New York and San Francisco-based plaintiff firm, led by founding attorney Scott Bursor, has been at the forefront of consumer privacy class actions targeting tracking pixels, chat widgets, and video content analytics for over a decade—and their activity shows no signs of slowing.

For compliance professionals and business owners, understanding Bursor & Fisher’s approach is a practical exercise in risk assessment. This firm does not file cases on intuition—it files cases backed by methodical technology evidence and well-developed legal theories that have survived judicial scrutiny in federal courts across the country.

About Bursor & Fisher, P.A.

Founded by Scott Bursor, Bursor & Fisher has offices in New York City and San Francisco and operates as a boutique plaintiff firm concentrated on high-stakes consumer protection and privacy class actions. The firm has recovered hundreds of millions of dollars for consumers in cases spanning data privacy, product liability, and consumer fraud.

In the privacy space specifically, Bursor & Fisher has become one of the most recognizable names in CIPA litigation and Video Privacy Protection Act (VPPA) claims—two areas where the firm has repeatedly achieved favorable rulings, significant settlements, and class certifications that have shaped how courts analyze digital tracking liability.

The firm is lean by design: it takes on fewer cases than mega-firms but invests deeply in each, developing technology evidence and legal theory with the thoroughness of a firm preparing every case for trial.

Primary Legal Theories

California Invasion of Privacy Act (CIPA) — §§ 631 and 638.51

Bursor & Fisher has been a prolific filer of CIPA claims targeting website technologies that intercept user communications or install unauthorized pen registers. Their CIPA litigation portfolio includes cases targeting chat software that enables third-party vendors to access real-time conversations, session replay tools that record user behavior without consent, and tracking pixels that capture and transmit behavioral data to advertising platforms.

The firm has achieved notable success surviving early dismissal motions in CIPA cases, establishing precedent that wiretapping and pen register theories can apply to modern digital tracking technologies—a legal foundation that other plaintiff firms have built upon.

Video Privacy Protection Act (VPPA)

The VPPA has become one of Bursor & Fisher’s most productive litigation vehicles. Originally enacted to protect video rental records, the firm has successfully argued that companies operating websites with video content—news publishers, healthcare sites, streaming services, and e-commerce retailers—violate the VPPA when they share users’ video viewing history with advertising platforms through pixels like Meta Pixel or Google Analytics.

The firm’s VPPA cases typically target the intersection of authenticated user accounts (where a user is logged in) and behavioral tracking that transmits viewing data to Meta or Google. Courts have been receptive to this theory where the plaintiff can demonstrate that the transmitted data links a user’s identity to their specific video viewing choices—exactly what Meta Pixel captures when operating on sites with video content and Facebook-connected users.

Notable Cases and Settlements

• Healthcare Website Pixel Cases: Bursor & Fisher has been active in cases against hospital systems and healthcare providers using Meta Pixel on patient portal websites, where the pixel was alleged to transmit protected health data—including appointment details, symptom searches, and physician lookups—to Meta’s advertising infrastructure.
• VPPA Publishing Cases: The firm has filed VPPA actions against major media and news publishers whose video content is monetized through advertising pixels, arguing that subscriber viewing habits are shared with Meta without consent.
• CIPA Chat Wiretapping: Multiple actions targeting e-commerce and SaaS companies using third-party chat platforms that enable vendor access to conversation logs without user-facing disclosure.
• Subscription Service Tracking: Cases against subscription-based platforms where user activity, including video viewing and content consumption, is tracked and shared with advertising networks.

Industries and Technologies Targeted

Bursor & Fisher casts a wide net but selects cases where the technology evidence is strongest and the legal theory is well-developed. Their primary targets include:

• Healthcare providers and hospital systems with Meta Pixel or Google Analytics on patient-facing portals
• News and media publishers combining video content with advertising pixel infrastructure
• E-commerce sites using third-party chat software with vendor data access
• Streaming and subscription services sharing authenticated user viewing history with third parties
• Financial services companies using session replay or behavioral analytics without adequate disclosure

What Makes Bursor & Fisher Distinctive

Several characteristics set this firm apart from the high-volume demand letter shops:

• Deep case development: The firm invests significantly in building the technical record before filing, resulting in complaints that are difficult to dismiss and create substantial settlement pressure.
• Appellate reach: Bursor & Fisher has argued cases at the Ninth Circuit level, shaping the appellate precedent that governs privacy litigation in California federal courts.
• VPPA expertise: The firm’s track record in VPPA litigation has made it a go-to for VPPA class actions nationally, with cases in courts outside California as well.
• Settlement leverage: The combination of well-developed cases and experienced trial counsel means their settlement demands carry credibility—defendants who choose to litigate face a formidable opponent.

What This Means for Your Business

If your website has video content, a logged-in user base, and any form of third-party pixel or analytics technology running simultaneously, you are within the exact fact pattern that Bursor & Fisher has successfully litigated. The VPPA risk is particularly acute for:

• Healthcare sites with video content (explainer videos, telehealth, patient education)
• News and media publishers with subscriber video libraries and advertising pixels
• E-learning platforms where users are authenticated and content is tracked for advertising
• Any subscription service that uses Meta Pixel while users are logged in

Compliance Action Steps

• 1. Map Video + Pixel Intersections: Audit every page on your site where video content exists alongside third-party pixels. This intersection is the core VPPA exposure point.
• 2. Block Pixels for Authenticated Video Viewers: Ensure advertising pixels do not fire for authenticated users unless those users have explicitly consented to video viewing data being shared with third parties.
• 3. Update VPPA Disclosures: In your Privacy Policy, explicitly address whether video viewing data is shared with third-party advertising platforms—and, if so, provide a clear opt-out mechanism.
• 4. Audit Chat Vendor Data Access: Review your chat platform vendor agreements for data access provisions. Ensure real-time chat transcripts are not accessible to the vendor without user consent.
• 5. Enforce Granular Consent Categories: Implement a consent management platform that allows users to separately consent to analytics versus advertising tracking—and enforce that separation technically.

Conclusion

Bursor & Fisher, P.A. represents the more sophisticated end of the privacy plaintiff bar. Their cases are technically developed, legally rigorous, and difficult to dismiss. For businesses combining video content, user authentication, and advertising technology, their track record should be a clear signal: VPPA compliance is not optional, and CIPA exposure from chat and pixel tracking requires immediate attention.

The compliance investments required to address these risks are modest compared to the settlement exposure. Act now, before the complaint arrives.

 Ready to Reduce Your Privacy Litigation Risk?  

Captain Compliance helps businesses audit their tracking technologies, implement consent management, and build defensible privacy programs. Our tools are designed to address the exact risks these firms pursue.