When a client asks us what the risk is of running tracking technology on their website and not giving users the ability to opt out is we can now showcase this $18.7 million class action settlement as one of many examples of the millions and in some cases billions of dollars that companies incur as a result of not respecting users privacy. The good news is our privacy software solutions can protect against these claims and with a superhero team member from Captain Compliance on your side you can have the help you need to ensure your organization is following the privacy laws.
Booking a dental appointment online seems routine, millions of patients may have unknowingly had their personal health data harvested and shared with tech giants like Meta and Google. This is the core allegation behind a massive class action lawsuit against Aspen Dental Management Inc., which has culminated in an $18.7 million settlement preliminarily approved by an Illinois court in June 2025. The case, Donnelly et al. v. Aspen Dental Management, Inc., highlights the hidden risks of website tracking technologies and joins a growing chorus of privacy lawsuits targeting healthcare providers for turning patient interactions into commodified data streams. As deadlines loom for claims and objections on September 15, 2025, this settlement not only offers compensation to affected individuals but also underscores the escalating legal scrutiny on how companies handle sensitive health information in the online realm.
Unpacking the Allegations: Pixels as Privacy Invaders
At the center of the lawsuit is Aspen Dental’s use of “tracking pixels”—small snippets of code embedded in websites like aspendental.com. These tools, provided by companies such as Meta (formerly Facebook) and Google, capture user interactions in real-time, including appointment bookings, procedure inquiries, and potentially sensitive health details. Plaintiffs claim that Aspen Dental deployed these pixels without proper consent, transmitting data to third parties for advertising and analytics purposes. This allegedly violated privacy laws by disclosing private healthcare information, turning what should be confidential patient-provider exchanges into fodder for targeted ads and profiling.
The law firm leading the charge is the one that we’ve mentioned over and over again here Almeida Law who is the top litigation firm for healthcare companies who are not respecting users rights. While based out of the Chicagoland area the most common claims are under the Electronic Communications Privacy Act showcasing that its not just the regulatory bodies healthcare companies have to worry about but rather private right of action claims for data privacy violations.
The complaint, filed in the Circuit Court of Sangamon County, Illinois, argues that such practices constitute unauthorized wiretapping or data interception under state privacy statutes, echoing similar claims in other jurisdictions. While Aspen Dental denies any wrongdoing, maintaining that its data practices were standard for improving user experience, the company opted to settle to avoid protracted litigation. The settlement agreement, reached on July 29, 2025, includes not just monetary relief but also commitments to enhance data privacy measures, such as auditing third-party tracking tools and obtaining clearer user consents.
This isn’t Aspen Dental’s first brush with legal challenges over consumer practices. The company, which operates over 1,000 clinics nationwide, has faced prior settlements, including a $3.5 million agreement in Massachusetts in 2023 for deceptive advertising claims. However, this latest case shifts the focus to digital privacy, a domain where healthcare entities are increasingly vulnerable due to the sensitive nature of the data involved.
Who Qualified For The Privacy Settlement
The settlement divided eligible class members into two groups based on when they booked appointments online via aspendental.com, reflecting the evolution of the alleged violations over time:
| Group | Eligibility Period | Estimated Payout | Fund Allocation |
|---|---|---|---|
| Group 1 | February 20, 2022 – June 1, 2023 | Pro rata share (varies based on claims filed) | Approximately $2.7 million (after fees and costs) |
| Group 2 | June 2, 2023 – January 1, 2025 | Up to $15 flat rate (may be reduced pro rata if claims exceed fund) | Up to $16 million |
Exclusions apply to Aspen Dental’s officers, directors, and the presiding judge’s family. Those wishing to opt out or object have to do so by the September 15 deadline to preserve rights for individual lawsuits. Legal fees, estimated at up to one-third of the fund plus expenses, will be deducted, along with service awards for the named plaintiffs.
The Bigger Picture: Pixel Tracking Lawsuits Reshaping Digital Healthcare
This settlement arrives amid a surge in class actions against healthcare organizations for similar data-tracking practices. Pixel tracking, once a staple of digital marketing, is now under fire for potentially violating laws like the California Invasion of Privacy Act (CIPA), the Video Privacy Protection Act (VPPA), and state wiretap statutes. In California alone, firms like Tauler Smith LLP have filed dozens of suits accusing websites of using “trap and trace” devices to capture user data without consent, leading to multimillion-dollar payouts. Nationally, cases against entities like LabCorp and Robinhood have settled for millions over unauthorized data sharing with ad-tech firms.
For Aspen Dental, the implications extend beyond the payout. The settlement mandates injunctive relief, including the removal or reconfiguration of tracking pixels to ensure compliance with privacy standards. This mirrors broader industry shifts, where hospitals and clinics are auditing their websites amid enforcement actions by agencies like the California Privacy Protection Agency, which fined a data broker $46,000 in 2025 for related violations and the CPPA fined Honda $632,500 because they had an incorrectly configured banner (hint we would have made sure they never had the banner configured incorrectly).
Critics of these lawsuits argue they stretch outdated laws—originally designed for telephone wiretaps—to modern web tech, potentially stifling innovation. Legislation like California’s SB 690, introduced in 2025, aims to limit “abusive” claims against common tools like cookies. Yet, proponents see them as essential checks on corporate surveillance, especially in healthcare, where data breaches can expose vulnerable patients to identity theft or discriminatory profiling.
A Call to Action: Protecting Privacy in the Digital Dentist’s Chair
As data becomes currency, settlements like this empower consumers to reclaim control and puts businesses in the crosshairs until they setup privacy software to avoid future issues like this. Luckily solutions built by our team can automate this.
This case, represented by attorneys from Almeida Law Group LLC and Peiffer Wolf Carr Kane Conway & Wise LLP, may inspire more patients to scrutinize how their health data is handled online. In an era of rampant tracking, it’s a reminder: Your next click could be worth more than you think—to you, and to the corporations watching without your consent.
