Did You Visit Olly’s Website? The Don Bivens law firm is running ads on Instagram, Meta, and social media saying that you may be entitled to compensation and this is one of many trends that we have covered and helped to protect businesses from. As we’ve covered in the past that CarGurus & Questrade are being targeted and now that giants like Morgan & Morgan are entering the space you’re going to see an explosion of these cases unless the business owners switch over to a consent management platform that works like Captain Compliance.
If you’ve been scrolling through Instagram lately, you may have spotted an ad from Don Bivens PLLC, a Scottsdale, Arizona law firm, with a striking headline: “If You Used OLLY’s Website, You May Be Entitled to Compensation Due to a Possible Privacy Violation.”
The ad—linking to donbivenspllc.com—invites consumers to enter their name and phone number to “Check If You Qualify,” while a brief disclaimer explains that an investigation of Olly PBC is underway for “potentially violating users’ privacy rights.”
For compliance and privacy professionals, this isn’t just an ad—it’s a flare going up over the supplement industry’s website practices. Here’s a breakdown of who’s involved, what’s alleged, and what every business operator should take away and why you need to do a privacy audit and check up for your business right away to help avoid these very expensive class action lawsuits.
Who Is Don Bivens PLLC?
Don Bivens PLLC is a litigation, mediation, and arbitration firm based in Scottsdale, Arizona. Its founder, Don Bivens, brings over 40 years of “big law” trial and appellate experience. He holds three “Lawyer of the Year” designations, has served as President of the State Bar of Arizona, chaired the American Bar Association’s Section of Litigation, and currently chairs the ABA’s Center for Innovation. He is also a member of the American Law Institute and sits on arbitration and mediation panels for the American Arbitration Association.
Of Counsel Maxwell Weiss brings additional depth to the firm’s privacy litigation practice, having spent seven years at top New York firms—Debevoise & Plimpton and Patterson Belknap—before joining Don Bivens PLLC. Weiss specializes in class actions and mass arbitrations, with a particular focus on privacy, ERISA, securities, and employment matters.
The firm has developed a prominent digital-first plaintiff recruitment model—running targeted social media campaigns to identify and intake potential claimants across a range of cases. Known prior campaigns include:
- Google Chrome Incognito Mode – alleging Google misled users about privacy while in “private” browsing mode, with claims of up to $5,000 in California statutory damages.
- Crunchyroll – recruiting plaintiffs for claims related to alleged exposure of private user information.
- Olly PBC – the current investigation, targeting users of Olly’s website.
The firm partners with co-counsel admitted in other states and uses AI-assisted plaintiff screening tools through its intake platform. Its model is squarely focused on mass arbitration and class action privacy cases. We’ve covered the expensive multi-million dollars settlements from companies like Aspen Dental thanks to law firms like Almeida Law who has filed suit under the Electronic Communications Privacy Act when a violator breaches HIPAA and it’s important to get your privacy “ducks” in a row to avoid these expensive suits.
Who Is Olly PBC?
Olly Public Benefit Corporation is an American consumer wellness brand best known for its brightly packaged gummy vitamins, supplements, and protein bars. Founded in 2013 by Eric Ryan (co-founder of Method), Olly debuted in Target stores in 2015 and quickly built a following among millennial health consumers by marketing benefits—like “Restful Sleep” or “Immunity”—rather than individual ingredients.
Olly is now a brand under US Health & Wellbeing, LLC, a Unilever subsidiary that also operates Liquid-I.V., Onnit, SmartyPants Vitamins, and Welly. The company’s website (olly.com) serves as a direct-to-consumer sales and marketing channel.
Olly is no stranger to legal scrutiny. The brand has faced multiple class action lawsuits over the years, including:
- Melatonin dosing lawsuit (2022) – Dovel & Luner filed a federal class action in the Northern District of California alleging Olly’s Sleep and Extra Strength Sleep supplements contained 165%–274% more melatonin than their labels claimed.
- Deceptive “junk fee” lawsuit (2025) – KalielGold PLLC filed a federal class action alleging Olly’s checkout process surreptitiously added an “Order Protection” fee to shopping carts in violation of consumer protection law.
- ADA accessibility lawsuit (2021) – A complaint was filed in New York federal court alleging olly.com violated the Americans with Disabilities Act due to inaccessible website elements.
- National Advertising Division challenges – Competitor Bayer Healthcare LLC has twice brought challenges before BBB National Programs’ NAD regarding Olly’s product claims, including for its Kids Chillax and Lovin’ Libido supplements.
The new privacy investigation adds a significant new front to that legal landscape.
What Is the Alleged Privacy Violation?
Don Bivens PLLC has not yet filed a formal lawsuit—the firm’s advertisement describes an “investigation” currently underway. However, based on the firm’s established litigation playbook and the broader wave of privacy lawsuits targeting e-commerce websites, the alleged conduct almost certainly centers on Olly’s use of website tracking technologies.
“An investigation of Olly PBC is underway for potentially violating users’ privacy rights. U.S. privacy laws protect people’s data.” — Don Bivens PLLC advertisement, March 2026
A review of Olly’s published Privacy Notice and Consumer Health Data Privacy Policy confirms extensive data collection practices, including:
- Cookies, web beacons, and pixels that track browsing behavior, IP addresses, device identifiers, and purchase activity.
- Cross-device tracking that links user behavior across phones, tablets, and computers based on shared WiFi networks or common identifiers.
- Third-party data sharing with advertising partners including Facebook, Google Analytics, and others, including linking behavior to hashed email addresses and device-level advertising IDs.
- Health data collection from quiz experiences, chatbot interactions, and surveys on the platform.
Olly’s privacy notice acknowledges it collects consumer health data—a particularly sensitive category under newer state laws. The company states it does not permit third parties to collect consumer health data across websites for their own purposes, but notes third-party tracking may still occur depending on users’ device settings and browser configurations.
The legal theories likely to be asserted include violations of state wiretapping and electronic surveillance statutes (particularly California’s Invasion of Privacy Act, or CIPA), state consumer privacy laws, or Washington’s My Health My Data Act—any of which could apply depending on where claimants are located. Plaintiffs’ firms in this space frequently allege that the use of third-party tracking pixels constitutes “eavesdropping” on user communications without consent.
Why Website Privacy Litigation Is Surging
The Olly investigation doesn’t exist in a vacuum. Website tracking litigation has exploded across the United States, and it shows no signs of slowing down.
Privacy class action filings in federal court rose from roughly 1,425 cases in 2020 to over 2,529 in 2024. Video Privacy Protection Act cases alone jumped from 137 filings in 2023 to over 250 in 2024. A 2024 audit found that 75% of businesses failed to honor consumer opt-out requests—a central compliance failure driving this litigation wave.
Twenty states now enforce comprehensive privacy laws, with five new statutes taking effect in January 2025 (Delaware, Iowa, Nebraska, New Hampshire, and New Jersey). State attorneys general in Texas, California, Connecticut, and others are aggressively pursuing violations. Some states have even begun partnering with private law firms to prosecute privacy cases, dramatically multiplying enforcement exposure.
At the heart of most website tracking cases is a single question: did the company obtain meaningful, informed consent before allowing third-party pixels and trackers to intercept user communications? Courts have issued mixed rulings on whether visiting a website constitutes consent to tracking, and whether tracking tools constitute “pen registers” under state law—but the volume of litigation means businesses face significant exposure regardless of how those legal questions ultimately resolve.
Did you know a 2024 audit found 75% of businesses failed to properly honor consumer opt-out requests—a compliance failure at the center of the current litigation wave.
What This Means for Businesses: 6 Compliance Takeaways
Whether or not the Olly investigation leads to a formal lawsuit, it sends a clear signal to any business running a consumer-facing website with tracking technologies. Here’s what compliance teams should be doing right now:
1. Audit your tracking stack.
Identify every pixel, cookie, session replay tool, and analytics tag running on your website. Understand what data each collects, where it goes, and whether it is disclosed in your privacy policy. Third-party tools that collect health-related information warrant special attention under Washington’s My Health My Data Act and similar laws.
2. Update your privacy notice to reflect reality.
Vague or boilerplate disclosures are a liability. Courts have found that privacy policies must explicitly describe the specific data sharing practices at issue to establish user consent. If your site shares health-adjacent data with advertisers, that should be clearly stated.
3. Implement a functional consent management platform.
Cookie banners must offer equally prominent “accept” and “decline” options. Users in applicable states must be able to opt out of targeted advertising, data sales, and profiling. The opt-out mechanism must actually work—not just display a button.
4. Honor opt-out requests.
Three-quarters of businesses are failing this basic test. If a user opts out of tracking, your systems must ensure that downstream sharing with advertising partners actually stops. Document your processes.
5. Watch for early-stage “investigation” ads.
Plaintiff firms like Don Bivens PLLC now routinely run paid social media campaigns before a lawsuit is ever filed. These serve as plaintiff intake and public pressure tools simultaneously. If you spot a campaign targeting your brand, engage litigation counsel immediately—do not wait for a formal filing.
6. Consider proactive legal review.
Many companies do not discover their exposure until they receive a demand letter. A proactive review of your website’s data practices against CIPA, CCPA, state consumer health data laws, and applicable wiretapping statutes can identify and remediate vulnerabilities before they become litigation targets.
Captain Compliance’s Software Protects Against Legitimate Privacy Litigation Claims
The Don Bivens PLLC investigation of Olly PBC is a microcosm of a much larger privacy enforcement trend. Supplement brands, wellness companies, and any consumer-facing business that collects health-adjacent data through its website is operating in high-exposure territory.
Whether the Olly investigation ultimately produces a lawsuit—and whether any such lawsuit succeeds—remains to be seen. What’s not in question is the direction of data privacy litigation: plaintiff firms are investing heavily in digital recruitment infrastructure, state privacy laws are proliferating (new state laws coming live), and courts are increasingly allowing these claims to proceed.
For privacy officers and legal counsel, the message is simple: if your website collects data, it’s time to treat privacy compliance as a front-line legal risk—not a back-office checkbox and you need the superhero team at Captain Compliance to protect you.
