In October 2024, a single law firm filed 64 privacy lawsuits in a single month. That firm was the world renowned Tauler Smith LLP, a Los Angeles-based plaintiff boutique that has become synonymous with high-volume CIPA demand letter campaigns targeting businesses across the United States.
If your company’s website uses Meta Pixel, a TikTok Pixel, Microsoft Clarity, or any third-party tracking technology, Tauler Smith may have already scanned your site. Understanding how this firm operates is not an academic exercise—it is a compliance imperative.
About Tauler Smith LLP
Tauler Smith LLP is a Los Angeles trial law firm that describes itself as “attorneys for the digital age.” Founded by Robert Tauler and Matthew Smith, the firm has developed one of the most aggressive and scalable CIPA litigation models in California.
The firm has achieved multiple multi-million-dollar trial verdicts and settlements in data privacy cases and is active across California, Texas, New York, and Washington, D.C. Their practice is built on identifying websites with identifiable technology violations, sending targeted demand letters, and filing class action complaints when defendants do not settle.
At their peak filing velocity, Tauler Smith has filed dozens of lawsuits per month—making them one of the most operationally efficient privacy plaintiff firms in the country.
Key Legal Theories
CIPA Pen Register and Trap and Trace (§ 638.51)
Tauler Smith’s primary theory targets tracking pixels and analytics software as illegal “pen registers.” Under CIPA § 638.51, using or installing a pen register—a device that records identifying information about communications—without consent is unlawful. The firm argues that Meta Pixel, TikTok Pixel, Microsoft Bing Pixel, and similar tools function as modern pen registers by recording users’ IP addresses, page URLs, and behavioral data for advertising purposes.
Each website visitor interaction becomes a potential $5,000 statutory damages claim, with class actions multiplying that exposure exponentially across a site’s California user base.
CIPA Section 631 — Wiretapping
The firm also pursues wiretapping claims under CIPA § 631, alleging that tracking pixels intercept user communications (such as form submissions or search queries) in real time. This theory extends liability beyond data collection to the act of interception itself, adding another layer of statutory exposure.
Healthcare Data and CMIA Claims
In healthcare-adjacent cases, Tauler Smith has added claims under the California Confidentiality of Medical Information Act (CMIA), arguing that health platforms using pixels that transmit sensitive health data—including menstrual cycle information, pregnancy status, or mental health data—to advertising companies violate both CIPA and CMIA. This significantly increases damages exposure for healthcare-adjacent businesses.
Notable Cases
Tauler Smith has been involved in several high-profile cases:
- Flo Health (2022-2024): The firm represented plaintiffs alleging that the Flo Period & Pregnancy Tracker app shared intimate health data with Meta and Google. The case resulted in a confidential settlement with Flo Health shortly before jury deliberations and a trial verdict against Meta—establishing that sensitive health data sharing can violate CIPA even outside traditional HIPAA contexts.
- Adidas CIPA Lawsuit (2024-2025): A class action alleging that two tracking pixels—TikTok Pixel and Microsoft Bing—deployed on Adidas’s website violated CIPA. A federal court ruled the CIPA claim could proceed, demonstrating the firm’s ability to survive early dismissal motions.
- Healthline Settlement (2023): A $1.55 million CCPA-related settlement in a case where Tauler Smith represented plaintiffs alleging that health content was being monetized through targeted advertising data sharing.
How They Identify Targets
Tauler Smith’s litigation pipeline relies on systematic website scanning. They look for:
- Third-party advertising pixels (Meta, TikTok, Microsoft, Pinterest, Snapchat)
- Session replay tools (Hotjar, Microsoft Clarity, FullStory, LogRocket)
- Analytics platforms operating without active consent gating
- Healthcare, wellness, and sensitive-data websites with commercial advertising technology
No industry is immune. The firm has targeted fashion retailers, healthcare platforms, financial services providers, streaming services, and consumer apps. Their demand letters often seek settlement amounts in the $5,000 to $15,000 range per case—low enough that many businesses settle without question, but aggregated across hundreds of simultaneous cases, the firm generates significant total recoveries.
What This Means for Your Business
The Tauler Smith model demonstrates that CIPA litigation is not limited to major corporations. Small and mid-sized businesses are frequently targeted precisely because they are less likely to have robust legal defenses and more likely to settle quickly.
Receiving a Tauler Smith demand letter can feel overwhelming. The letter typically identifies specific pixels on your website, cites the applicable CIPA provisions, estimates a class of affected California users, and demands a rapid response. Without existing consent infrastructure, the legal position of the business is weak.
Compliance Action Steps
- 1. Implement Pixel Consent Gating: Remove or gate all advertising pixels behind user consent. No pixel should fire for California visitors without an affirmative opt-in.
- 2. Conduct a Technology Inventory: Map every third-party tag on your website. Understand what data each collects and to whom it is transmitted—especially if your site handles health, financial, or sensitive personal information.
- 3. Upgrade Your Cookie Consent Banner: Ensure your cookie consent banner clearly distinguishes between necessary, analytics, and advertising/marketing cookies—and that California users can opt out of the latter.
- 4. Review Healthcare-Adjacent Tracking: If you operate in healthcare, wellness, fertility, mental health, or any sensitive vertical, review your use of advertising pixels against CMIA standards in addition to CIPA.
- 5. Build a Consent Audit Trail: Keep documented logs of user consent choices. If a claim is ever filed, consent documentation is your first and most important line of defense.
CIPA Demand Letter Litigation from California Plaintiffs
Tauler Smith LLP has refined CIPA demand letter litigation into a scalable, high-velocity business model. Their approach is systematic, well-resourced, and effective. For businesses operating websites with advertising technology, the message is clear: the question is not whether you could be targeted, but whether you are prepared if you are.
Proactive compliance—pixel consent gating, transparent disclosures, and documented consent records—is your strongest defense against demand letters and class action exposure alike.
