The Trade Desk has been caught up in a privacy scandal. A recent couple of shocking lawsuits reveals secret privacy violations! The Trade Desk, a leading advertising technology company, faces two class-action lawsuits filed in California last month, accusing it of secretly violating consumer privacy laws. These legal challenges, reported by Adweek, Bloomberg Law, and other outlets, allege that The Trade Desk’s tracking technologies specifically its Unified ID 2.0 (UID2) identifier and Adsrvr Pixel collect and monetize personally identifiable information (PII) like email addresses, phone numbers, and location data without proper consent. The lawsuits claim these practices breach federal and California privacy laws, including the California Invasion of Privacy Act (CIPA) and the Federal Trade Commission’s (FTC) guidelines on real-time bidding. As public scrutiny intensifies, The Trade Desk’s predicament underscores broader tensions in the digital advertising ecosystem, where consumer privacy demands clash with data-driven marketing. Below we explore the allegations, their implications, and how The Trade Desk can address these violations to restore trust and use privacy software tools like the ones offered by Captain Compliance to meet their legal requirements.
The Allegations Against Trade Desk and a Deep Dive into Their Data Handling Practices
The first lawsuit, filed on March 31, 2025, in the Central District of California, targets The Trade Desk’s UID2 technology. Plaintiffs allege that UID2 collects sensitive PII, such as email addresses and phone numbers, to build detailed user profiles for real-time bidding in programmatic advertising. Unlike traditional cookies, UID2 is designed to persist across devices, enabling cross-platform tracking that plaintiffs claim occurs without adequate disclosure or user consent. The complaint argues that The Trade Desk operates as both a demand-side platform (DSP) and a data management platform (DMP), or data broker, allowing it to amass and share consumer data with third parties, exposing it to multiple bidders in ad auctions. This practice, the lawsuit asserts, violates consumer expectations and FTC guidelines on high-risk data practices.
The second lawsuit, filed on March 28, 2025, in the Northern District of California, focuses on The Trade Desk’s Adsrvr Pixel. Lead plaintiffs Doug Michie and Justin Dyer claim this pixel tracks and de-anonymizes users across websites and devices, creating “dossiers” that include online behavior, real-world location, and shopping habits. The complaint alleges that The Trade Desk assigns permanent ID numbers to consumers, combining data into comprehensive profiles without their knowledge, in violation of their privacy rights. This lawsuit also invokes California wiretapping laws, arguing that the company’s tracking constitutes unauthorized interception of electronic communications.
Both lawsuits highlight a broader shift in the adtech landscape. As privacy laws tighten and browsers phase out third-party cookies, companies like The Trade Desk have pivoted to alternative identifiers like UID2. However, plaintiffs argue that these tools exploit loopholes, circumventing privacy controls while monetizing consumer data for substantial profits. Social media posts on X reflect public outrage, with users like @B_Schorer calling web privacy “a farce” and emphasizing that any identifier can be linked to PII.
The Broader Context: A Privacy Reckoning For Adtech Companies
The Trade Desk’s legal troubles arrive amid heightened scrutiny of adtech practices. The FTC has ramped up enforcement against companies that mishandle consumer data, as seen in recent actions against General Motors, GoDaddy, and Mobilewalla for unauthorized data collection. California’s robust privacy framework, including the California Consumer Privacy Act (CCPA), empowers consumers to demand transparency and control over their data. The lawsuits against The Trade Desk align with these trends, accusing the company of flouting both federal and state laws by prioritizing profit over privacy.
The implications are significant. The Trade Desk, a publicly traded company (NASDAQ: TTD), reported $741 million in Q4 2024 revenue, but its stock dropped 10% following related securities fraud allegations tied to its AI tool Kokai. The privacy lawsuits could further erode investor confidence and client trust, as advertisers and publishers rely on The Trade Desk’s platform for programmatic ad buying. Moreover, the cases could set precedents for how adtech firms navigate privacy laws, especially as identifiers like UID2 gain traction. Gary Kibel, a privacy expert and friend of the Captain Compliance privacy team was quoted in Adweek, noted that the unique operations of UID2 might differentiate these cases, potentially leading courts to scrutinize them closely under CIPA.
Public and Industry Reactions
Public sentiment, as gauged from X posts, is overwhelmingly critical. Users like @KendraEBarnett and @kuriharan have amplified the lawsuits, framing The Trade Desk’s actions as systemic surveillance. The adtech industry, meanwhile, is grappling with a paradox: delivering personalized ads while respecting privacy. The lawsuits suggest that The Trade Desk saw the decline of cookies as an opportunity to innovate with UID2, but critics argue this innovation prioritizes tracking over transparency. The company’s privacy policy claims it uses consent as a legal basis in the EU and processes data as a controller or processor, but the U.S. lawsuits challenge whether similar rigor applies domestically. You can read their privacy policy at: https://www.thetradedesk.com/legal/privacy and we suggest if you want to button up your privacy notice to check out our adaptive privacy notice solution that could be a big game changer in staying compliant and avoiding issues like the one being discussed here.
How The Trade Desk Can Address Privacy Violations
To mitigate legal and reputational damage, The Trade Desk must overhaul its data practices and rebuild consumer trust. Here are actionable steps to address the alleged violations:
Enhance Transparency: Clearly disclose how UID2 and Adsrvr Pixel collect, store, and share PII. Update privacy policies to detail data usage in real-time bidding and provide accessible opt-out mechanisms.
Implement Robust Consent Mechanisms: Adopt granular, affirmative consent protocols, ensuring users explicitly agree to data collection before tracking begins. Follow CCPA and GDPR standards, even in regions with less stringent laws.
Limit Data Sharing: Restrict PII exposure in ad auctions by anonymizing data before sharing with third parties. Use differential privacy techniques to minimize re-identification risks.
Audit Tracking Technologies: Conduct independent audits of UID2 and Adsrvr Pixel to verify compliance with federal and state laws. Publish findings to demonstrate accountability.
Reduce Data Collection Scope: Collect only essential data for ad targeting, avoiding sensitive information like health or location data unless explicitly authorized.
Invest in Privacy-Preserving Tech: Develop alternatives to UID2 that prioritize contextual targeting or federated learning, reducing reliance on PII.
Engage with Regulators: Proactively collaborate with the FTC and California authorities to align practices with evolving privacy standards, potentially avoiding further litigation.
Educate Consumers: Launch campaigns to explain data usage in adtech, empowering users to make informed choices about their privacy.
What To Do Now?
2025 is shaping up to be the year that companies big and small realize they need to use privacy software tools. Honda just got fined $632,500 for dark patterns and then we’re seeing hundreds of small to medium sized businesses telling us about lawsuits and legal letters they’re receiving from firms like Almeida for Healthcare privacy violations and Swigart Law who is forcing arbitration hearings. The Trade Desk stands at a crossroads. The lawsuits, still untested in court, could result in significant fines, injunctions, or mandated changes to its business model. A recent study cited by Thomson Reuters noted that trade secret and privacy litigation can yield billions in damages, with 68% of cases favoring plaintiffs. Beyond legal consequences, the company risks alienating consumers and clients in an era where privacy is paramount.
To emerge stronger, The Trade Desk must view these lawsuits as a wake-up call. By prioritizing ethical data handling practices and embracing privacy-first innovation, it can lead the adtech industry toward a sustainable future. Failure to act decisively, however, could cement its reputation as a privacy offender, jeopardizing further legal and public backlash. As the cases unfold, they will test not only The Trade Desk’s resolve but also the adtech sector’s ability to balance personalization with consumer rights and it will not be easy.
