Wiretapping class actions based on websites’ use of common tracking technologies continue to rise. And because many courts have allowed these cases to survive motions to dismiss, businesses often feel pressure to settle early—even when they have strong defenses.

Much of that pressure comes from the threat of a class wide judgment reaching eight or nine figures. However, a trend is emerging that could affect whether businesses should decide to defend instead of settle: courts are showing increasing skepticism that wiretapping claims are as suitable for class treatment as plaintiffs’ lawyers suggest.

A federal court in the Northern District of California recently denied class certification in Ingraham v. Capital One Financial Corp., No. 24-cv-05985-TLT (N.D. Cal. June 16, 2026). The plaintiffs alleged that tracking technologies used on the defendant’s website enabled third parties to intercept users’ personal and financial data without consent. The plaintiffs’ claims survived an early motion to dismiss. But when it came time to certify a class, the court said no.

The Problem (for Plaintiffs): Too Many Individual Questions

To certify a class under Federal Rule of Civil Procedure 23(b)(3), plaintiffs must show that common questions “predominate” over individual ones. In internet tracking cases, that’s proving difficult. The Ingraham court identified three independent reasons why individual issues overwhelmed common questions:

1. Data transmission varied by user. Different tracking technologies collected different types of data. Browser settings and user behavior affected what was shared. Even the named plaintiffs couldn’t agree on what information had been transmitted about them.

2. Consent required case-by-case analysis. Consent is central to claims under the California Invasion of Privacy Act (CIPA) and the federal Electronic Communications Privacy Act (ECPA). But consent turns on each user’s subjective understanding of the disclosures—and class members were exposed to different privacy policies depending on factors like California residency.

3. Standing demanded individualized proof. Article III standing—the constitutional requirement that a plaintiff demonstrate actual injury—required a fact-intensive inquiry for each class member: what data was shared, how it was shared, for what purpose, and whether that data was truly private.

A Pattern Is Emerging

Ingraham is not an outlier. It joins Calhoun v. Google LLC (N.D. Cal. June 2025), which denied certification on consent grounds, and In re Meta Pixel Tax Filing Cases (N.D. Cal. Mar. 2026), which cited individualized standing and statute of limitations issues. A pattern is emerging: even where tracking claims survive dismissal, the individualized nature of consent, data transmission, and standing creates significant barriers to class treatment.

The Takeaway

Almost every day, a business is served with a demand letter or lawsuit asserting claims based on the business’s use of tracking technologies on its website. When deciding whether to litigate or settle, the Ingraham decision should factor into the risk-benefit analysis. Contrary to what plaintiffs’ lawyers may suggest, class certification is far from guaranteed in internet tracking cases—and that means plaintiffs have risk, too. They face the prospect of spending years litigating a case that, if not certified, may never be economically viable. A reasonable settlement should account for both the business’s and plaintiffs’ risks. For businesses that haven’t yet faced such litigation, Ingraham offers some reassurance, but it’s far from a free pass. Internet tracking claims regularly survive early motions to dismiss. And in most jurisdictions, a ruling on class certification won’t come until years into the litigation. Companies using third-party tracking tools should take proactive steps to avoid litigation in the first place: assess disclosure practices, evaluate what data is being shared, and work with qualified counsel to ensure privacy policies align with current legal expectations.