In the latest surge of lawsuits against retailers for embedding tracking technology into websites, yummy cookie company Crumbl was sued on May 1, 2024, for allegedly embedding web-tracking technology allowing third-party processing company Stripe to obtain, without consumer consent, customers’ names, email and delivery addresses, geographic locations, IP addresses, and payment information when consumers surf Crumbl’s website without their consent.

The complaint alleges that Stripe can then identify consumers “across devices, networks, and identities” and then share that information to additional third parties. In addition, the tracking technology code remain on the consumers’ browser after the consumer has made their purchase, which enables Stripe to capture additional data about the consumer when visiting other websites.

The complaint alleges that “Stripe engages in the surreptitious interception and collection of sensitive information, including consumers’ mouse movements and clicks, keystrokes, IP address, geolocation, and financial information.”In addition, the complaint alleges that Stripe has shared this information with third parties without consumers’ consent.

The complaint alleges that the conduct violates the California Invasion of Privacy Act, a criminal statute designed to address wire taps. It will arguably be an uphill battle to prove that there is criminal intent when it comes to website tracking technology. The complaint further alleges that the conduct violates California’s Constitution.