Video game developer Ubisoft, Inc. came out on top earlier this month in the Northern District of California when a judge dismissed, with prejudice, a class action claiming that the company’s use of third-party website pixels violated privacy laws. The judge concluded that the “issue of consent defeat[ed] all of Plaintiffs’ claims.” Lakes v. Ubisoft, Inc., No. 24-cv-06943, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025).
The plaintiffs alleged that Ubisoft collected and disclosed plaintiffs’ personal information and website usage without their consent through website pixels. Ubisoft moved to dismiss the claims based on the fact that the plaintiffs’ claims relied on the lack of consent but that plaintiffs had “consented to the use of cookies and pixels . . . at least three times during the purchase process” when plaintiffs (1) “interacted with the Cookies Banner” when visiting the website; (2) created accounts on the website, which required the plaintiffs to “accept Ubisoft’s Terms of Use, Terms of Sale, and Privacy Policy”; and (3) “made purchases” at which point Ubisoft’s terms and Privacy Policy were displayed again.
The court took judicial notice of Ubisoft’s Privacy Policy, cookie pop-up, and cookie settings and held that the plaintiffs’ consent defeated their claims:
- Federal Wiretap Act: The federal Wiretap Act allows for the interception of communications where “one of the parties to the communication has given prior consent to such interception,” and the interception is not “for the purpose of committing any criminal or tortious act.” The court determined that the plaintiffs provided consent and that the crime-tort exception to consent did not apply.
- California Invasion of Privacy Act, California Constitution, and Common-Law Invasion of Privacy: The court held that the plaintiffs’ consent was a “defense to all three claims” under CIPA, the California Constitution, and California common law invasion of privacy.
- Video Privacy Protection Act: The court determined that Ubisoft’s disclosures in its Privacy Policy, terms, and on its website through banners and pop-ups satisfied each element of the VPPA’s consent provision.
The plaintiffs sought a request for leave to amend, but the court denied the request, concluding that any amendment would be “futile” because plaintiffs could not “amend their complaint to overcome the issue of consent.”
A key takeaway for companies to consider is to revamp your website Privacy Policy disclosures, confirm that your website’s cookie preferences and banner are visible and user-friendly, and clearly articulate the use of third-party trackers and the data disclosed to your website users.