DraftKings Sued Over Alleged Illegal User Tracking Under CIPA
DraftKings is sued for allegedly violating California's CIPA with unauthorized website tracking.
Why it matters: The lawsuit highlights ongoing legal risks for gaming and online companies under CIPA, an evolving privacy law now applied to digital tracking technologies. Compliance remains critical amid rising scrutiny.
- DraftKings allegedly installed tracking code sharing user data with third-party brokers without consent.
- The suit claims this violates the California Invasion of Privacy Act, which bans unauthorized interception of communications.
- CIPA, from 1967, was designed for wiretapping but now applies to digital tracking like cookies and pixels.
- Similar cases include a $1.2M CIPA settlement by Fandom in early 2026 and a recent court ruling dismissing cookie-based claims.
DraftKings is facing a federal lawsuit in California accusing it of placing tracking technologies on its website that share users' personal information with third-party data brokers without their knowledge or consent. According to the complaint, this practice violates the California Invasion of Privacy Act (CIPA), which prohibits unauthorized interception or recording of communications.
CIPA, enacted in 1967, was originally aimed at wiretapping and eavesdropping activities but has increasingly been applied to digital communications. Specifically, plaintiffs in recent CIPA lawsuits argue that website tools such as cookies, tracking pixels, and session replay software constitute unauthorized interception of electronic communications.
For example, in January 2026, Fandom, Inc. agreed to pay $1.2 million to settle a class action alleging its GameSpot website used third-party trackers to collect user data in violation of CIPA. However, courts have not uniformly sided with plaintiffs; in March 2026, a California federal court dismissed a class action against Development Dimensions International, ruling that mere use of cookies does not violate CIPA.
Judge David O. Carter noted that "the court finds persuasive Defendant’s argument that allegations of the use of cookies does not suffice as a statutory violation." This underscores the evolving, unsettled nature of how CIPA applies to modern tracking technology.
DraftKings, whose stock traded at $25.70 with a market cap near $22.85 billion as of June 26, 2026, now faces significant legal exposure given statutory damages of up to $5,000 per CIPA violation. The case adds to a growing trend of privacy litigation challenging online companies on user data practices.
As digital tracking tools become more sophisticated and pervasive, gaming and online firms must rigorously evaluate their compliance with privacy laws like CIPA to mitigate legal risk.
By the numbers:
- $5,000 — maximum statutory damages per CIPA violation
- $1.2 million — Fandom's January 2026 CIPA settlement
- $22.85 billion — DraftKings market capitalization as of June 26, 2026
Yes, but: Although some courts recognize certain tracking algorithms as CIPA violations, others have dismissed claims based solely on cookie use, creating legal uncertainty.
What's next: The DraftKings case will likely be watched closely for how courts interpret CIPA's application to modern website tracking tools, potentially shaping future litigation and compliance strategies.