Crocs shares shopper data with Meta, Google, new class action lawsuit alleges

California resident Tammy Kirkpatrick filed a class action lawsuit against Crocs Inc. on July 2, 2026, alleging the footwear company captured shoppers' personal information and shared it with Meta and Google while assuring visitors its website would not identify them.

Crocs' cookie banner

Kirkpatrick reportedly shopped on crocs.com in November and December 2025 and made a purchase while logged into active Facebook and Google accounts on the same device, the proposed class action claims. When users visit the site, a cookie banner tells them the site's cookies "do not store direct personal information" and collect only "aggregated" data that "does not directly identify you," according to the lawsuit. However, Kirkpatrick alleges Crocs' code did the opposite.

A reasonable shopper reading the cooker banner would not understand it as permission to hand over data like their full name, home address, phone number and email, the complaint contends.

What Meta and Google allegedly collected

The lawsuit claims Crocs embedded two tracking tools in its website code: Meta's tracking pixel and a set of Google tools that includes Google Analytics and Google DoubleClick. Rather than gathering anonymous figures, the trackers reportedly intercepted shoppers' names, email addresses, phone numbers, IP addresses, device identifiers and detailed purchase data in real time, according to the complaint.

Meta pixel is a snippet of code that helps advertisers follow users across the web. According to the proposed class action, it let Meta read cookies that tie a person's browsing to their Facebook profile. The suit also alleges Crocs used an advanced matching feature that forwards names and email addresses to Meta and links a checkout session to a specific account.

On the Google side, the complaint claims the company's tools used client IDs, advertiser user IDs, browser fingerprinting and encoded email addresses to identify individual shoppers.

The plaintiffs claim Crocs' tracking occurred without any action from shoppers. The lawsuit states the tracking code activated automatically as shoppers loaded pages, added items to their carts or moved through checkout, transmitting data to Meta and Google at each step from the moment they landed on the site.

The legal claims

The lawsuit brings five claims, one under federal law on behalf of a nationwide class and four under California law on behalf of a California subclass:

  • Electronic Communications Privacy Act, which is a federal law that bars the unauthorized interception of electronic communications
  • California Invasion of Privacy Act, which covering both wiretapping and eavesdropping on confidential communications without consent
  • California Comprehensive Computer Data Access and Fraud Act, which addresses taking or using computer data without permission
  • Invasion of privacy under the California Constitution, which protects residents' right to privacy

The complaint seeks statutory damages, compensatory damages, disgorgement of profits, punitive damages and an order forcing Crocs to stop the practice plus attorneys' fees.

What the case means for Crocs shoppers

The proposed nationwide class covers U.S. residents who bought something on crocs.com during the class period with a California subclass for buyers in that state. The California privacy law sets damages at $5,000 per violation, and the complaint estimates the class's combined claims top $5 million.

Crocs has not publicly responded to the allegations, and the court has not certified any class. For now there is no settlement, no claims process and no payout available.