What You Need to Know

• Specific Allegations Required for Pixel Tracking Claims – Plaintiffs must provide detailed, specific allegations about what personal information was actually transmitted via pixel tracking, not just general descriptions of what the tracking pixel is "capable of collecting." Courts require concrete evidence of harm, not hypothetical scenarios.
• Standing Requirements for Multi-State Class Actions – Named plaintiffs cannot bring claims under laws of states where they do not reside or have sufficient connection. A New York resident cannot represent classes under Connecticut, Delaware, Massachusetts, New Jersey, and Vermont laws without establishing proper standing.
• Heightened Pleading Standards for Privacy Claims – Federal courts are applying stricter scrutiny to privacy-related lawsuits involving tracking technologies. Plaintiffs must demonstrate actual disclosure of their specific personal information and show concrete harm, such as receiving targeted advertisements based on that data.
• Disclosure May Not Be Enough Defense – Even though TD Bank had privacy notices and disclosures about cookies and tracking technologies on their website, this did not automatically shield them from liability claims—though the case was dismissed on other grounds.

Introduction

In a June 27, 2025 opinion from the United States District Court for the District of New Jersey, the Court considered whether a plaintiff had sufficiently asserted a class action complaint against TD Bank, N.A. (“TD Bank”) relating to the use of certain tracking technologies on its website and the disclosure of customers’ information to Meta Platforms, Inc. (“Meta”). Stevens v. TD Bank, N.A., Civ. No. 24-8311, 2025 U.S. Dist. LEXIS 122433 (D.N.J. June 27, 2025). The Court ultimately held that Plaintiff had not pled his allegations in sufficient particular detail and dismissed the complaint, albeit without prejudice.

Background

Plaintiff Jeffrey Stevens is a TD Bank customer living in New York who had accessed his TD Bank online account while logged into Facebook. TD Bank operates its website (www.td.com) which allows its bank customers to access their account information and apply for financial products, among other services. Plaintiff alleged that TD Bank embedded the Facebook Tracking Pixel (the “Pixel) on its website. The Pixel is a piece of code developed by Meta that advertisers may integrate on their websites that, when the user is logged into Facebook, captures information about users’ interactions with the website. Plaintiff alleged that Pixel would transmit information to Meta, who would then utilize that information for marketing and advertising. Through the cookie transmitted through Pixel, Meta would obtain access to information regarding users’ browsing history, website addresses identifying products viewed, and behavioral data.

TD Bank’s website contained a number of disclosures regarding the use of cookies and tracking technologies, and that captured data could be transmitted to advertising partners. TD Bank also disclosed that users could opt out of certain advertisements, and opt out from allowing use of their information by TD Bank’s partners. TD Bank’s Privacy Notice stated that “TD Bank Companies do not share [customer’s personal information] with nonaffiliates so they can market to you” and that TD Bank shares customer’s personal information for TD Bank’s own “marketing purposes – to offer [TD Bank’s] products and services to [the customer].”

Plaintiff raised the putative nationwide class action against TD Bank alleging that it utilized third-party data tracking technology to improperly collect and then disclose TD Bank’s personal financial information to third parties, without notice to, or consent from, its customers. Plaintiff purported to represent a nationwide class of all TD Bank customers as well as subclasses of residents of New York and five other states. Plaintiff raised claims for: (1) negligence, (2) negligence per se, (3) unjust enrichment, (4) declaratory judgment, (5) breach of confidence, (6) breach of contract, (7) breach of implied contract, (8) violation of New York’s General Business Law § 349, and (9) unfair and deceptive trade practices under the laws of Connecticut, Delaware, Massachusetts, New Jersey, New York, and Vermont.

TD Bank moved to dismiss the Complaint in its entirety. The Bank argued that Plaintiff failed to plausibly allege that any personal information specific to him had been disclosed to Meta. Alternatively, TD Bank argued that each of Plaintiff’s claims were facially deficient.

The Decision

On June 27, 2025, the District Court issued a Decision that granted TD Bank’s motion to dismiss and dismissed Plaintiff’s claims without prejudice. The Court noted that, while the Complaint described Pixel and its general tracking capabilities in great detail, it lacked specific allegations concerning Pixel’s capture and disclosure of his personal financial information. In other words, Plaintiff should have described what internet pages he interacted with, what personal information was actually transmitted to Meta, whether Meta was able to identify him as a TD Bank customer and/or whether he received targeted advertisements from third parties. General allegations concerning what Pixel was “capable of collecting” or regarding a “hypothetical visitor” to TD Bank’s website would not suffice.

The Court also specifically distinguished various Pixel-related cases from the Northern District of California (Shah v. Capital One Financial Corp., 768 F. Supp. 3d 1033 (N.D. Cal. 2025) & Fan v. NBA Properties Inc., 2024 U.S. Dist. LEXIS 57205 (N.D. Cal. Mar. 26, 2024)) and the Western District of New York (Kane v. Univ. of Rochester, No. 6:23-cv-06027-MJP (W.D.N.Y. Apr. 21, 2023)), where the courts held that the complaint had asserted allegations sufficient to survive a motion to dismiss. The Court found that Plaintiff’s Complaint lacked the specific details that were present in the complaints in these cases. For example, in Shah, the plaintiffs alleged that their employment information, bank account information, citizenship status, and credit card eligibility was provided to the defendant’s website and that they then received targeted third- and fourth-party advertisements.

Finally, regarding Plaintiff’s multistate claims, the Court found that a named class action plaintiff must establish standing for each of their claims, and as a New York resident who interacted with TD Bank’s website only from New York, Plaintiff lacked standing to bring claims under the laws of Connecticut, Delaware, Massachusetts, New Jersey, and Vermont.

Takeaways

This case serves as a reminder of the federal pleading standard and its application to the types of internet tracking technology that is commonplace in today’s internet ecosystem. When defending from a putative class action complaint, businesses should look to attack pleadings that lack detailed allegations specific to the plaintiff themselves. It remains to be seen whether this Plaintiff is capable of remedying the deficiencies in his complaint and whether an amended complaint would survive a motion to dismiss.

For a copy of the decision, please contact Michael O’Donnell at modonnell@riker.com, Matthews Florez at mflorez@riker.com or Shelley Wu at swu@riker.com.