May 21, 2026
Home » Articles » Shopify faces revived U.S. class action over alleged data privacy violations
Illustration of a businessperson at a laptop with a gavel, browser window showing cookies, and glowing California on a U.S. map—depicting Shopify’s legal challenges.

Shopify is under legal fire as a U.S. court rules it must face a California class action over alleged data privacy breaches, raising the stakes for global ecommerce platforms.

A court ruling opens the door to broader jurisdiction over online platforms

Shopify must face California data privacy lawsuit, court rules

In a landmark decision on April 21, 2025, the U.S. Court of Appeals for the Ninth Circuit reinstated a previously dismissed data privacy class action lawsuit against Canadian e-commerce giant Shopify. The 10-1 ruling allows the case, originally brought by California resident Brandon Briskin, to proceed in California despite Shopify’s argument that it should only be sued in Canada, New York, or Delaware.

At the heart of the lawsuit is the claim that Shopify installed tracking cookies on Briskin’s iPhone without consent while he was purchasing athletic apparel from a retailer using Shopify’s checkout system. Briskin alleges that the data collected was used to create a consumer profile and sold to other merchants — all without his knowledge. 🕵️‍♂️

The court’s majority held that Shopify “deliberately reached out” to Californians by embedding tracking software in merchant websites and collecting consumer data for monetization — conduct that was “neither random, isolated, nor fortuitous”.

Why this case matters for ecommerce

This isn’t just about Shopify. The ruling could dramatically shift how courts in the U.S. assert jurisdiction over internet-based companies — particularly those headquartered outside the country but actively serving American consumers.

The court found Shopify’s activities directly targeted California consumers, meaning the company can be held to account in California courts. The full decision leaned heavily on the idea that embedding cookies into Californian users’ devices constituted “purposeful availment” of the state’s market.

This matters because:

  • Jurisdiction just got real: The decision could set a precedent making it easier for American courts to assert jurisdiction over foreign tech firms.
  • Consumer protection enforcement expands: 30 states and Washington, D.C., supported Briskin’s position, arguing they must be able to enforce their consumer protection laws on companies active in their markets.
  • Backend platforms beware: The U.S. Chamber of Commerce backed Shopify, warning the ruling could put backend service providers at risk of being sued anywhere their software is used.

Shopify’s response

Shopify pushed back hard. A company spokesperson said the ruling “attacks the basics of how the internet works” and threatens to “drag entrepreneurs into distant courtrooms regardless of where they operate.”

In Shopify’s view, this is not just a legal technicality — it’s a fundamental challenge to cross-border commerce logistics and liability. The company has yet to comment on whether it plans to escalate the case to the U.S. Supreme Court.

Operator POV: What ecommerce leaders should watch

Whether you’re running a Shopify store or building a SaaS integration for ecommerce merchants, this ruling should be a red flag.

  • Jurisdiction creep is real. The decision opens up the risk of being sued in any state where your code touches a user — especially if you collect personal data.
  • Review your data practices. Especially around cookie use, user consent, and data sharing with third parties. California’s consumer protection laws (like CCPA) are no joke.
  • Terms of service ≠ protection. Shopify argued its terms dictated litigation venues like Canada or Delaware — the court wasn’t buying it.

Briskin’s class action seeks to represent “all natural persons who, between August 13, 2017, and the present, submitted payment information via Shopify’s software while located in California.” That’s potentially millions of shoppers.

And with Shopify powering 12% of the U.S. ecommerce market (and 117 of North America’s Top 2000 retailers, per Digital Commerce 360), this is a high-stakes case with massive implications.

What happens next

The case will now proceed in the U.S. District Court for the Northern District of California, where the court will weigh the merits of Briskin’s claims under California law.

For now, the legal battle is a livewire — not just for Shopify, but for any ecommerce or SaaS operator that serves a distributed customer base and leverages data tracking tools.

As the court put it: if a company knows it’s collecting valuable personal data from a user in California, it can’t pretend it’s not doing business there.

👀 Watch this one closely.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News

Illustration of a Home Depot employee in front of warehouses and trucks symbolizing its AI-powered supply chain network.

How Home Depot sped up its supply chain and what comes next

December 30, 2025
Illustration of a lululemon executive at a forked path with international expansion on one side and a struggling North American market on the other, with distant boardroom conflict in the background.

Lululemon’s global push starts as its North American core sputters

December 30, 2025