California resident Nathaniel Bee filed a lawsuit this week alleging that the ATP Tour’s website used third-party tracking technology that captured details on how visitors interacted with the site, including what content they viewed; how they navigated the website; and what type of device they used, without user consent in violation of the California Invasion of Privacy Act. According to the complaint, that information was transmitted to third parties, including Google and Comscore Inc., and was used for targeted advertising and analytics.
The lawsuit centers on what users were told and what the website allegedly did anyway. The plaintiff alleges that users first visiting the ATP Tour website are presented with two options: accept “essential cookies only” or accept “cookies.” The plaintiff argues that the “essential cookies only” option gives visitors the impression that they can opt out of tracking that shares information with “social media, advertising and analytics partners.” However, even after a user selects “essential cookies only,” the ATP Tour allegedly continued transmitting non-essential information that could be used for targeted advertising. The complaint states that “even when users attempted to limit tracking by rejecting nonessential cookies, ATP Tour failed to prevent third parties from receiving information generated by users’ website communications.”
Even at the allegation stage, the case highlights a pressure point for many consumer-facing websites where consent interfaces are only as reliable as the technical controls behind them.
If a website offers an “essential cookies only” option, the expectation is that third-party tags, pixels, and scripts tied to advertising and analytics are actually disabled or prevented from transmitting data when a user opts out.
Regardless of how the claims ultimately shake out, the complaint underscores a simple but increasingly litigated reality: privacy disclosures and consent banners are only as defensible as the engineering behind them. If a site presents an “essential cookies only” option, users reasonably expect that advertising and analytics tags, pixels, and scripts are actually blocked from firing and from transmitting data to third parties. For consumer-facing organizations, this case is a reminder to align what the interface promises with what the site does in practice, and to validate that opt-out choices are enforced consistently across all third-party tools and integrations.
[View source.]
