Third Circuit Rejects a Meta Pixels Case–Cole v. Quest Diagnostics

November 21, 2025 · by · in Internet History, Privacy/Security

This is a Meta Pixels case. In a short nonprecedential opinion, the Third Circuit rejects the plaintiffs’ claims.

CIPA. The court says that Facebook isn’t impermissibly “eavesdropping” when a user’s computer simultaneously and concurrently transmits information to the website they’re browsing and to Facebook. The court says:

As the recipient of a direct communication from Plaintiffs’ browsers, Facebook was a participant in Plaintiffs’ transmissions such that Quest did not aid or assist Facebook in eavesdropping on or intercepting such communications, even if done without the users’ knowledge.

If the simultaneous and concurrent delivery of a message to an undisclosed listener isn’t eavesdropping, I’m not sure what is… I wonder if this ruling is vulnerable on further appeal?

CMIA (California Confidentiality of Medical Information Act). This law regulates the disclosure of “medical information.” The court says the Pixels didn’t touch that category of information here:

Plaintiffs allege that Quest “disclosed the URL of the webpage a patient accessed to review test results,” but did not allege that Quest disclosed those test’s nature or results or any other substantive medical information. Thus, at most, Plaintiffs alleged that Quest disclosed Plaintiffs had been its patients, which is not medical information protected by CMIA.

This discussion immediately brought to mind the Pharmatrak case, which involved pixel usage before Facebook was even founded. In Pharmatrak, one customer-website used the “get” HTML command instead of the “Post” command to collect information from webforms, and that decision appended the form’s sensitive contents to the URL and pumped unwanted private medical information into Pharmatrak’s databases. Pharmatrak thus intercepted private information for ECPA purposes. Here, I’m inferring that the Quest pages at issue didn’t have any forms, or that Quest or Facebook took the necessary technical steps to strip out any private information that could incidentally get appended to the URLs. Otherwise, the court’s analysis of what could appear in the URLs seems optimistic.

Implications

In this ruling, the Third Circuit is interpreting California statutes, which is nominally one step outside their swimlane. The panel notes its conflicts with rulings from the Ninth Circuit-governed courts but says it has to stick with its own homebrewed precedence when interpreting the law of a state outside its circuit.

The genre of Meta Pixels litigation is out-of-control. I recently ran a quick search in Westlaw and there were about 300 Meta Pixels decisions, and I feel like I get 1-4 Westlaw email alerts about new Pixels decisions EVERY DAY. Insanity. This litigation madness needs to stop.

It’s especially noteworthy when an appellate court rejects a Pixels case, like the Second Circuit did in the VPPA cases. Many Pixel district court rulings are refusals of the defendant’s motion to dismiss, with only limited insights into the ultimate disposition of the case. Nevertheless, the overwhelming quantity of those rulings creates a veneer of legitimacy around the litigation genre. This has been especially true for Meta Pixel cases against healthcare entities, where special protections for healthcare privacy have helped the plaintiffs survive motions to dismiss. Despite that momentum, a few key appellate decisions rejecting the legal foundations of the Pixel litigation could put an end to it. As the maxim goes, it’s not where you start, it’s where you finish, and it’s not clear to me how many Pixel cases are going to end with plaintiff wins when they reach their end.

Case Citation: Cole v. Quest Diagnostics, Inc., 2025 WL 3172640 (3d Cir. Nov. 13, 2025)

More Posts on the Pixel Cases