OpenAI hit with privacy lawsuit

OpenAI Global LLC is facing a proposed class action in California federal court that alleges the company embedded Meta’s Facebook Pixel and Google Analytics in ChatGPT’s web interface and disclosed user data without consent. The complaint was filed on May 13 in the U.S. District Court for the Southern District of California by plaintiff Amargo Couture, according to a law firm post reproducing the filing’s allegations. The suit says ChatGPT users’ queries, identifiers and related information were transmitted to Meta and Google in real time through tracking code on ChatGPT.com. OpenAI did not immediately appear to have published a public response to the lawsuit on its website as of May 15. ### What exactly does the lawsuit say ChatGPT shared? The May 13 complaint alleges OpenAI allowed Meta and Google tracking technologies to receive users’ personally identifiable information and ChatGPT communications while operating ChatGPT.com. According to the complaint summary, the plaintiff says the issue went beyond routine site analytics because users often enter sensitive information involving health, finances, legal matters and other private subjects. (okinadams.com) Meta’s Facebook Pixel is at the center of one claim. The complaint alleges that when a user entered a query into ChatGPT, information about that query was disclosed to Meta in real time, along with Facebook cookies that could tie the activity to a user’s Facebook identity. The complaint also alleges Google Analytics captured query-related data and, in some account scenarios, a hashed email address and Google-linked cookies. (okinadams.com) ### Which laws does the plaintiff say OpenAI violated? The complaint asserts claims under the federal Electronic Communications Privacy Act, the California Invasion of Privacy Act and privacy protections under the California Constitution, according to the law firm summary of the filing. The proposed class would cover people whose personally identifiable information and ChatGPT communications were allegedly disclosed to third parties through use of the ChatGPT.com website during the class period. (okinadams.com) Yahoo Finance and other outlets that cited the filing reported the same core allegation: that OpenAI disclosed private ChatGPT user data to Meta and Google through embedded tracking technology without consumer consent. Those reports did not show a docketed ruling or response from the court, indicating the case is at an early stage. (okinadams.com) ### How does this land alongside OpenAI’s latest security disclosure? OpenAI said on April 10 that a broader software supply-chain incident involving the Axios developer library affected a GitHub Actions workflow used in its macOS app-signing process. The company said the workflow had access to a certificate and notarization material used for ChatGPT Desktop, Codex, Codex CLI and Atlas. OpenAI said it found no evidence that user data was accessed, that its systems or intellectual property were compromised, or that its software was altered. (finance.yahoo.com) March 31, 2026, is the date OpenAI gave for the Axios compromise. The company said it was revoking and rotating the certificate “out of an abundance of caution” and required macOS users to update OpenAI apps by May 8, 2026. OpenAI also said older versions signed with the previous certificate could stop functioning or lose support after that date. (openai.com) ### What products did OpenAI release at the same time? OpenAI has also been expanding its coding and cybersecurity products this week. On May 15, third-party coverage reported that Codex remote access had been added to the ChatGPT mobile app for iPhone and Android users, extending the coding assistant beyond the Mac app. (openai.com) OpenAI’s Daybreak cybersecurity program is already live on the company’s website. The product page describes Daybreak as a cyber-defense offering built around OpenAI models and Codex, with features including threat modeling, patch validation, dependency risk analysis, detection and remediation guidance. OpenAI said on that page that it is working with industry and government partners “in the coming weeks” as it prepares broader deployment of more cyber-capable models. (macrumors.com) May 13 is the next concrete marker in the privacy case because that is when Couture v. OpenAI Global, LLC was filed in the Southern District of California. OpenAI’s next visible steps on the product side are the Daybreak partner deployments the company says it is preparing in coming weeks, while macOS users were already told to update affected OpenAI apps by May 8 under the certificate rotation plan. (okinadams.com) (openai.com)