Skip to main content

Legal Insights

The Adidas Ruling Lowers the Bar for Privacy Standing — A Wake-Up Call for Digital Compliance

By James Chung, Managing Partner, Pro Veritas Law LLP  ·  April 3, 2026  ·  5 minutes read

In Camplisson v. Adidas America, Inc. (2025 WL 3228949, S.D. Cal. Nov. 18, 2025), a federal court in California delivered a landmark decision for privacy advocates. Plaintiffs alleged that Adidas's website used tracking pixels from TikTok and Microsoft Bing to secretly collect visitors' IP addresses, browser data, and other personal identifiers without consent. Adidas moved to dismiss, arguing no Article III standing and no statutory standing under the California Invasion of Privacy Act (CIPA) because plaintiffs showed no economic injury or traditional privacy harm.

Judge Gonzalo P. Curiel rejected those arguments outright. He held that a violation of one's privacy rights is an injury in itself. No proof of financial loss or concrete economic damage is required for standing. The court recognized the privacy invasion as concrete and aligned with traditional harms, allowing the class action to proceed. CIPA's statutory damages — up to $5,000 per violation — apply even without actual harm shown.

This ruling sets a low bar for plaintiff standing in digital privacy cases, especially under California law. Anyone with a genuine interest in protecting their digital privacy now has a clearer path to court. In an AI-driven world where data leaks can cascade like the Titanic hitting an iceberg, this decision reinforces that privacy isn't optional — it's fundamental.

Why Repeated Notices Matter: Establishing Contact and Bad Faith

When a company's publicly listed contact email or address is used for notices and demands, courts generally presume contact is established unless the company proves otherwise. Sending multiple notices — especially escalating to certified mail — demonstrates good-faith efforts to resolve issues before litigation. Ignoring them signals bad faith.

Privacy violation suits aim first and foremost at remediation: "Please fix the leaky, corroded, improperly fitted plumbing." These aren't about punishing every technical glitch; they're about collective inoculation. We're only as strong as our weakest link. One non-compliant site can undermine everyone's data security.

The Process That Shows Good Faith

  1. Initial notice via the company's listed email or contact form.

  2. Follow-up notices highlighting the ongoing violation.

  3. Final notice, often by certified mail, demanding remediation.

  4. Only then — lawsuit.

Courts view repeated ignored notices unfavorably. It can support claims of willfulness, opening the door to enhanced damages, including punitive awards in appropriate cases for oppressive or malicious conduct.

Building an Ironclad System

This isn't adversarial — it's collaborative. We're entering an AI era where data flows everywhere. A single breach or tracking violation can expose millions. By demanding fixes through structured notices, we're protecting the entire ecosystem.

Businesses that respond promptly and remediate show good faith and avoid escalation. Those that stonewall face the full weight of statutes designed to deter exactly this behavior.

The Adidas ruling makes clear: privacy standing doesn't require economic injury. The injury is the loss of control over your personal data. In California especially, the bar is low for those genuinely protecting digital rights.

This is a collective movement. One leaky site weakens us all. Let's fix the plumbing — before the whole ship goes down.

To discuss a potential matter or learn more about our practice, contact us.

This article reflects the views of the author and is intended for informational purposes only. It does not constitute legal advice or create an attorney-client relationship. For specific legal guidance, please consult directly with qualified counsel.

← Back to Legal Insights