On April 9, 2026, a Manhattan federal judge refused to toss a class-action lawsuit accusing CNN of letting outside advertising trackers scoop up and sell visitors’ browsing data, keeping the case very much alive and moving it into discovery. The suit, brought by plaintiff Anthony D’Antonio, claims tracking code on CNN.com collected IP addresses and device identifiers that were then shared with adtech vendors and data brokers for targeted ads. Judge Victor Marrero found the complaint adequately alleged both Article III standing and a claim under California’s pen-register provisions, so the parties now head into the fact-finding stage.
Judge's ruling
In a decision signed April 9, Marrero denied CNN’s motion to dismiss, holding that D’Antonio had alleged a concrete injury and that the complaint plausibly claimed the site’s trackers operated as pen registers under California law. He said CNN’s argument that it is shielded by a narrow provider exception raises factual questions that cannot be resolved at the pleading stage. The full decision is available in the official order, according to Justia Dockets & Filings.
What the complaint says
The second amended complaint alleges that CNN embedded tracking code from Microsoft, PubMatic and OpenX that logged IP addresses, device metadata and unique identifiers that could be linked to profiles held by data brokers and then sold into real-time ad auctions, according to Bloomberg Law. The filings say at least one advertiser, Jaguar Land Rover, bid on data tied to D’Antonio’s visit, an example the plaintiffs highlight to show how a single page view can ripple through the ad marketplace. Those allegations sit at the core of the CIPA pen-register theory that the court has now allowed to advance to discovery.
CNN's defense and next steps
CNN told the court that D’Antonio had not alleged the sort of concrete injury required for Article III standing and argued that the trackers recorded the content of communications, an argument that, if accepted, would place the conduct outside CIPA’s pen-register prohibition. Marrero rejected the motion to dismiss but left the provider-exemption defense for another day, saying the factual record must be developed before the court can resolve that issue. The ruling pushes the case into discovery, where the parties will test whether the disputed trackers qualify as banned pen registers, according to Justia Dockets & Filings.
Why advertisers and publishers are watching
The decision adds another data point to a growing patchwork of federal rulings over whether commonplace adtech tools and browser “fingerprinting” techniques fall within CIPA’s pen-register language. Legal analysts note that the split, with some courts letting these claims proceed and others tossing them, leaves publishers and adtech vendors exposed to potentially hefty statutory liability in California, according to analysis by Baker Donelson.
Legal implications
Under California law, a successful CIPA claim can generate statutory damages of $5,000 per violation or three times actual damages, and plaintiffs can also seek injunctions to halt ongoing tracking. Those remedies and the pen-register ban appear in Cal. Penal Code sections 637.2 and 638.51, which also contain narrow exceptions for providers and for user consent, as set out in the Cal. Penal Code and the Cal. Penal Code. The statutory floor for damages does not require proof of monetary loss, which is why CIPA claims come with outsized theoretical exposure for defendants.
Case details
Plaintiff D’Antonio is represented by Bursor & Fisher PA, while Weil, Gotshal & Manges LLP appears for CNN. The case is styled D’Antonio v. Cable News Network, Inc., No. 1:24-cv-03132 (S.D.N.Y.), and filings and reporting from Bloomberg Law indicate the matter will now move into discovery.
