Meta, TikTok Steal Users' Sensitive PII When They Click on Ads

Research from Jscrambler reveals that Meta and TikTok tracking pixels collect extensive sensitive user data — including full names, credit card details, and granular shopping behavior — from advertiser websites, regardless of users' consent preferences. The pixels activate before consent banners are even shown. Advertisers who embed these pixels face significant legal exposure under GDPR and CCPA, as they are technically responsible for configuring what data is collected. TikTok deflected responsibility onto advertisers, while Meta declined to comment. The researchers draw a parallel to a $18M class action settlement against Mass General Brigham hospitals over similar third-party tracking practices, warning that advertisers who fail to restrict these pixels risk lawsuits, reputational damage, and compliance violations.