Background
Cookies and pixels used to track user data on the internet are quickly becoming a source of ESI that litigators need to understand and consider how to handle in discovery. In In re Meta Pixel Healthcare Litigation, plaintiffs alleged they were harmed by the use of the Meta Pixel on their healthcare portals, allowing Meta to collect private information about their health issues and benefit from it.
The latest decision in that case landed on April 24, 2025, when U.S. Magistrate Judge Virginia DeMarchi ruled on Meta’s motion to compel production of the plaintiffs’ browser and device level cookie data.
Meta insisted it needed all cookies from every device and browser the named plaintiffs used to access patient portals, arguing the data would:
- Disprove that Meta alone collected health information,
- Undercut claims that Meta’s conduct solely caused any harm, and
- Expose variations that could doom class certification.
Plaintiffs countered that the request was untethered to any pleaded defense, wildly overbroad, and fatally late.
The Ruling — Precision over Pulverization
Judge DeMarchi agreed the cookie universe was relevant but found Meta’s net far too wide. She limited discovery to third‑party cookies that actually “collected or shared health information”, rejecting a fishing expedition into thousands of irrelevant files. To break the impasse, the Court ordered Meta to propose objective criteria for identifying the narrow slice of cookies it really needs. Plaintiffs must then:
- Apply Meta’s criteria to cull and produce responsive cookies or
- Hand over the entire cookie list and let Meta do the filtering—subject to an enhanced protective order.
Translation: the burden now shifts back to counsel to craft a defensible, technically feasible protocol—or risk another trip to the courthouse.
Why This Matters Beyond Meta
- Cookie data is discoverable ESI. Litigators can’t treat it as background noise; it carries its own metadata fields, privacy implications, and collection headaches.
- Scope still reigns. Even when data is relevant, courts will insist on a tight nexus between the request and the pleaded claims or defenses.
- Protocols beat motions. Judge DeMarchi’s obvious frustration should remind parties that collaborative sampling and phased discovery often trump all‑or‑nothing demands.
- Class certification hinges on nuance. Variations in plaintiffs’ tech behavior (e.g., cookie settings) can fracture commonality. Defendants should mine that evidence early—but surgically.
Practical Playbook for Litigators
Key Takeaways
- Relevance isn’t carte blanche. Courts will prune discovery to the functional heart of the dispute—here, cookies tied to health data, not every tracker under the sun.
- Objective criteria are king. If you want esoteric ESI, be ready to specify how to find it without drowning the other side.
- Cookie collection is technically messy. Different browsers, devices, and export formats mean higher costs and longer timelines—factor that into proportionality arguments.
- Class actions magnify technical evidence. Small variances (which cookies ran, whether users blocked them) can dictate certification outcomes.
- Judicial patience is finite. Force the court to design your protocol and expect a solution that pleases no one
Conclusion
Judge DeMarchi’s order is more than a procedural skirmish; it’s a roadmap for handling new tech‑centric ESI in high‑stakes litigation. Whether you’re chasing pixels, SDK calls, or tomorrow’s tracking tool, the lesson is the same: tighten the request, collaborate on the process, and control the narrative before the judge does it for you.
