Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Contact Us
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Sports
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Advanced Manufacturing and Industrials
    • Art and Cultural Property
    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Entertainment & Sports
    • Financial Institutions
    • Healthcare
    • Higher Education
    • Infrastructure
    • Nonprofit Organizations
    • Real Estate
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Videos
    4. Technical gaps in website tracking compliance

      Videos

    Technical gaps in website tracking compliance

    July 8, 2026

    LinkedInX (Twitter)EmailCopy URL

    By Jason Kravitz and Jenny Holmes

    Alex Proctor at Captain Compliance speaks on the technical gaps that could leave companies exposed to pixel tracking litigation.

    Alex Proctor at Captain Compliance speaks on the technical gaps that could leave companies exposed to pixel tracking litigation.

    A Little Privacy, Please!

    Alex Proctor, Chief Trust and Privacy Officer at Captain Compliance, discusses the technical gaps that leave companies exposed to pixel tracking litigation.

    There has been a significant surge of litigation filed against companies accused of using software tools to track website user behavior without users’ knowledge or consent — commonly called pixel tracking litigation, or pixel privacy litigation.

    For this episode, we were joined by Alex Proctor, Chief Trust and Privacy Officer at Captain Compliance, a privacy technology startup focused on helping organizations navigate privacy, compliance, and risk management challenges. Alex brings over 15 years of experience in privacy and data protection, leading cybersecurity and privacy governance, risk, and compliance programs across highly regulated industries.

    The following conversation has been edited for clarity and length.

    Tell us about Captain Compliance.

    Captain Compliance is a purely focused privacy technology company. We’re involved in the world of CMPs (consent management platforms), dynamic privacy notices, and data subject request processing with automation.

    One thing I’ve learned from working in the CMP space is that it is extremely difficult to get right. It’s not always obvious at first glance. You think these things consist of a pop-up on a website and a couple of buttons. How hard can that be? But the reality is, the level of integration necessary to meet the standard for a maximally defensible website, with regard to this wiretapping litigation, and to hold up under the scrutiny of a state regulator, is a very high bar. There are considerations including how you handle cookies and scripts, and those are not handled in the same way. You’re also dealing with integrations with things like Google Consent Mode, and if you’re a Shopify shop, Shopify API integration. There are just so many opportunities to get things wrong.

    I’ve been on the other side buying privacy technologies in my past, and I never felt like I had time to truly invest in understanding them. What I love about Captain Compliance is being able to take on a lot of that load for our clients and give them the peace of mind that their technology is going to work correctly if it ever gets scrutinized.

    Why do so many companies struggle to get website consent right?

    It’s very easy to not configure website consent to the degree it actually needs to be. Most consent technologies operate in multiple layers. The two I’d like to highlight are the cookie auto-blocking layer and the script-gating layer. The auto-blocking layer does things like delete cookies from your browser if someone opts out and controls browser-level storage. The script-gating layer is where you put logic in your tag triggers to look for consent signals.

    It’s very easy to drop a script on a website, make sure the banner looks good, and think you’re mostly there. But privacy testers will be testing much more than just cookies. They’ll be looking for network transactions to third parties that don’t rely on cookies at all. To truly maximize your defensibility, you need to go somewhat deeper, and that does involve some manual setup.

    Why are tracking cases difficult for companies to navigate?

    All of this private litigation is generally not happening via our modern privacy laws, which typically don’t give a private right of action. What plaintiffs are doing is using old wiretapping laws, some dating back as far as the 1960s. The California Invasion of Privacy Act was literally created before the internet existed. But these old laws do have a private right of action, and so you have cases where decades-old statutes are being used to challenge the most modern website technologies available.

    The difficulty is that courts are completely split on how to deal with these allegations. Some cases get thrown out—especially in certain jurisdictions—while in others, they regularly proceed. And when they do, the case law can differ significantly. In some of the most extreme cases out of California, courts have found that retroactive consent is invalid—you must opt in prior to firing any trackers. Because companies care deeply about their marketing data and targeted advertising, running that kind of opt-in model is not great for the marketing department. It creates risk-based decisions where companies need to weigh whether that residual risk is worth it when choosing between opt-in and opt-out models. It’s tough to navigate because of the ambiguity.

    How should companies balance legal requirements against marketing needs?

    It has to be a business risk decision, first and foremost. From our internal data, most people don’t interact with consent banners. You’ll be lucky to get five percent of people clicking “allow” and five percent clicking “reject”—most people are going to be stuck with the default policy. So if that default is restrictive, it’s going to have a major impact on marketing. For many companies, they simply can’t tolerate that unless they’re in a region where it’s absolutely required.

    You do see some companies that are sensitive to the litigation trying to find incremental solutions. One example: instead of running an opt-in model across all states, a company might choose to run opt-in in California and in other two-party consent states where similar claims are emerging, like Florida, while leaving most of the US on an opt-out model. It’s a compromise, but that’s the type of decision being made.

    There are also things companies can do from a UI perspective, though it’s important to stay clear of dark patterns or deceptive designs. You will see companies, when they’re in an opt-in model and want to maximize interaction rates, do things like place the banner in the center of the webpage or require interaction before accessing the site, to try to preserve at least some analytics while still honoring the opt-in model.

    How can companies assess whether their CMP deployment is working?

    If you’re validating the quality of your CMP deployment, you want to be working with your legal team. Someone with a legal background should be providing a critical eye, because a lot of the technical aspects will require legal analysis.

    Beyond that, there needs to be ongoing review. This can take different forms—a quarterly assessment, monitoring technology that flags issues for legal review, or a third-party provider. But the main theme is that somebody should be doing ongoing review, at minimum quarterly, with legal involvement. This is not something you can set and leave alone for months.

    Thank you Alex Proctor for sharing your insights.

    A Little Privacy, Please!

    Practices

    Cybersecurity & Privacy

    Insights And Happenings

    • Video

      India’s Digital Personal Data Protection Act

      March 3, 2026
    • Video

      Cybersecurity and insider threat risks

      Feb 12, 2026
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Contact Us
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Supplier Code of Conduct
    • Nixon Peabody International LLP
    • PAL
    © 2026 Nixon Peabody. All rights reserved