A federal appeals court has reinstated a potentially groundbreaking Shopify data privacy class action lawsuit against Canadian e-commerce giant Shopify, delivering a decision that could reshape how US courts handle jurisdiction over internet-based platforms. In a decisive 10-1 ruling, the 9th U.S. Circuit Court of Appeals in San Francisco determined that Shopify must face litigation in California for allegedly collecting personal identification data from customers making purchases on retailer websites based in the state.
The case centers on allegations by California resident Brandon Briskin, who claims Shopify secretly installed tracking cookies on his iPhone when he purchased athletic wear from retailer I Am Becoming. According to court filings, Shopify allegedly used this collected data to build consumer profiles that it then marketed to other merchants-all without obtaining proper user consent.
Shopify had vigorously fought the California jurisdiction, arguing its nationwide operations meant the case should be heard in Delaware, New York, or Canada. While a lower court and initial three-judge appellate panel agreed with Shopify’s position, the full appeals court overturned those decisions in a strongly worded majority opinion.
Circuit Judge Kim McLane Wardlaw wrote that Shopify had “expressly aimed” its conduct at California by “knowingly installing tracking software onto unsuspecting Californians’ phones” in a systematic manner that was “neither random, isolated, nor fortuitous.” The ruling establishes that internet companies cannot avoid state jurisdiction simply by operating globally.
Shopify immediately criticized the decision, with a company spokesperson calling it an attack on “the basics of how the internet works” that could force online entrepreneurs into far-flung courtrooms regardless of their actual location. Legal observers note the ruling could have significant implications for how digital platforms handle consumer data collection across state lines, further spotlighting Shopify data privacy practices.
The case has drawn attention from across the political spectrum, with a coalition of 30 state attorneys general plus Washington D.C. filing in support of Briskin’s position. These states argued they need this jurisdictional authority to properly enforce their consumer protection laws against companies operating in local markets through digital storefronts.
Plaintiff’s attorney Matt McCrary hailed the decision as a victory for accountability, rejecting what he called Shopify’s argument that “a company is jurisdictionally ‘nowhere’ because it does business ‘everywhere.'” Legal experts suggest Shopify may appeal to the Supreme Court, though the company has not yet announced its next steps.
