In the case In re Meta Pixel Healthcare Litig., No. 22-cv-03580-WHO (VKD) (N.D. Cal. Apr. 24, 2025), California Magistrate Judge Virginia K. DeMarchi ordered plaintiffs to “produce documents sufficient to show all third-party cookies on plaintiffs’ relevant devices and/or browsers capable of collecting or sharing health information.”

Case Discussion and Judge’s Ruling

This case involved seven consolidated cases involving a tracking tool known as the Meta Pixel, through which the defendant allegedly received the health information of millions of Facebook users. Meta’s RFP 74 asked plaintiffs to produce all documents showing “the cookies on [plaintiffs’] devices and/or browsers” for every device and browser plaintiffs used to access their healthcare providers’ websites and patient portals, to which Plaintiffs objected to producing any responsive documents.

Meta identified three justifications for the discovery it sought in RFP 74:

1. Meta argued that it required the responsive documents to defend against plaintiffs’ contentions that Meta was solely responsible for collection and use of plaintiffs’ and class members’ confidential health information for targeted advertising, and that plaintiffs had a reasonable expectation of privacy in the health information they shared online.
2. Meta argued that it required these documents to defend against plaintiffs’ contention that Meta’s actions solely caused them harm.
3. Meta argued the documents would show whether and to what extent there were variations between and among the plaintiffs regarding their acceptance or tolerance of non-Meta third-party cookies that collected and shared their health information, which would in turn inform Meta’s arguments opposing class certification.

Plaintiff’s arguments for objecting were:

1. Plaintiffs argued that because Meta’s answer did not include a defense predicated on “non-Meta cookies,” and because Meta never mentioned such cookies in responding to an interrogatory about its factual and legal bases for opposing class certification, RFP 74 sought discovery about matters that are not at issue.
2. Plaintiffs argued that because RFP 74 seeks discovery about all cookies, it was overly broad because it necessarily sought information about cookies that have nothing to do with collection or sharing of health information and some of these irrelevant cookies may implicate serious privacy concerns.
3. Plaintiffs suggested that Meta should not be permitted to obtain responsive documents because it delayed seeking this discovery for over a year after receiving plaintiffs’ initial objections, and because any protocol to identify potentially relevant cookies that might be established at this late date would unduly delay the case schedule.

In beginning her analysis, Judge DeMarchi stated: “To the extent Meta seeks documents showing all third-party cookies on plaintiffs’ devices and/or browsers that collected or shared health information—i.e. the same kind of data at issue in this case—such discovery is clearly relevant to plaintiffs’ claims and Meta’s defenses.”

Continuing, she said: “As Meta observes, plaintiffs specifically allege that Meta uses the Pixel to collect plaintiffs’ and class members’ health information and then uses that information to facilitate targeted advertising to plaintiffs and putative class members, causing them harm. Plaintiffs also allege that Meta is solely responsible for this conduct and the resulting harm…Contrary to plaintiffs’ suggestion, the Court is not persuaded that Meta was required to plead as an affirmative defense that it is not solely responsible for, or did not cause, the harm complained of, or that it was required to mention ‘non-Meta cookies’ in its answer, as a condition of developing evidence negating the essential elements of plaintiffs’ claims…In addition, the discovery Meta seeks also appears to be relevant to the arguments it expects to make in opposing class certification.”

However, Judge DeMarchi also stated: “the Court agrees with plaintiffs that the scope of RFP 74 exceeds the scope of relevant discovery because it encompasses all cookies, regardless of whether they are capable of collecting and sharing plaintiffs’ health information. Meta does not seriously dispute this…The difficulty appears to be that it is not clear how to identify relevant non-Meta cookies from among the thousands or tens of thousands of third-party cookies plaintiffs say their devices and browsers have. Meta explains that there are hundreds of thousands of possible cookies and that, absent some information about the kinds of cookies plaintiffs’ have, the only way Meta’s experts can determine which other third-party cookies could have collected and transmitted plaintiffs’ health information is to examine all of the cookies on plaintiffs’ devices and browsers…Plaintiffs respond that Meta never proposed any reasonable protocol for distinguishing relevant cookies from irrelevant cookies, and even if Meta had done so, plaintiffs object to undertaking the effort to implement such a protocol.”

Stating: “The parties’ lack of cooperation regarding this document request is troubling, as the Court expects that, with some effort, the parties could have at least narrowed the scope of production responsive to the request”, Judge DeMarchi ordered plaintiffs to “produce documents sufficient to show all third-party cookies on plaintiffs’ relevant devices and/or browsers capable of collecting or sharing health information.” However, she also ordered: “By April 30, 2025, Meta shall identify objective criteria plaintiffs may use to facilitate the identification of relevant and responsive cookies. In making a responsive production, plaintiffs may rely on the objective criteria identified by Meta to facilitate the identification of relevant and responsive cookies. However, if plaintiffs elect not to rely on Meta’s objective criteria, they must produce the entire list of third-party cookies on plaintiffs’ relevant devices and browsers.”

So, what do you think? Have you ever seen a discovery request for cookies before? Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of Minerva26, an Affinity partner of eDiscovery Today.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.