Most performance marketers treat pixel-based conversion tracking as infrastructure — as fundamental and unquestioned as DNS resolution. But a case now before the Washington Supreme Court could reclassify the standard Meta, Google, and third-party tracking pixels on your site as illegal wiretapping under state two-party consent laws. In Baker v. Seattle Children’s Hospital, plaintiffs argue that pixels transmitting visitor behavior to third-party ad platforms constitute unauthorized interception of private communications — the legal definition of wiretapping in approximately 11 to 13 U.S. states. The IAB has publicly flagged this case as an existential threat to ad-supported media. If your attribution stack depends on browser-side JavaScript to measure conversions, this is the risk you haven’t scenario-planned for.
How a Tracking Pixel Becomes a Wiretap Under Two-Party Consent Law
The core of the Baker argument is surprisingly straightforward. Washington’s wiretapping statute (like those in California, Pennsylvania, Illinois, Florida, and several other states) requires all-party consent before any private communication can be intercepted or recorded by a third party. The plaintiffs contend that when a user visits a website and a tracking pixel fires, transmitting browsing behavior, form inputs, or page-view data to a third-party platform like Meta or Google, that transmission constitutes interception of a private communication by a party (the ad platform) the user never consented to communicate with.
This isn’t about cookies. It’s about the act of transmission itself. The pixel’s JavaScript executes in the user’s browser, captures behavioral data, and sends it to a third-party server — all without the user entering into any direct relationship with that third party. Under a strict reading of two-party consent statutes, the ad platform is an unauthorized third party intercepting a communication between the user and the website.
If the court agrees, the implications extend well beyond healthcare. Every conversion pixel on every website in a two-party consent state becomes a potential statutory violation — with per-incident damages that scale with traffic volume.
The Case Is Already at the Washington Supreme Court
It’s worth being precise about where this stands: Baker is not slowly working its way through lower courts. The Washington Supreme Court accepted the case in January 2026 and is actively hearing it. That matters because it means the legal theory isn’t a trial-level speculation. It has survived to the state’s highest court, where a ruling in the plaintiffs’ favor would carry binding precedent.
The case began in 2023, when three plaintiffs filed a putative class action alleging Seattle Children’s Hospital used the Meta Pixel on its public website to track and share patient browsing activity — including click data, searches, and page navigation — without adequate consent. The trial court initially dismissed the case, ruling that the plaintiffs’ website activity did not constitute a “private communication” under Washington’s Privacy Act. The plaintiffs appealed, and the Washington Supreme Court agreed to take it up.
That lower-court dismissal is an important nuance: the legal question is genuinely unsettled. But the fact that the state’s highest court chose to hear the case signals it views the question as substantial. The IAB and U.S. Chamber of Commerce have both filed amicus briefs on the side of Seattle Children’s, which tells you how seriously the business community is taking the potential outcome.
Why Consent Banners Don’t Close the Legal Gap
A common response from performance marketing teams is some version of “our consent banner covers us.” It’s worth understanding why that may not be true and why the Baker case illustrates the gap precisely.
Seattle Children’s did present a cookies consent pop-up to website visitors that disclosed data collection and sharing for marketing purposes. The trial court found that sufficient; the plaintiffs disagreed, and the Supreme Court is now deciding who’s right. Consent management platforms (CMPs) present general terms-of-service agreements, not the specific, informed, per-party consent that two-party wiretapping laws typically require. A generic “we use cookies and tracking technologies” disclosure is not necessarily the same as obtaining a user’s affirmative consent to have their browsing data intercepted by Meta Platforms, Inc.
The gap between what CMPs actually secure and what the statute demands is exactly what Baker is litigating. The question performance marketers should be asking is: if pixel-based measurement became legally unavailable in 11 to 13 states tomorrow, which of my channels still have a functioning attribution methodology?
What Actually Breaks in a Standard Multi-Channel Attribution Stack
Walk through what a ruling in the plaintiffs’ favor disables in a standard performance marketing setup:
- Platform conversion pixels (Meta CAPI, Google Ads tag, TikTok pixel): These are the primary targets. If third-party data transmission without explicit per-session consent constitutes wiretapping, firing these pixels becomes a legal liability. Server-side implementations don’t escape the logic — the statute covers the interception, not the technical method of transmission.
- Multi-touch attribution models: MTA depends on stitching touchpoints across sessions, which means tracking pixel fires at each stage. Remove pixels, and MTA loses the event data it needs to assign fractional credit. The model doesn’t degrade gracefully; it collapses at the edges first, which is exactly where acquisition channels live.
- Retargeting audiences: Every retargeting pool is built on pixel-fired behavioral data. If pixel deployment is restricted, your retargeting segments stop growing and begin to decay within days.
- Lookalike seed audiences on walled gardens: Meta and Google lookalike audiences built from pixel-derived conversion events lose their seed data. Prospecting audience quality degrades in direct proportion to the freshness of your conversion signal.
- Real-time bidding optimization: Automated bid strategies on every major platform use conversion pixel data as their primary feedback signal. Without it, smart bidding reverts to proxy metrics like clicks, impressions, etc., that have weak correlation with actual revenue.
This isn’t a hypothetical domino chain. It’s the standard architecture of performance marketing, and every link depends on browser-side JavaScript that may be one ruling away from carrying statutory liability.
How Matchback Attribution Eliminates Pixel-Based Legal Exposure
This is where the conversation shifts from legal exposure to infrastructure resilience. Matchback attribution (the methodology used in programmatic direct mail) measures conversion by matching a deterministic send file (the list of households that received a mail piece) against a purchase or conversion file, using a holdout control group to isolate incrementality. No browser-side code is involved. No third-party JavaScript executes in anyone’s browser. No behavioral data is transmitted to an external server during the user’s session.
The measurement happens entirely offline, using first-party data the marketer already possesses (the send list) and first-party transaction data (the purchase file). There is no interception of a communication, no third-party data transmission, and no statutory hook for a wiretapping claim.
The holdout group matters here more than it might seem. It’s what separates matchback attribution from simple correlation. By comparing conversion rates between the mailed group and a statistically matched control group that didn’t receive the piece, you can isolate the causal lift of the mail, not just observe that some recipients happened to convert. That’s the same incrementality standard sophisticated digital teams apply to paid channels, and it’s the standard your finance team will eventually ask you to meet.
This doesn’t mean direct mail replaces digital channels. It means that in a portfolio of acquisition channels, programmatic direct mail is the one whose measurement methodology carries zero exposure to the legal theory being tested in Baker. For performance marketers building resilient attribution stacks, that’s not a marginal advantage — it’s a structural one.
What Postie Specifically Adds to a Pixel-Independent Stack
Postie’s implementation of matchback attribution goes beyond what traditional direct mail measurement provides. A few specifics worth understanding:
Deterministic 1:1 matching, not modeled aggregates. Postie matches individual mail recipients to individual purchase transactions — not zip-code-level aggregate comparisons to control areas. This produces the same unit-level attribution standard that digital pixel measurement delivers, which matters when you’re benchmarking channel performance across your stack.
Real-time reporting while campaigns are live. Traditional matchback is post-campaign: you mail, you wait, you measure. Postie’s KPI dashboards surface CPA, CVR, and ROAS in real time, broken down by audience segment, creative, and offer. That means direct mail operates on the same optimization cadence as paid digital — you’re not flying blind for 60 days.
Direct mail retargeting as a pixel-free retargeting alternative. One of the highest-value use cases if pixel-based retargeting becomes restricted: Postie can match anonymous website visitors to postal addresses, enabling physical mail retargeting of site visitors who didn’t convert, including non-logged-in visitors. This directly addresses the retargeting decay problem described above. Unique promo codes assigned per recipient maintain precise conversion attribution without any browser-side tracking.
Identity resolution that doesn’t depend on cookies or pixels. Postie’s audience targeting and matching infrastructure operates on postal identity data — household-level, address-based, deterministic — rather than probabilistic cookie graphs. This means your prospecting and retargeting audiences don’t shrink or degrade as third-party cookie availability contracts.
Building at least one high-performing acquisition channel with pixel-independent attribution isn’t just a performance optimization play. It’s a legal risk mitigation strategy that ensures you have clean, defensible conversion data regardless of how Baker or the copycat suits that will follow in California, Pennsylvania, Illinois, and Florida resolves.
Three Steps to Reduce Your Exposure Before the Ruling
You don’t need to wait for a verdict.
- Audit your pixel deployment by state. Map which conversion pixels fire for users in two-party consent states. Quantify the share of your total attributed conversions that depend on those pixel fires. That number is your exposure surface.
- Stress-test your attribution models without pixel data. Run a scenario where platform pixels are disabled in 11 to 13 states. Identify which channels lose all measurement and which retain independent attribution methodologies. The channels that go dark are your concentration risk.
- Build or expand a programmatic direct mail program with matchback attribution. This gives you a high-performing acquisition channel whose measurement stack is completely independent of browser-side tracking infrastructure — with incrementality validated through holdout testing, not pixel-derived proxies. It’s the hedge that also performs.
The Baker case may settle, or the court may rule narrowly. But the legal theory is now before the state’s highest court, and plaintiff attorneys in more than a dozen states have a roadmap. The time to build pixel-independent attribution infrastructure is before you need it.
