The Ninth Circuit sitting en banc has greatly expanded the reach of personal jurisdiction by holding that e-commerce companies can be sued in any state where their platforms interact with users, even without differential targeting and without an in-state physical presence.

In Briskin v. Shopify, Inc., the court held that California federal courts had specific personal jurisdiction over Shopify, a Canadian e-commerce platform, based on its alleged data tracking and targeting practices of a California consumer, even though Shopify had no physical presence in the state and was not the merchant in the transaction.

The ruling appears to substantially broaden allegations that may support jurisdiction under a “purposeful direction” theory, particularly when interactive businesses use cookies, geolocation tools, and embedded code to collect consumer data for monetization.

Case Background

A California consumer bought athletic wear online from a California-based retailer, which used Shopify’s embedded checkout platform. Unbeknownst to the consumer, Shopify not only processed his payment but also allegedly implanted tracking cookies, collected geolocation and behavioral data, and created a consumer profile which it could monetize.

The consumer filed a putative class action alleging various privacy violations and unfair competition under both state and federal law. The district court dismissed the case for lack of personal jurisdiction, finding Shopify’s conduct insufficiently connected to California, which a Ninth Circuit panel affirmed. But sitting en banc, the Ninth Circuit court reversed, holding that Shopify’s alleged conduct justified the exercise of specific jurisdiction.

The Ninth Circuit’s Ruling

In a decisive opinion, the court expressly overruled prior circuit authority—including AMA Multimedia v. Wanat—to the extent such authority held that nationwide e-commerce targeting, without more, was insufficient for jurisdiction.

Now, as the court summarized, the rule in the Ninth Circuit for specific jurisdiction is that “an interactive platform ‘expressly aims’ its wrongful conduct toward a form state when its contacts are its ‘own choice and not ‘random, isolated, or fortuitous,’ [citation], even if that platform cultivates a ‘nationwide audience[] for commercial gain.’ [citation].’” Id. at *13 (citations omitted).

As to Shopify, the court held that:

• Shopify purposefully directed its conduct at California by knowingly embedding tracking technology in devices in the state and using that data for commercial gain.
• The claims “arose out of or related to” Shopify’s forum-directed conduct, satisfying the second prong of the specific jurisdiction test.
• Exercising jurisdiction was reasonable, given California’s interest in protecting residents and the burden on Shopify was not constitutionally significant.

Ninth Circuit’s Unique Stance on E-Commerce Jurisdiction

Briskin sets the Ninth Circuit apart from other federal circuits by eliminating the requirement for “differential targeting” for exercising specific jurisdiction over e-commerce platforms. Many other federal circuits require a defendant’s conduct to be expressly aimed at the forum state for specific jurisdiction. The Ninth Circuit held that knowingly engaging with users in a state through data collection and monetization suffices, even without state-specific targeting. This divergence and broader interpretation underscores the Ninth Circuit’s unique stance, potentially subjecting e-commerce platforms to litigation in any state where their services are accessible, regardless of whether the company specifically targets that state’s market.

Some Key Takeaways

1. Nationwide Platforms May Face Jurisdiction in Any State with Users. The court clarified that platforms cultivating a national (or global) customer base can still be haled into court in a specific state if their technology targets its residents.
2. Transparency and Consent Matter. Shopify’s lack of disclosure seemed to play a key role. The court noted that the consumer had no reason to know Shopify intercepted and stored his data—let alone would seek to monetize it.
3. The Scope of “Relatedness” Is Broad. Even though Shopify did not advertise specifically to the consumer or initiate contact with him, the data collection and use of cookies sufficiently linked its conduct to the alleged harm. Indeed, the Ninth Circuit found Shopify deliberately targeted a California resident because its geolocation technology (through cookies dropped on the user’s device) allowed it to know the location of the user.
4. Revived Risk for Class Actions in Plaintiff-Friendly Forums. The decision lowers the bar for establishing jurisdiction at the pleadings stage, which may embolden plaintiffs to file data privacy and consumer protection class actions in California and other states viewed as more plaintiff-friendly.

A Note of Caution for Online Businesses

The en banc court’s tone suggested a shift toward a consumer-protection focus, given its emphasis on the explosive growth of e-commerce and the opaque monetization of consumer data. Companies collecting user data through common website tracking technologies—even through intermediaries or white-labeled systems—should reassess their exposure by auditing their websites and updating privacy notices and practices accordingly, especially given the ever-evolving legal landscape involving such matters.

Final Thoughts

Briskin v. Shopify reflects a growing judicial recognition that traditional notions of territoriality may not always square neatly with the digital economy. For businesses operating online, especially those embedding code or collecting data from users across jurisdictions, this case serves as a clear warning: if your platform targets users in a state—even passively—you may be subject to suit there.

Businesses should consult counsel to re-evaluate their data collection practices and notice disclosures, use of cookies and other online tracking technologies, Terms of Service, and risk mitigation strategies in light of this decision and other changes in the law.