How do I make TikTok Pixel CIPA compliant?

Gate TikTok Pixel behind a consent management platform so it does not load or transmit data until the visitor opts in. Confirm how TikTok Pixel is installed. If it loads through Google Tag Manager, set the tag's "Consent" settings to require the relevant consent type so it cannot fire before opt-in.

CIPA § 631 Risk

Is TikTok Pixel legal in California?

Q: Is TikTok Pixel legal in California?

TikTok Pixel is legal to use, but running it without obtaining prior visitor consent can expose a business to claims under California's wiretapping statute (CIPA § 631), which plaintiffs have applied to session-replay and tracking tools. Gating TikTok Pixel behind a consent management platform addresses the risk.

Ad Pixel / Behavioral Profiling · Updated 2026

The TikTok Pixel transmits visitor events to TikTok for ad targeting and conversion measurement. Using it is perfectly legal — but running TikTok Pixel before a visitor consents is what creates exposure under California's wiretapping law.

Is this tracker on your site? Find out free in 30 seconds.

Real browser scan with evidence capture. No signup required to see results.

Why TikTok Pixel can trigger CIPA claims

California's Invasion of Privacy Act (CIPA), Penal Code § 631, prohibits intercepting communications without all-party consent. Since 2022, a wave of plaintiff-firm litigation has applied this decades-old wiretapping statute to website session-replay, chat, and pixel tools — arguing that capturing a visitor's clicks, keystrokes, and form input without consent is an unlawful interception. The TikTok Pixel sends visitor and event data for ad targeting; gate behind marketing consent.

Statutory damages run up to $5,000 per violation, and plaintiffs argue each affected visitor session is a separate count — which is why even small sites receive demand letters.

Real-world enforcement

In a landmark action, the California Attorney General reached a $1.2M settlement with Sephora over its use of tracking technologies without honoring consumer privacy choices. Private CIPA suits over session-replay and chat tools have named retailers, healthcare providers, and SaaS companies alike. The common thread: trackers firing before the visitor had any chance to opt out.

How to make TikTok Pixel compliant

Confirm how TikTok Pixel is installed. If it loads through Google Tag Manager, set the tag's "Consent" settings to require the relevant consent type so it cannot fire before opt-in.
Add GTM Consent Mode with all storage defaulting to "denied" (snippet below), and connect a CMP that flips consent to "granted" only after the visitor accepts.
If TikTok Pixel is hard-coded as a raw <script> instead of via GTM, move it into GTM (or wrap it) so the consent gate actually applies — a raw snippet ignores Consent Mode.
Re-scan with RegSentry's "Verify fix" button to confirm TikTok Pixel no longer fires before consent.

Consent-gating snippet

<!-- Place BEFORE the GTM/gtag snippet. Defaults all storage to "denied"
     so no tags fire until your CMP updates consent after the user opts in. -->
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('consent', 'default', {
    ad_storage: 'denied',
    analytics_storage: 'denied',
    functionality_storage: 'denied',
    personalization_storage: 'denied',
    security_storage: 'granted',
    wait_for_update: 500
  });
</script>

Your CMP (Cookiebot, OneTrust, Termly, etc.) calls gtag('consent','update',{...:'granted'}) only after the visitor accepts. Until then, tags stay blocked.

TikTok Pixel's official privacy/consent documentation →

Check your own site

RegSentry runs a real browser against your site, watches exactly when TikTok Pixel (and every other tracker) first contacts a third-party server, and captures the evidence — including whether it intercepts keystrokes typed into your forms.

Is this tracker on your site? Find out free in 30 seconds.

Real browser scan with evidence capture. No signup required to see results.

← See all tracker compliance guides