You probably didn’t think twice about that "green box" on the self-checkout screen. Most people don't. You're just trying to scan your mulch or a new drill bit and get home before the rain starts. But for thousands of shoppers, that little digital square became the center of a massive legal headache.
Home Depot privacy lawsuit isn't just one single case; it’s a tangled web of data breaches, biometric tracking, and "secret" wiretapping allegations that have been quietly moving through courts for years.
Honestly, the sheer scale of it is kind of wild. We’re talking about everything from 56 million stolen credit card numbers to claims that an AI was "listening" to your customer service calls without telling you.
The Face-Scanning Controversy in Illinois
One of the most recent and talked-about legal battles involves the Illinois Biometric Information Privacy Act, or BIPA. If you live in Illinois, you know BIPA is basically the "final boss" of privacy laws.
In August 2025, a shopper named Benjamin Jankowski filed a proposed class action (Jankowski v. The Home Depot Inc.) after he noticed a camera at a Chicago self-checkout kiosk. He saw a green box track his face on the screen. He argued that Home Depot was using "computer vision" to collect facial geometry without getting written consent first.
Under BIPA, companies have to:
- Get written permission before grabbing your biometric data.
- Publish a clear schedule for when that data will be destroyed.
- Tell you exactly why they're collecting it.
Home Depot’s defense? They’ve suggested this tech is used to protect associates and stop theft. It makes sense from a business standpoint, sure. But the law doesn't really care about your motives if you skip the "asking permission" part. Interestingly, Jankowski suddenly dropped the suit in late October 2025. Nobody is quite sure why yet, but legal experts like Kathryn Rattigan suggest it could have been a private settlement or a strategic move to refile later.
Did Google "Wiretap" Your Customer Service Call?
This is where things get really weird. Most of us expect that "this call may be recorded for quality assurance" means a manager might listen to it later. But a 2024 lawsuit in California (Barulich v. The Home Depot, Inc.) alleged something much more technical.
The claim? Home Depot used Google’s Cloud Contact Center AI to "eavesdrop" on calls. Basically, an AI was transcribing and analyzing the conversation in real-time to help human agents. The lawsuit argued that since Google (a third party) was essentially "listening in" to provide that AI service, it violated the California Invasion of Privacy Act (CIPA).
💡 You might also like: US Savings Bond Lookup: How to Track Down Your Forgotten Money
It’s a big deal because CIPA allows for $5,000 per violation. Think about how many people call Home Depot every day. That math gets scary fast for a corporate legal team.
The Meta Pixel and Your "Secret" Receipts
If you've ever opted for an e-receipt at the checkout counter, you might have shared more than you realized. In early 2025, a Canadian court certified a class action involving over six million customers. The allegation was that Home Depot shared those email addresses and purchase details with Meta (Facebook) via something called a "Meta Pixel."
Meta used this data to help Home Depot see if their Facebook ads were actually driving people to buy stuff in-store. Home Depot argued that the info wasn't "sensitive." The judge didn't totally buy that. Even if it's just a receipt for a hammer, it’s still your data tied to your identity.
Tracking Emails and the "Spyware" Claims
There's also a smaller, but still annoying, case from April 2024. A class action claimed Home Depot embedded tracking technology inside marketing emails. Not just the "did they open it" kind of tracking, but the kind that collects private data about what you’re doing on your device. It’s a common tactic in digital marketing, but as privacy laws get tighter, "common" doesn't mean "legal" anymore.
Looking Back: The 2014 Mega-Breach
We can’t talk about Home Depot’s legal history without mentioning the 2014 data breach. This was the big one. Hackers got into the system through a vendor's credentials and installed malware on self-checkout registers.
The damage was staggering:
- 56 million payment cards compromised.
- 53 million email addresses stolen.
- A $17.5 million settlement with 46 states in 2020.
- Another $19.5 million to compensate consumers directly.
- Over $25 million paid out to banks and credit unions.
That breach changed how Home Depot handles security, but as the newer lawsuits show, the "privacy" side of the house is now the bigger target than the "security" side.
What You Should Actually Do Now
If you shop at Home Depot, you don't need to panic, but you should probably be more proactive.
- Watch the Kiosks: If you’re in a state like Illinois, California, or Washington, look for those "green boxes" on the screens. If you don't want your face scanned, use a staffed checkout lane instead of the self-service ones.
- Check Your Email Settings: If you get those "Pro" marketing emails, your activity is likely being tracked. You can turn off "load remote images" in your email app to block most tracking pixels.
- Audit Your E-Receipts: Think twice before giving your email at the register. It’s convenient for returns, but it’s also the primary way your physical shopping habits get linked to your online profile.
- Monitor Class Action Sites: Sites like TopClassActions often have portals where you can see if you're eligible for a slice of a settlement. For the Meta Pixel or the Biometric cases, you usually don't need to do anything until a settlement is officially approved.
Privacy isn't just about hackers anymore. It’s about how much info big companies share with each other behind the scenes. Home Depot is just the latest example of what happens when that sharing hits a legal wall.