Lenovo Class Action, Consumers Allege Website Trackers Funneled Their Data to China

A consumer filed a proposed federal class action lawsuit against Lenovo (United States) Inc. on February 5, 2026, in the Northern District of California. The suit alleges Lenovo embedded tracking tools on its website that automatically transferred the personal data of potentially millions of U.S. consumers to its Chinese parent company in violation of a U.S. Department of Justice national security rule. No settlement has been reached.

Quick Facts

What Actually Happened?

Lenovo (United States) Inc. is the American arm of Lenovo Group Ltd., one of the world’s largest computer manufacturers, headquartered in Beijing, China. Millions of U.S. consumers visit Lenovo.com each month to browse laptops, gaming computers, tablets, and accessories. According to the complaint, when those consumers browse the site, Lenovo’s embedded third-party tracking technologies intercept detailed information about each visit — including full-string URLs, specific pages viewed, product pages clicked, and behavioral patterns — and transmit that data to Lenovo’s Chinese parent company.

On April 8, 2025, the U.S. Department of Justice implemented its Data Security Program, codified at 28 C.F.R. Part 202, under Executive Order 14117. The rule restricts and prohibits the transfer of Americans’ bulk sensitive personal data to entities linked to “countries of concern,” which the rule defines as China, Cuba, Iran, North Korea, Russia, and Venezuela. The DOJ created the rule specifically to prevent foreign adversaries from acquiring large quantities of U.S. behavioral data that could be used to surveil, analyze, or exploit American citizens.

Spencer Christy, the named plaintiff, alleges he visited Lenovo’s website multiple times in November and December 2025 to browse for products and ultimately purchase a gaming computer. According to the complaint, his visits triggered automated data-sharing systems that transferred his personal information to entities linked to China without his knowledge or consent. Almeida Law Group filed the 38-page complaint on February 5, 2026, in California federal court on behalf of Christy and all similarly situated U.S. consumers.

What Does the Lawsuit Allege?

According to the complaint, Lenovo “knowingly and systematically” embedded tracking technologies on its website that intercepted the electronic communications of potentially millions of American consumers and transmitted them to entities connected to Lenovo’s Chinese parent company. The complaint alleges these trackers captured full-page content, complete URLs showing every product viewed, and behavioral data that allowed Lenovo and its foreign parent to link each user’s browsing activity to their identity. The complaint claims this enabled the construction of detailed profiles reflecting users’ interests, location, habits, and other private attributes.

The complaint alleges Lenovo’s practices directly violated the DOJ’s Data Security Program rule, which sets a threshold of 100,000 or more U.S. persons for what constitutes a prohibited bulk transfer. According to the filing, Lenovo.com draws millions of monthly U.S. visitors — far exceeding that threshold. The complaint further alleges that placing this behavioral data in the hands of a Chinese-linked entity creates a direct threat to national security, because it could be used to assemble detailed behavioral profiles, identify financial or psychological vulnerabilities, and potentially target individuals in sensitive roles including military personnel, journalists, and government officials.

Christy alleges the conduct gives rise to individual and class claims under federal and state law because Lenovo allegedly intercepted consumers’ electronic communications with the specific intent to disclose that data in furtherance of a criminal or tortious act — stripping away the standard legal defense tracking companies typically rely upon.

Related article: Figure Lending Class Action, Nearly 1 Million Customers Sue Over February 2026 Data Breach

What Laws Were Allegedly Violated?

• DOJ Data Security Program (28 C.F.R. Part 202, implementing Executive Order 14117) — Federal rule effective April 8, 2025, that prohibits the bulk transfer of Americans’ sensitive personal data to entities linked to designated countries of concern, including China; the complaint alleges Lenovo violated this rule through its website tracking systems.
  
• Electronic Communications Privacy Act (ECPA, 18 U.S.C. § 2510 et seq.) — Federal law prohibiting the unauthorized interception and disclosure of electronic communications; the complaint alleges Lenovo intercepted consumers’ website interactions with the intent to transmit them to a foreign adversary, which voids the “party exception” defense.
  
• California Invasion of Privacy Act (CIPA, Cal. Penal Code § 630 et seq.) — California state law barring the recording or interception of private communications without all parties’ consent; the complaint alleges Lenovo captured California residents’ browsing communications without disclosure or consent.
  
• California Unfair Competition Law (UCL, Cal. Bus. & Prof. Code § 17200 et seq.) — State law prohibiting unlawful, unfair, or fraudulent business practices; the complaint alleges Lenovo’s data-sharing practices constitute unlawful and unfair conduct harming consumers.
  
• California Comprehensive Computer Data Access and Fraud Act (Cal. Penal Code § 502) — State law prohibiting unauthorized access to computers and the misuse of data obtained from them; the complaint alleges Lenovo’s trackers accessed consumers’ device and browsing data without authorization.
  
• Unjust enrichment (common law) — A legal claim alleging Lenovo profited from collecting and transferring consumers’ personal data without providing compensation or obtaining proper consent.

Who Does This Lawsuit Affect?

• You may be affected if you visited Lenovo.com on or after April 8, 2025.
• You may be affected if you browsed Lenovo products online — including laptops, gaming computers, tablets, or accessories — on the Lenovo website.
• You may be affected if you made a purchase on Lenovo.com on or after April 8, 2025.
• You may be affected if you are a U.S. resident whose electronic communications with Lenovo’s website were intercepted and transmitted to a third party linked to China.
• You may be affected even if you did not complete a purchase — the complaint covers all website visitors whose browsing data was allegedly captured.

No action is required right now. Save any purchase records, receipts, or confirmation emails — these may matter if a settlement is reached.

What Is the Company Saying?

Lenovo has publicly denied the core allegations. In a statement provided to The Register and reported on February 17, 2026, Lenovo stated: “Any suggestion that Lenovo improperly shares customer data is false.” The company added that it takes data privacy and security seriously, complies with all applicable data protection laws globally including U.S. requirements, and that its data practices are transparent and lawful.

Lenovo’s position is that its data practices fully comply with every applicable legal framework. That defense will likely center on its argument that any data sharing through third-party advertising and analytics systems is standard industry practice conducted within the bounds of disclosed privacy policies. The company has not filed a formal answer to the complaint as of the date of this article. AllAboutLawyer.com will update this article when Lenovo responds in court.

What Happens Next?

• Lenovo files its answer or a motion to dismiss — Lenovo will formally respond to the complaint, either challenging the legal sufficiency of the claims or answering each allegation directly. A motion to dismiss is common in privacy class actions of this type.
• Discovery begins — Both sides will exchange evidence, including Lenovo’s internal data-sharing agreements, technical documentation of its tracking systems, and records of what data was transferred and to whom. This phase typically runs 12 to 24 months.
• Class certification hearing — Christy must ask the court to certify the case as a class action representing all similarly situated U.S. consumers. This is a critical threshold — if denied, the case proceeds only on Christy’s individual claims.
• Potential settlement negotiations — Data privacy class actions against major technology companies frequently settle before trial. No settlement discussions have been publicly reported in this case.
• Trial — If no settlement is reached and the class is certified, the case proceeds to trial. A trial date, if set, is likely several years away.

This page will be updated as the case develops.

Important Case Dates

Frequently Asked Questions

Is the Lenovo lawsuit real? 

Yes. Christy v. Lenovo (United States) Inc., Case No. 3:26-cv-01133, is a real proposed class action filed February 5, 2026, in the U.S. District Court for the Northern District of California. The case is confirmed on the court’s official docket. Almeida Law Group filed the suit on behalf of named plaintiff Spencer Christy.

Can I file a claim against Lenovo right now? 

No. No claim form exists and no settlement has been reached. The case is in its earliest stage. If a class settlement is approved in the future, eligible consumers will receive official notice with instructions for submitting a claim.

Do I need a lawyer to join this lawsuit? 

No. If the court certifies this as a class action, eligible U.S. consumers are typically included automatically without hiring their own attorney. The class attorneys represent the group. If you believe you suffered specific, documented harm as a result of Lenovo’s data practices, consulting a privacy attorney about your individual options may be worthwhile.

What happens if the case settles?

 If a settlement is approved, a court-supervised claims process opens and eligible class members receive notice — typically by email or mail — with instructions for submitting a claim. No settlement has been reached in this case as of March 2026.

Will I get notified if there is a settlement?

 Yes, typically. Settlement administrators send notice to identified class members once a settlement receives court approval. Consumers who purchased from Lenovo.com are more likely to receive direct notice because Lenovo holds their email and purchase records. Saving confirmation emails now strengthens your ability to verify eligibility later.

What data does the lawsuit claim Lenovo shared with China? 

According to the complaint, the transferred data includes full-string URLs showing every page visited, specific products viewed, persistent identifiers such as device IDs, advertising IDs, IP addresses, and cookie data. The complaint alleges this information is sufficient to link a user’s browsing activity to their real identity and build detailed behavioral profiles.

Is it safe to continue using Lenovo products? 

The lawsuit addresses data collected through Lenovo’s website — not data collected by Lenovo hardware or operating system software. The complaint does not allege that Lenovo laptops or devices themselves transmit data to China. Consumers concerned about the hardware should consult Lenovo’s published privacy policy or contact Lenovo directly for clarification.

Is this the first time Lenovo has faced national security concerns? 

The complaint itself notes that in 2016, the U.S. Department of Defense’s Joint Staff issued a warning that Lenovo computers could introduce compromised hardware into defense supply chains. That was a separate concern involving hardware security, not this lawsuit’s allegations about website-based data tracking. Courts will evaluate the current claims on their own facts and evidence.

This is also not the first time a major technology company’s data-sharing practices have triggered federal class action litigation. The Gmail class action lawsuit — Rodriguez v. Google LLC — resulted in a $425 million jury verdict after similar allegations that Google tracked consumer behavior without proper consent. Consumers interested in how courts evaluate corporate data privacy obligations can also review coverage of the 23andMe data breach class action, which produced a $30 million approved settlement.

Sources & References

• Christy v. Lenovo (United States) Inc., Case No. 3:26-cv-01133 — U.S. District Court, Northern District of California — Official Court Docket: cand.uscourts.gov/cases-e-filing/cases/326-cv-01133
• Justia Docket — Christy v. Lenovo (United States) Inc.: dockets.justia.com/docket/california/candce/3:2026cv01133/463816
• Bloomberg Law — “Lenovo Hit With Suit for Breaking US Bulk Data Transfer Rule,” February 6, 2026 (credible news source)
• Law360 — “Lenovo Accused Of Illegally Sharing Data With Chinese Parent,” Bonnie Eslinger, February 6, 2026 (credible news source — subscription required)
• The Register — “US lawyers file privacy class action against Lenovo,” February 17, 2026 (credible news source)
• U.S. Department of Justice — Data Security Program, 28 C.F.R. Part 202 (official government source): justice.gov/opa/pr/justice-department-implements-critical-national-security-program
• Almeida Law Group — Plaintiff’s law firm press release and complaint (treat as one-sided, plaintiffs’ counsel source)

Last Updated: March 12, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.

About the Author

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah