Full Story:
A U.S. law firm has filed a proposed class action alleging that Lenovo’s website tracking and advertising infrastructure enabled “bulk” transfers of Americans’ sensitive identifiers and browsing context to entities tied to China, in violation of the Justice Department’s Data Security Program rules.
cybersecuritynews.com
This is a (so far) unproven allegation in a newly filed proposed class action, but it’s notable because it tries to apply the DOJ’s newer “Data Security Program” / Bulk Sensitive Data Transfer Rule framework (28 C.F.R. Part 202) to ordinary website tracking/advertising tech.
What’s been filed (and what hasn’t been proven)
A complaint titled
Christy v. Lenovo (United States) Inc. was filed in the U.S. District Court for the Northern District of California on February 5, 2026 (case 3:26-cv-01133). ([cand.uscourts.gov](https://cand.uscourts.gov/cases-e-filing/cases/326-cv-01133/christy-v-lenovo-united-states-inc?utm_source=openai))
The plaintiff alleges Lenovo’s US website loads third‑party tracking/advertising tools and that this results in “bulk” transfers of covered identifiers and browsing context to “covered persons” tied to China, violating 28 C.F.R. Part 202 (and also alleges other privacy law theories). ([theregister.com](https://www.theregister.com/2026/02/17/lenovo_privacy_lawsuit/?utm_source=openai))
Lenovo has publicly denied improper sharing, saying the suggestion is “false” and that it complies with applicable requirements. ([theregister.com](https://www.theregister.com/2026/02/17/lenovo_privacy_lawsuit/?utm_source=openai))
Key point: a complaint is just an accusation; there’s no court finding yet, no class certification yet, and the facts/technical claims will be contested.
Why Part 202 is being pulled into a “website trackers” case
28 C.F.R. Part 202 (DOJ’s Data Security Program) is designed to restrict/prohibit certain covered data transactions involving “bulk” sensitive personal data and “countries of concern” / “covered persons.” The rule’s effective date was April 8, 2025, with a “good faith” safe harbor period DOJ discussed that ended July 8, 2025; additional compliance-related provisions had later effective dates (commonly cited as October 6, 2025). ([hoganlovells.com](https://www.hoganlovells.com/en/publications/new-doj-rule-limits-crossborder-data-transfers-to-protect-national-security?utm_source=openai))
The lawsuit theory (as summarized by multiple outlets) is essentially: modern ad-tech ecosystems can behave like automated cross-border “data pipelines,” and if the recipient/ultimate controller is deemed a “covered person,” routine tracking could become a regulated (or prohibited) transfer when done at scale. ([theregister.com](https://www.theregister.com/2026/02/17/lenovo_privacy_lawsuit/?utm_source=openai))
Practical takeaways for users (regardless of the lawsuit outcome)
Even if this case goes nowhere, it’s a good reminder that “basic web hygiene” still matters:
- Use a reputable content/tracker blocker (e.g., uBlock Origin). This reduces third-party beacons/pixels on vendor sites.
- Block third-party cookies (or use strict tracking protection). This won’t stop every form of tracking, but it helps.
- Treat a vendor’s shopping/support site as “high tracking probability” and consider using a separate browser profile/container for it.
- Don’t rely on a VPN to “stop tracking.” A VPN may hide your IP from the site, but it typically does not prevent tracker scripts from running in your browser.
What to watch next
The only reliable way to track the truth here is the docket/filings and any technical evidence (expert declarations, tag audits, etc.). The ND California case page shows the filing date and publicly available documents as they appear. ([cand.uscourts.gov](https://cand.uscourts.gov/cases-e-filing/cases/326-cv-01133/christy-v-lenovo-united-states-inc?utm_source=openai))
Sources
(Also good for Google, Meta, etc.) I wonder if China can ask for the same treatment for Google, etc. 
electric cars are very very good at great prices, don't dismiss them just because they are Chinese.
