In 2009, a report came out showing how social networks sometimes "leak" users' names to advertisers via referrer headers -- the URLs transmitted by publishers when users click on ads. While the report got a lot of attention, the issue itself wasn't new. Internet pioneer Tim Berners-Lee warned back in 1999 that referrer headers could leak information about Web users. But many users visited sites without creating profiles back then, which limits the risk that personal data will be leaked.
Shortly after the report came out, a host of companies -- including Facebook -- were hit with class-action lawsuits for allegedly violating users' privacy. Among other arguments, the Facebook user who sued, Mike Robertson, contended that the social networks broke promises spelled out in their privacy policies, which said that users' personally identifiable information wouldn't be shared with advertisers.
Last November, U.S. District Court Judge James Ware dismissed Robertson's case against Facebook before trial. Ware ruled that Robertson couldn't proceed because he hadn't been injured by the alleged disclosures. "Nominal damages and speculative harm do not suffice to show legally cognizable damage," Ware wrote at the time.
Now, Robertson is asking the 9th Circuit Court of Appeals to reinstate his lawsuit. "The personally-identifiable information at issue here is valuable not only to Facebook and its advertisers, but also to Facebook users," he argues in papers filed earlier this week.
That case largely stemmed from Facebook's December 2009 decision to reclassify a host of data as “public” -- including people's names, photos and friend lists. But the FTC charges also included an allegation that Facebook leaked users' names to advertisers via referrer headers.