• by Wendy Davis  @wendyndavis, October 18, 2010

A Minnesota resident is suing game developer Zynga for allegedly selling personal information about Facebook users to advertisers. "Unbeknownst to Zynga users, and in violation of Zynga's agreement with Facebook, Inc. and privacy laws, Zynga intentionally and knowingly transmitted [personally identifiable information], including users' real names, to third party advertisers and Internet marketing companies without user consent and for a substantial profit," Nancy Walther Graf alleges in a new complaint filed Monday in U.S. District Court in the Northern District of California. Graf, who uses Zynga's Farmville app on Facebook, is seeking class-action status.

Her complaint specifically alleges that Zynga violated federal wiretap laws, California state laws and also broke its contract with Facebook. The social networking service's statement of rights and responsibilities for developers prohibits them from transferring any data received from Facebook to ad networks, ad exchanges or data brokers.

Graf's lawyer, Michael Aschenbrener of Edelson McGuire, says that even though the contract Zynga allegedly broke was between itself and Facebook, Graf is entitled to sue for its breach because as a Facebook user, the agreement was for her benefit.

Aschenbrener also represents Facebook users in a separate potential class-action lawsuit against the social networking service for allegedly disclosing their names and sensitive information to users. He adds that he intends to soon bring actions against other Facebook developers. "We have more suits planned," he says.

"We believe that the complaint is without merit and we intend to defend against it vigorously," a rep from Zynga said.

Graf's lawsuit comes the same day that The Wall Street Journal reported that Facebook transmits users' names to app developers like Zynga, who in turn sell that data to third party ad companies. The data is sent to developers through referring URLs, which contain users' Facebook IDs.

The Journal article, though attention-grabbing, draws on much of the same material that researchers Craig Wills and Balachander Krishnamurthy brought to light last year in their paper, "On the Leakage of Personally Identifiable Information Via Online Social Networks."

Wills and Krishnamurthy also reported last year that Facebook isn't the only company to transmit information about users to app developers through referrers. MySpace also allegedly sent data about members to app developers through referrers, according to the researchers' paper.

For its part, Facebook on Sunday reportedly disabled several apps that allegedly divulged information about users to ad networks and other third parties. The company also said in a blog post that developers aren't allowed to "disclose user information to ad networks and data brokers."

"We take strong measures to enforce this policy, including suspending and disabling applications that violate it," the company said.

It's not only social networking services that allegedly leak information about users. Google also is under fire for allegedly transmitting information through referrer headers. Privacy expert and former Federal Trade Commission staffer Chris Soghoian recently filed a complaint with the FTC alleging that Google was violating its privacy policy by sharing users' search queries with third parties via referring headers. "Most consumers have no idea that this exists and no idea how to stop it" Soghoian tells Online Media Daily.