A Minnesota resident is suing game developer Zynga for allegedly selling personal information about Facebook users to advertisers. "Unbeknownst to Zynga users, and in violation of Zynga's
agreement with Facebook, Inc. and privacy laws, Zynga intentionally and knowingly transmitted [personally identifiable information], including users' real names, to third party advertisers and
Internet marketing companies without user consent and for a substantial profit," Nancy Walther Graf alleges in a new complaint filed Monday in U.S. District Court in the Northern District of
California. Graf, who uses Zynga's Farmville app on Facebook, is seeking class-action status.
Her complaint specifically alleges that Zynga violated federal wiretap laws, California state
laws and also broke its contract with Facebook. The social networking service's statement of rights and responsibilities for developers prohibits them
from transferring any data received from Facebook to ad networks, ad exchanges or data brokers.
Graf's lawyer, Michael Aschenbrener of Edelson McGuire, says that even though the contract Zynga
allegedly broke was between itself and Facebook, Graf is entitled to sue for its breach because as a Facebook user, the agreement was for her benefit.
Aschenbrener also represents Facebook users
in a separate potential class-action lawsuit against the social networking service for allegedly disclosing their names and sensitive information to users. He adds that he intends to soon bring
actions against other Facebook developers. "We have more suits planned," he says.
"We believe that the complaint is without merit and we intend to defend against it vigorously," a rep from Zynga
said.
Graf's lawsuit comes the same day that The Wall Street Journal reported that Facebook transmits users' names to app developers like Zynga, who in turn sell that data to third party ad
companies. The data is sent to developers through referring URLs, which contain users' Facebook IDs.
The Journal article, though attention-grabbing, draws on much of the same material that
researchers Craig Wills and Balachander Krishnamurthy brought to light last year in their paper, "On the Leakage of Personally Identifiable Information Via Online Social Networks."
Wills and
Krishnamurthy also reported last year that Facebook isn't the only company to transmit information about users to app developers through referrers. MySpace also allegedly sent data about members to
app developers through referrers, according to the researchers' paper.
For its part, Facebook on Sunday reportedly disabled several apps that allegedly divulged information about users to ad
networks and other third parties. The company also said in a blog post that developers aren't allowed to "disclose user information to ad
networks and data brokers."
"We take strong measures to enforce this policy, including suspending and disabling applications that violate it," the company said.
It's not only social
networking services that allegedly leak information about users. Google also is under fire for allegedly transmitting information through referrer headers. Privacy expert and former Federal Trade
Commission staffer Chris Soghoian recently filed a complaint with the FTC alleging that Google was
violating its privacy policy by sharing users' search queries with third parties via referring headers. "Most consumers have no idea that this exists and no idea how to stop it" Soghoian tells Online
Media Daily.