Facebook has been hit with two separate potential class-action lawsuits alleging that it unlawfully tracked users after they had logged out of the service.
Both cases were filed on Friday by
users who allege that the social networking company violates various laws, including the federal wiretap one. One lawsuit was brought by Web user Chandra Thompson in federal district court in
Missouri. The other case, filed in federal court in San Jose, Calif., was brought by a coalition of seven users -- Perrin Aikens Davis, Petersen Gross, Tommasina Iannuzzi, Brian K Lentz, Lisa
Sabato, Jennifer Sauro and Tracy Sauro.
The lawsuits were filed the same week that Australian developer Nic Cubrilovic publicized research showing that Facebook received information about
users -- including their IDs -- whenever they visited sites with a Like button or other social widget, even when the users had logged out.
After he blogged about his findings, Facebook
quickly said it would fix the "bug" that allowed it to receive data about logged-out users. The company also denied "tracking" users, saying that it immediately destroyed any information it received
about people who were logged out.
Nonetheless, the fact remains: Facebook received data about sites visited by logged-out users. What's more, even though Cubrilovic says he reported the
matter to Facebook on at least two occasions in the last year, the company didn't take action until he posted about his findings.
The revelations didn't just spur class-action lawyers to
action. Last week Reps. Ed Markey (D-Mass.) and Joe Barton (R-Texas) called for the Federal Trade Commission to probe the company for allegedly tracking users who had logged out. A coalition of
privacy groups additionally called for an investigation.
Now that the matter is in court, Facebook could be forced to rethink its approach to privacy even if the FTC doesn't investigate. In
the last few years, class-action lawyers have successfully challenged other questionable privacy practices. Consider the history of Flash cookies. In 2009 researchers detailed how some Web companies
were able to use hard-to-delete Flash cookies to circumvent users' privacy settings. FTC officials criticized that practice, but haven't yet publicly brought an enforcement action.
Class-action lawyers, however, filed four lawsuits. All of them resulted in settlements and promises to
avoid using Flash cookies to track people who don't wish to be tracked.