Last September, Australian developer Nic Cubrilovic reported on his blog that Facebook was able to identify users when they visited sites with the "like" button or other social widgets -- even when
those users were logged out of the social networking service.
The news proved embarrassing for the social networking site, which quickly rolled out a fix while downplaying Cubrilovic's
findings as a coding bug. But that didn't stop consumers from suing. Within days, the company was hit with five separate potential
class-action lawsuits alleging that it violated various laws by receiving information about users as they surfed the Web. Other lawsuits soon followed; the cases ultimately were consolidated in U.S.
District Court for the Northern District of California, where they are pending before Judge Edward Davila. Yesterday, on the eve of Facebook's initial public offering, users filed an amended complaint
in the matter.
The new papers allege that Facebook violated federal privacy laws and federal computer fraud laws as well as California state laws. "Even though Facebook assures its users that
it does not track their internet browsing post log out, Facebook has been doing exactly that," the lawsuit says.
For Facebook, these types of lawsuits are nothing new. On the contrary, the
company has been hit with dozens of potential class-actions in the last four years. So far, none of the cases have gone to trial.
The first major privacy lawsuit against Facebook came in 2008,
when users sued the company for its now-infamous Beacon program. With Beacon, Facebook told users about their friends' purchases at retail sites like Blockbuster.com and Overstock.
Facebook agreed to a $9 million settlement, two-thirds of which was supposed to go toward the launch of a new privacy foundation. A trial judge approved the deal, but a legal challenge by Ginger
McCall -- a Facebook user and a privacy advocate -- is still pending in the 9th Circuit Court of Appeals. McCall argues that the settlement gives Facebook too much control over the new foundation.
That's not the only privacy lawsuit still dogging Facebook. The company also is embroiled in litigation with users who say that the "sponsored stories" program violates a California law that gives
people the right to control how their names and images are used in endorsements. Last December, U.S. District Court Judge Lucy Koh in the Northern District of California rejected Facebook's arguments
that the case should be dismissed because the users weren't harmed economically. Koh ruled that users could proceed because
California's misappropriation statute provides for at least $750 in damages per violation.
But in other cases, Facebook also succeeded in convincing judges to throw out the lawsuits at an
early stage. Last October, U.S. District Court Judge Richard Seeborg in the Northern District of California came to the opposite conclusion as Koh in a case alleging violations of California's
misappropriation law. Seeborg threw out a lawsuit against Facebook by users who said their identities were misappropriated in Friend Finder ads. Those ads displayed users' names and photos in ads to
their friends; Seeborg decided the users couldn't proceed because they lacked
proof of economic injury.
In yet another pro-Facebook ruling, U.S. District Court Judge James Ware in the Northern District of California dismissed a potential class-action lawsuit accusing
Facebook of "leaking” users' personal information to advertisers via referrer headers. Ware ruled that the consumers couldn't proceed with their claims because they couldn't show that they had
been harmed by any disclosures. "Nominal damages and speculative harm do not suffice to show legally cognizable damage," Ware wrote in that matter.
Consumers in both of those cases filed
appeals to the 9th Circuit Court of Appeals.