• by Wendy Davis  @wendyndavis, May 9, 2014

In a partial victory for Facebook, a federal appellate panel said this week that the social networking service didn't violate the federal wiretap law by allegedly leaking users' personal information to advertisers. But the judges also said in a separate ruling that the consumers can proceed with claims that Facebook violated its privacy policy by allegedly transmitting their data to outside companies.

The decisions, issued on Thursday by a three-judge panel of the 9th Circuit Court of Appeals, partially reversed a 2011 ruling by U.S. District Court Judge James Ware. He dismissed all claims at a preliminary stage, ruling that the consumers lacked “standing” to proceed in federal court because they didn't allege they were hurt by the leaks.

Thursday's decisions revive the consumers' claims for breach of contract and fraud -- both of which relate to Facebook's alleged violations of its privacy policy. The panel ruled that the consumers were entitled to proceed based on allegations that they were harmed by both “the dissemination of their personal information,” and “losing the sales value of that information.”

The appellate rulings stem from allegations that Facebook leaked users' personal information in the referrer headers -- the URLs transmitted by publishers when users click on ads. Those headers allegedly included people's Facebook IDs, as well as the URLs of the pages users were visiting when they encountered the advertiser.

The consumers argued that transmitting that data violated a host of laws, including the federal wiretap law, which prohibits companies from sending the “contents” of communications without users' consent. But the three-judge appellate panel rejected the consumers' argument, ruling information in referrer headers are metadata, not content.

The plaintiffs argue that the referrer header discloses content information, because when the referrer header provides the advertiser with a Facebook ID ... along with the address of the Facebook page the user was previously viewing, an enterprising advertiser could uncover the user's profile page,” Circuit Court Judge Susan Ikuta wrote. “The statutes at issue in these cases do not preclude the disclosure of personally identifiable information; indeed, they expressly allow it.”

Ikuta indicated at a hearing last year that she believed the wiretap statute didn't prevent companies from transmitting metadata -- even if doing so could divulge information about consumers. She suggested at the hearing that referrer headers are similar to telephone numbers, which aren't considered content -- even when they are revealing. For instance, Ikuta said, a phone call to 1-800-Mattress could indicate that the caller was shopping for a new bed, but the number itself still wouldn't be considered content.

The 9th Circuit also ruled on Thursday that gaming company Zynga didn't violate the federal wiretap law by allegedly transmitting users' information to advertisers via referrer headers.