Facebook Prevails In Privacy Suit Over Tracking On Health Sites

Facebook has defeated a lawsuit accusing it of violating users' privacy by gleaning data from health sites in order to send people targeted ads.

The complaint, brought in 2016 by a Missouri resident proceeding under the pseudonym "Winston Smith," alleged that Facebook gathered data about users' visits to a host of sites, including ones operated by the American Cancer Society, Melanoma Research Foundation and University of Texas MD Anderson Cancer Center. Facebook gathers this data via the "Like" button, according to the court papers.

Smith and the other users claimed that Facebook violated several privacy laws, including the federal wiretap act, which prohibits companies from intercepting transmissions without at least one party's consent.

Smith and the others also sued the Web site operators for allegedly violating the wiretap act, and their own privacy policies, which promised to refrain from sharing users' personally identifiable information.

Last week, U.S. District Court Judge Edward Davila in the Northern District of California quietly dismissed all claims against Facebook and the health sites.

He ruled that the users consented to Facebook's data-gathering efforts, which the company discloses online. Facebook's "Data Policy" provides that the site collects information from third-party sites that use Facebook services, including the "Like" button and Facebook log-in button. "This includes information about the websites and apps you visit, your use of our Services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us," Facebook says in its policy.

Davila also ruled that he lacked jurisdiction over the American Cancer Society and other health site operators because they aren't based in California.

Internet law expert Eric Goldman, a professor at Santa Clara University, notes that some of the issues presented by this lawsuit were first litigated more than 14 years ago in a lawsuit against marketing company Pharmatrack. In that matter, Pharmatrack allegedly used cookies to track people at pharmaceutical companies' Web sites.

That matter, like the allegations against Facebook, hinged on whether the users' consented to online tracking.

A federal appellate court ruled in 2003 that Web users could proceed with claims that Pharmatrack violated the wiretap law, ruling that the users didn't consent to have their communications accessed by Pharmatrak.

"The efforts to grab data aren't a new thing," Goldman says. "The demand has been there for decades."

Next story loading loading..