Court Revives Claims Privacy Claims Over Facebook's 'Like' Button

Siding against Facebook, a federal appellate panel has revived a lawsuit claiming that the company violated users' privacy by tracking them via the “Like” button.

“As alleged, Facebook’s tracking practices allow it to amass a great degree of personalized information,” the 9th Circuit Court of Appeals wrote in a ruling issued Thursday. “Facebook’s user profiles would allegedly reveal an individual’s likes, dislikes, interests, and habits over a significant amount of time, without affording users a meaningful opportunity to control or prevent the unauthorized exploration of their private lives.”

The legal battle dates to 2011, when several users alleged in a class-action complaint that Facebook violated federal and state privacy laws, as well as its own privacy policy, by collecting data about people through its social widget. The consumers said Facebook gathered data about its users whenever they visited sites with a "Like" button, even if the users were logged out of the service.

The lawsuit came after Australian developer Nic Cubrilovic reported that Facebook was able to identify users whenever they visited sites with the "Like" button.

At the time, Facebook said that a "bug" allowed the company to receive data about logged-out users. The company also promised to fix the bug, and said it never retained data that tied users' IDs to the sites they visited. (Facebook's practices subsequently changed; it currently collects some information from logged-out users.)

Among other claims, the users said Facebook violated the federal wiretap law by intercepting communications. That law prohibits companies from intercepting electronic transmissions without the consent of at least one party.

The users also claimed that Facebook violated its own policies, and that it violated various California privacy laws.

U.S. District Court Judge Edward Davila in San Jose, California dismissed the lawsuit in 2017. He ruled at the time that Facebook didn't “intercept” any communications, and that the users themselves could have taken steps to prevent data transmissions -- such as by blocking cookies, using “incognito mode” browser settings, or installing privacy plug-ins.

Davila also said the users hadn't shown that they suffered an economic injury as a result of the alleged privacy violations.

The users then appealed to the 9th Circuit, which revived the bulk of the claims.

In particular, the 9th Circuit ruled that the allegations, if true, could show that Facebook the federal wiretap law by intercepting communications. The judges specifically rejected the idea that the presence of a “Like” button on a publishers' site meant that Facebook was a party to the communications between the publishers and users.

The appellate panel also said the users could proceed with allegations that Facebook violated California privacy laws, including one that prohibits companies from engaging in “intrusion upon seclusion” -- which occurs when companies intentionally make a “highly offensive” intrusion into a private matter.

But the judges noted that the “ultimate question” of Facebook's liability cannot be decided without more facts.

“The ultimate question of whether Facebook’s tracking and collection practices could highly offend a reasonable individual is an issue that cannot be resolved at the pleading stage,” the judges wrote.

A Facebook spokesperson says the company believes the case is “without merit” and will defend itself “vigorously.”

Next story loading loading..