Facebook has agreed to pay $90 million to settle a lengthy battle over claims that it violated users' privacy by tracking them via the “Like” button in 2010 and 2011.
If granted approval by U.S. District Court Judge Edward Davila in San Jose, California, the settlement will resolve a legal battle dating to 2011, when Facebook users alleged in a class-action complaint that the company ran afoul of federal and state privacy laws, as well as its own privacy policy, by collecting data about users through its social widget.
The settlement agreement allows Facebook users in the United States who visited a site with a “Like” button between April 22, 2010 and September 26, 2011 to file a claim for a portion of the $90 million fund. The deal also calls for Facebook to delete some data about those users.
It's not yet clear how much money individuals who submit claims can expect to receive, according to a representative of the law firm DiCello Levitt Gutzler, which represented the Facebook users.
A spokesperson for Facebook parent Meta said settling the dispute “is in the best interest of our community and our shareholders,” adding that the company is “glad to move past this issue.”
The lawsuit stemmed from a 2011 report by Australian developer Nic Cubrilovic, who said he discovered that Facebook was able to identify logged-out users when they navigated to sites with the "Like" button.
Facebook responded by saying a "bug" allowed the company to receive data about logged-out users. The company also promised to fix the bug, and said it never retained data that tied users' IDs to the sites they visited. (Facebook subsequently changed its policies, which now allow for some data collection from logged-out users.)
A group of Facebook users led by Perrin Aikens Davis subsequently brought a class-action complaint against the company. Among other claims, the complaint alleged that Facebook violated the federal wiretap law. That law prohibits companies from intercepting communications without the consent of at least one party.
Davila dismissed the case in 2017, ruling that Facebook didn't “intercept” any communications, and that the users could have taken steps to prevent data transmissions -- such as blocking cookies, browsing in “incognito mode,” or installing privacy plug-ins.
Davila also said the users hadn't shown that they suffered an economic injury.
The users then appealed to the 9th Circuit, which revived the bulk of the claims.
The appellate judges said the allegations, if true, could show that Facebook violated the federal wiretap law by intercepting communications. The judges specifically rejected the idea that the presence of a “Like” button on a publishers' site made Facebook a party to the communications between the publishers and users.
Facebook unsuccessfully asked the Supreme Court to review that ruling, arguing it cast doubt on “common business practices integral to the internet’s basic operation.”
News of the settlement comes almost one year after the Supreme Court rejected Facebook's request to take up the case.