Facebook hit with $15 billion class action user tracking lawsuit

Facebook hit with $15 billion class action user tracking lawsuit

Summary: Facebook is once again being sued for tracking its users even after they logout of the service. The latest class action lawsuit demands $15 billion from Facebook for violating federal wiretap laws.


Facebook is being sued for $15 billion for tracking users, even after they have logged out of the social network, and violating federal wiretap laws. If that sounds familiar, that's because it is: Facebook faces nationwide class action tracking cookie lawsuit.

Today's lawsuit, filed in Federal Court in San Jose, California, combines 21 separate cases across the U.S. in 2011 and early 2012. It's an amended consolidated class-action complaint that claims the company is invading the privacy of its users by tracking them across the Internet. If the claimants are successful in their case against Facebook, they could prevent Menlo Park from collecting the huge amount of data it collects about its users to serve ads back to them.

Like the previous lawsuits, Facebook is once again being accused of violating the Federal Wiretap Act, which provides statutory damages per user of $100 per day per violation, up to a maximum per user of $10,000. The complaint also asserts claims under the Computer Fraud and Abuse Act, the Stored Communications Act, various California Statutes, and California common law. It's worth noting that similar cases against Facebook and others filed under the wiretap law have been thrown out because browser cookies are simply not considered wiretaps and plaintiffs have difficulty proving any harm.

Stewarts Law is one of the firms leading the claim. "This is not just a damages action, but a groundbreaking digital-privacy rights case that could have wide and significant legal and business implications," David Straite, a partner at Stewarts Law, said in a statement.

Facebook has been accused multiple times of using cookies to track users even after they log out of the service. Menlo Park has since twice denied the allegations, and has also twice fixed the issue. Nevertheless, the lawsuits just keep coming. In additional to national lawsuits, there have been several lawsuits filed in multiple states, including Kansas, Kentucky, Louisiana, and Mississippi.

In September 2011, self-proclaimed hacker Nik Cubrilovic accused Facebook of tracking its users even if they log out of the social network. He explained that even after logging out of the service, whenever he visited a website that had a Facebook plugin, information including his account ID was still being sent to Palo Alto.

The company responded by denying the claims and offering an explanation as to why its cookies behave the way they do. Menlo Park explained that it does not track users across the Web and its cookies are used to personalize content. As for the logged-out cookies, Facebook said they are used for safety and protection.

After a long technical discussion, Cubrilovic confirmed Facebook made changes to the logout process, and that the cookies in question behave as they should. They still exist, but they no longer send back personally-identifiable information after you log out. The company also took the time to explain what each cookie is responsible for.

Later that month, 10 privacy groups and US congressmen sent letters asking the Federal Trade Commission (FTC) to investigate Facebook for these and other practices. Note that the FTC settlement from November 2011 was over charges that date back to December 2009, meaning the tracking cookie issue was never discussed.

In October 2011, the issue came back. It was discovered that the datr cookie, which can be used for tracking users, was once again being set on third-party websites with a Facebook social plugin – whether you are logged in or logged out of the service. Facebook confirmed the bug, said only some third-party websites were affected, and fixed it.

Also in September, Ireland's Data Protection Commissioner (DPC) agreed to conduct a privacy audit of Facebook. Since the social network giant's international headquarters is in Dublin, the larger majority of the site's users are affected by any of the DPC's decisions (see Europe versus Facebook). Thankfully for Facebook, when the DPC completed his three-month privacy audit of Facebook's activities in December 2011, he said Facebook makes "innovative use of cookies to identify unusual or suspicious activity" on an account.

All that being said, Facebook still needs to worry about this lawsuit and all the previous ones related to cookie tracking. I have contacted Facebook and will update you if I hear back.

See also:

Topics: Social Enterprise, Legal

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Snore..........

    I'm sure my ISP is selling tracking information
    I'm sure the government is tracking everybody
    Privacy on the internet is an illusion
    if you really want to be anonymous use a TOR server but who's to say they aren't tracking you too?
    • Lame

      Such a pathetic spineless attitude. Are you French?
      • What a vicious and cowardly remark... are you American?

        (how does it feel to be given the same treatment you seemingly and freely seem to dole out?)
      • troll bait much?

        Internet privacy is an illusion. That is a fact. And that is how every government, including the American gov, likes it. Of course, the fact is: as bad as the US gov is at privacy invasion, other governments are worse. The US Federal government is the only thing keeping internet as open and free as it is. If other powers, such as China (or Comcast for that matter), had their way, then the policy stance would be different.
  • I guess people don't understand the saying "nothing in life is free"

    People... how do you think it is possible for all these websites and apps and whatever to be out there for your use at no cost (no financial cost). It is because they are charging for those service by you allowing them to follow you around and track what you do so they can tell their advertisers how great they will be in targeting you with ads that you would care about! If you don't want Facebook tracking you around, then DON'T USE IT, don't want Google to know where you are, what you bought etc, then DON'T USE IT. Running those businesses is not free to those companies and it is not free to you either. Your options are to pay money for the service or to have them track you. I think it might be in those companies best interest to give an option to pay and not be tracked and see how many users knowing that is the "choice" choose to cough up $.
    • And when most people use it and then the company decides to

      think about people who don't use it, you will be affected either which way.

      And given how these cats already get corporate welfare to prop themselves up with... I made a very straightforward post including a link you ought to read.

      But, out here in real life, "DON'T USE IT" as if your caps lock key is broken or something, doesn't cut it. We've seen how companies don't bother to self-regulate so people have to stand up for each other.

      Which is okay, can we be sure that we don't stand up for you or that, as a facebook users yourself I suspect, you won't get any settlement money if it's proven facebook made a big no-no at your expense?

      We know these businesses can't run for free. But who started the mindset everything should be free? Hopefully not the people who still expect to see their salaries high while everyone else has to endure theirs stagnating or dropping... ;)
    • re

      Just because theses things SN,apps are free doesn't give them the right to break wiretap and privacy laws to make a buck.
  • Seems too low

  • Some lawyer waited until the IPO

    In hopes that Facebook would just shoot a couple of billion their way to settle.

    I see nothing happening with this.
    William Farrel
  • Internet Tracking

    Is this class action a worldwide thing or just for US users?

    This is really no different than the telemarketer do not call list.
    Who enforces it?
    When is it enforced?

    I still get tons of telemarketers calling with caller id blocked,
    and it costs me money to havew their calls blocked.

    One day I was looking for a 60 amp GFI breaker.
    3 months later I was still gettting nextag popups
    for 60AMP GFI breakers.

    Another evil participant - Tiger Direct.

    I decided to play the same game. I correspond with the advertisers, tell them what
    I'm looking for and because they have been so in my face with popup ads, I bought it elsewhere.

    That works for most stuff excepting the online pimping (dating) services and the gambling sites. As I have no desire for either there is no comeback I have been able to think up yet.
  • Do Not Track

    I use do not track, adblock, browser deletes the cookies and peer block. I could go really hard core but the TOR doesn't work worth a damn any time I've tried it.

    You don't have to be tracked or see ads if you take a few minutes to harden up your online experience.
    Home Grown IT
    • RE: Do Not Track

      As a Firefox user, I have installed Ghostery (www.ghostery.com) and block most everything, along with paranoid use of No Script and AdBlock+.

      WRT to trackers, the 'wall of shame' for this page includes:

      CBS Interactive (expected, as ZDNet is owned by CBS)
      Crowd Science
      Facebook Social Plugins
      Google Analytics

      [b]all blocked[/b]
      • Google Analytics

        Good luck trying to block that. You'll find some webpages will fail to load if you do.
  • Google Tracking!!!

    I have to laugh at all the ads that appear on a page based on a previous Google search. Since I am not harmed by this type of information being used, I just laugh it off. I think some people are looking for things are not there. I think that somebody should prove they have been harmed by the tracking cookies. Just like a earlier commenter on these pages, how do you think that all the things that you make use of on the Internet are paid for. If anything, Facebook and the other companies being sued should file a counter-suit that accuses these people of harassment. I have never felt that I was being tracked by Facebook when I logged off. I guess these people are just looking for the deep pockets. We need to get a government in power that will stop people from wasting court time on frivolous things like these law suits. There may be legitimate things to sue about, but these tracking things are not.
  • facebook

    I Never use Facebook, cant stand the thing. it will get broken up sooner or later. and good riddance to it. i mean come on, it was made by the most boring man in history. there is alot of information that governments would kill for being generated by the site, they will get their hands on it one way or another, and it will be sooner rather than later.

    facebook is dead, long live reddit
  • Good luck on the lawsuit

    $15 billion. Why not make it $100 billion. No one will ever agree to that amount. And the cowards unleash it in the first day of trading. Probably started by one of those 2 man law firms trying to make a fast buck.
  • clear your cookies

    Did people ever try to clear their cookies?

    Well do that after visiting facebook then.

    But so many websites have facebook apps on their websites, so facebook could track ip address. And they know what ip address you were logged in with and win. So either way they could track you if they want. its 3rd party websites fault for integrating facebook apps such as the like button. So its not facebooks fault directly.
    • Why should people

      Why should people have to worry about cookies in the first place? Its not the cookies its the stinking greedy corps that abuse the users/member trust. By using the cookies for spying.
  • seems like the big prob is "ads"?

    step 1: get Firefox
    step 2: add ad-blocker plugin to Firefox
    step 3: Search MVPS host and update it once in a wile
    step 4: forget what "ads" are!!!
  • Funny

    What makes this whole thing funny is that there are 11 tracking elements on this page alone.