Like the previous lawsuits, Facebook is once again being accused of violating the Federal Wiretap Act. Additionally, this nationwide class action lawsuit says Facebook violates the California Internet Privacy Requirements Act and the California Unfair Competition Law. It's worth noting that similar cases against Facebook and others filed under the wiretap law have been thrown out because browser cookies are simply not considered wiretaps and plaintiffs have difficulty proving any harm.
"The days when online service providers can run roughshod over the privacy rights of their customers are over," William Murphy Jr., founding partner of Murphy PA, said in a statement. "Companies that operate commercial websites, such as Facebook, need to realize the public is increasingly concerned about its privacy rights. Perhaps even more importantly, there is a growing community of security experts and bloggers that is extremely savvy about internet technology and committed to ensuring that people’s privacy rights are respected and protected."
The company responded by denying the claims and offering an explanation as to why its cookies behave the way they do. Menlo Park explained that it does not track users across the Web and its cookies are used to personalize content. As for the logged-out cookies, Facebook said they are used for safety and protection.
After a long technical discussion, Cubrilovic confirmed Facebook made changes to the logout process, and that the cookies in question behave as they should. They still exist, but they no longer send back personally-identifiable information after you log out. The company also took the time to explain what each cookie is responsible for.
Later that month, 10 privacy groups and US congressmen sent letters asking the Federal Trade Commission (FTC) to investigate Facebook for these and other practices. Note that the FTC settlement from November 2011 was over charges that date back to December 2009, meaning the tracking cookie issue was never discussed.