Litigation Revived Accusing Facebook of Violating Users’ Privacy Rights

United States Courthouse facade

On Thursday, a federal appeals court in San Francisco revived a nationwide litigation accusing Facebook of violating user’s privacy rights. Facebook has been tracking people’s internet activity outside its own platform. Last January the company agreed to settle in a lawsuit over facial recognition tech. This cost Facebook $550 million.

Claims can be Pursued

The issue that was ruled on this week had already gone to court in 2017. Facebook users took legal steps because the platform had been storing cookies on their browsers. These cookies tracked their behavior on websites that contained a Facebook “like-button”. This information was then used to sell on to advertisers. Back then the lawsuit was dismissed for lack of legal standing.

The user’s profiles contained information about likes, dislikes, interests, and browsing habits. This tracking took place over a considerable amount of time. Users weren’t given the option to control or prevent this tracking.

This week the original ruling was reconsidered. The judge ruled that users were reasonable in thinking that their browsing behavior would be private. The court said that Facebook users could pursue claims under federal and California privacy and wiretapping laws, since their right to privacy had been invaded.

Costly Lawsuits

The law in California also states that unjustly earned profits can be taken away by the government. This could be painful for Facebook, since it has settled in another lawsuit less than three months ago which cost the company $550 million dollars. This lawsuit regarded the company’s facial recognition software and had been going on since 2015. Half a billion dollars might seem like a gigantic amount for most people, but for Facebook it’s not that big of a deal. In January the company reported in income of $21 billion for the last quarter of 2019.

The initial claim for the lawsuit was that Facebook stored biometric data without user consent. This is in violation of the Illinois Biometric Information Privacy Act. The settlement will be paid out to eligible Illinois users and will cover legal fees.

Whenever a user posts a photo you would get suggestions on who is in it and who you can tag. This means that somewhere Facebook stored data that would recognize these faces. Facebook didn’t start sharing information about this until 2018. That was also the moment when the company pointed out to people that they could disable this. The facial recognition on the platform became opt-in by default last year. Before then it was enabled by default for all users.

Cybersecurity analyst
David is a cybersecurity analyst and one of the founders of Since 2014 he has been gaining international experience working with governments, NGOs, and the private sector as a cybersecurity and VPN expert and advisor.