U.S. Supreme Court Rejects Facebook Appeal in $15 Billion User Tracking Lawsuit

It’s no secret that Facebook automatically collects information about your browsing session whenever you log into the platform. The social media giant is known to collect information about the websites you visit even when you’re NOT logged in. It uses this data to tailor ads for you based on your interests. This is meant to be a harmless convenience, but it’s hard not to feel like your privacy is being violated. 🕵️

Social media tracking has become the norm, but its invasiveness alarmed four California residents back in 2010. They filed a class-action lawsuit in California federal court in May 2012, arguing that Facebook had violated several privacy laws. The lawsuit sought $15 billion in damages. 

What followed is an almost decade-long legal battle that has now reached the U.S. Supreme Court. The justices recently denied Facebook’s attempt to have the case thrown out. Here’s what we know about the lawsuit. 📜

Facebook Sued in California for User Tracking 

Four Californians filed the class action lawsuit against Facebook in federal court for user privacy violations between April 2010 and September 2011. The suit claimed Facebook violated the Wiretap Act, the Stored Communications Act, the California Invasion of Privacy Act (CIPA), invasion of privacy under the California constitution, and common law claims. 

The lawsuit, Facebook v. Perrin Aikens Davis et al, is centered on Facebook’s use of a feature called “plug-ins” that websites can add to their pages to track visitors’ browsing histories. Facebook also used digital files called “cookies” to identify users. The plaintiffs accuse the social media platform of packaging this tracked data and selling it to advertisers 💰 for profit. 

How Facebook Tracks Users

Facebook uses cookies to keep track of what users are up to when they’re not on Facebook. A “cookie” 🍪 is a text file that Facebook creates and sends to your browser. They are stored in a browser directory on your computer.

Facebook cookies come in two flavors. The first is a “session cookie” that is set when you log into Facebook. Session cookies make it so that you don’t have to enter your username and password every time you open up Facebook. They are supposed to be deleted when you log out.

The second type of cookie is a “tracking cookie” which uses those Facebook “like” buttons you see on every website to keep track 👀 of which pages you visit. The tracking cookie sends that information back to Facebook every time you access a page with the “like” button. Tracking cookies are not deleted when you log out of Facebook. In fact, Facebook reportedly saves these cookies on your computer even if you don’t have a Facebook account. 

The lawsuit alleged that Facebook used these cookies to intentionally track users’ browsing activity after they logged out of the platform despite contrary representations in its privacy policy. The suit contends that the personal information it receives has “massive economic value” and that a lucrative market exists for that kind of data. 

Facebook Fights Back

In response to the lawsuit, Facebook said it protects users’ privacy and shouldn’t have to face liability over typical computer-to-computer communications. It argued that it uses the data it receives to tailor the content it shows users and improve ads on its service. The platform filed a motion to dismiss the lawsuit in 2015, and the motion was granted 🔨 by a federal judge. The case was dismissed in November 2017. 

Undeterred, the plaintiffs appealed the decision to the 9th Circuit Court of Appeals. The circuit court ruled in their favor and allowed the case to go forward in 2020. The Wiretap Act and state privacy claims were given the green light to go ahead. 

“Facebook’s user profiles would allegedly reveal an individual’s likes, dislikes, interests, and habits over a significant amount of time, without affording users a meaningful opportunity to control or prevent the unauthorized exploration of their private lives,” the 9th Circuit said in its ruling.

Facebook wasn’t going to take that ruling laying down, so it filed an appeal to the U.S. Supreme Court in November 2020. It attempted to once again have the case dismissed. 🛑

The U.S. Supreme Court Decides

Facebook’s appeal to the Supreme Court only involved the Wiretap Act, which prohibits eavesdropping 👂 on electronic communications. The law only exempts people who are parties to the communication, such as the sender and receiver. 

The social media platform argued to the Supreme Court that it did not violate the Wiretap Act because it is a party to the communications of its users. “Facebook was not an uninvited interloper to a communication between two separate parties; it was a direct participant,” the company said in a legal filing. 

The justices declined to hear Facebook’s appeal and offered no explanation for their ruling. It is unclear what will happen next, but the Supreme Court’s decision sets a precedent. The case will now go back to the lower courts. 

This case has been going on for nearly a decade, and there are still potentially many more years of litigation to go. However, the path is a little smoother now that the case has passed the motion-to-dismiss stage. The outcome of the case will likely have a significant impact on how social media sites collect user data and track users 👁️ across websites.