Kit Chellel and Jeremy Hodges report that over 20 lawsuits that were filed against Facebook over tracking users even after they log out of their accounts have been consolidated. The cases will be heard as one lawsuit in federal court in San Jose.
“This is not just a damages action, but a groundbreaking digital-privacy rights case that could have wide and significant legal and business implications,” David Straite, a Stewarts Law partner, said.
Read more on The Montreal Gazette.
Katie Stallard of Sky News explains that even if you do not have a Facebook account, some of your browsing data may be collected by Facebook:
Facebook declined to comment on the lawsuit, but pointed to a 2011 privacy audit by the Irish Data Protection Commissioner, their European regulator, which examined the issue.
The commissioner’s report stated: “We were satisfied that no access was made to any information that could be considered to be personal data in the logged information for advertising or profiling purposes.”
Facebook Ireland said in response at the time that it had not designed its systems to track user or non-user browsing activity and that users had provided consent for the processing of data.
It said: “When you go to a website with a ‘Like’ button, we need to know who you are in order to show you what your Facebook friends have liked on that site. The data we receive includes your user ID, the website you’re visiting, the date and time, and other browser-related information.
“If you don’t have a Facebook account and visit a website with the Like button or another social plugin, your browser sends us a more limited set of information. For example, because you’re not a Facebook user, we don’t receive a user ID.
“We do receive the web page you’re visiting, the date and time, and other browser-related information. We record this information for a limited amount of time to help us improve our products.”
So Facebook is collecting some of my browsing history even though I have no account and am not even on their site? I don’t like that, but where’s the actual harm to me? I do think there’s more of an issue for people who actually have a Facebook account, and I’m not sure that I totally agree with Lauren Weinstein, who described the lawsuit as “inane.” We do agree, however, that there are a lot more serious threats to privacy.
For a non-member of Facebook, there probably is little harm, unless Facebook at some point does additional processes to try to correlate non-member off-Facebook tracking to other user or device identifiable information.
But for Facebook members, the class for these lawsuits, the charge is that they were tracked even after logging out. I haven’t studied it in all of its legal glory, but presumably Facebook didn’t discard the account ID as it continued to track the logged out user.
A few years ago, there wasn’t much happening with tracking on the web that uniquely identified users or devices. But now that kind of aggregation, correlation, and tracking is more ubiquitous. Click streams can be highly de-anonymizable. Device fingerprinting is becoming more widely used. And in the background of every privacy discussion is the fact that governments can obtain this commercial information with varying degrees (including none) of due process.
To me (and I suspect to most users), logged out means you no longer know who I am, and anything you see me do should in no way be correlated to my account or my identity.
So I wouldn’t let down my guard too quickly on privacy harms that may not, at their face, seem very severe.