Two United States residents have challenged Facebook-parent Meta’s allegedly non-consensual and intentional interception of users’ electronic communications while using iOS. In a class-action suit filed at a District Court in California on September 21st, the petitioners argue that Facebook illegally intercepted and recorded users’ data while they used its in-app browser to access third-party websites, harming their privacy rights.
The social media giant did not disclose these practices to users. ‘Had Plaintiffs known that Meta could and would use its in-app browser to overcome Plaintiffs’ default browser settings and override their privacy choices, Plaintiffs would have avoided navigating to third-party websites from within Facebook,’ the petition hypothesises.
Claiming that Meta’s actions are in violation of state and federal laws on privacy and competition, the petitioners seek various types of relief and that the platform’s actions be brought to a halt.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
Why it matters: The petitioners contextualise Meta’s interception of user communications against updates to Apple’s iOS—specifically, April 2021’s iOS 14.5 update, which required platforms to obtain a user’s consent to track their activity online. Meta—whose billion-dollar profits are substantially owed to detailed profiling of users for advertising purposes—lost out its main revenue stream as a result of the update, argue the petitioners. Petitions like these hint toward changing tides for prevailing digital advertising models—their privacy-invasive methods are coming under increasing scrutiny from regulators and the public alike.
How Is Meta Intercepting Private Communications?
The petitioners’ claims largely target Facebook’s (and Meta’s) intensive profiling of individuals to support its advertising business—which comprised 97% of Meta’s revenue for 2021, according to the petition.
While Facebook offers its services for free, ‘Meta conditions the use of Facebook upon users disclosing sensitive and valuable personal information when they register, including birthdates and email addresses,’ the petitioners argue. This information is consistently gathered and aggregated, and then used to target advertisements at individuals.
The quest for gathering more information on users to boost profits has led to Facebook summarily violating the privacy rights of its users over the years through various surreptitious data mining strategies. The petitioners claim that the platform has done so again in the context of iOS.
On the flip side, if a user accessed the website directly through their preferred web browser on iOS, it ‘would actively block and prevent Meta’s ability to intercept and track the user’s activity on the third-party website’. Meta did not disclose that it was tracking users even after they opted out of being tracked.
Meet the Plaintiffs
The plaintiffs are Gabriele Willis (resident of California) and Kerreisha Davis (resident of Louisiana). Both had active Facebook accounts—and did not consent to Meta’s tracking of their electronic communications. They reasonably held that Meta would not intercept their communications or collect personally identifiable information on them as they accessed third-party sites through Facebook’s in-app browser.
The ‘Class’ the plaintiffs are representing comprises all persons in the US ‘with active Facebook accounts who visited a third-party external website on Facebook’s in-app browser during the Class Period’. The ‘Subclass’ they represent is people in California who were subject to the same violations during the Class Period.
According to the petition, the Class Period is between when Meta began implementing such practices on Facebook and the final date of judgment. It does not specify what the exact starting point is.
First Claim for Relief: Violation of the Wiretap Act; On Behalf of the Class
Meta non-consensually intercepted the contents of the plaintiffs’ electronic communications as they switched between Facebook to third-party websites. This is in violation of the federal Wiretap Act.
What the law says: Intentional interception of a wire, and an oral or electronic communication is forbidden by the Wiretap Act, amended by the 1986 Electronic Communications and Privacy Act. The Act provides a right of action for those whose communications are intercepted.
Relief sought: ‘Preliminary, equitable and declaratory relief, in addition to statutory damages of the greater of $10,000 or $100 per day for each day of violation, actual damages, punitive damages, and reasonable attorneys’ fees and costs of suit,’ reads the filing.
Second Claim for Relief: Violation of the California Invasion of Privacy Act; On Behalf of the Class or California Subclass
What the law says: The California Penal Code under which the provision falls penalises intentional and non-consensual interception of communications. If found guilty, an entity is to pay a fine of up to $2,500.
Relief sought: ‘Meta is liable to the Plaintiffs and Class members for the greater of treble actual damages related to their loss of privacy in an amount to be determined at trial, or statutory damages in the amount of $5,000 per violation,’ reads the filing.
Third Claim for Relief: Invasion of Privacy (Intrusion Upon Seclusion); On Behalf of the Class
The Plaintiffs and Class Members assumed the expectation of privacy while using Facebook and third-party websites within it. Meta’s actions injure their privacy rights, in that ‘Meta intentionally intruded upon their solitude or seclusion’.
What the law says: As MediaNama previously reported in a similar case filed against Oracle’s illicit data gathering practices, ‘under U.S. Common Law, the ‘intrusion upon seclusion‘ privacy tort refers to an intentional invasion of someone’s privacy (or ‘seclusion’) that is offensive to a reasonable person and causes suffering. To assert such a claim, the petitioners must plead that a highly offensive intrusion into a private place or matter took place.’
Arguments: Meta failed to prevent the dissemination or misuse of users’ confidential and sensitive personally identifiable information. Its actions overrode user controls over the information that they allow Meta to track. Its actions prevented unknowing users from making decisions or doing activities that were not tracked by Meta.
Relief sought: ‘Just compensation, including monetary damages,’ reads the filing.
Fourth Claim for Relief: Violation of the Unfair Competition Law; On Behalf of the Class or California Subclass
Meta’s conduct was and is unfair, predatory, and in violation of larger public policies in California that protect the privacy of confidential information.
What the law says: The petitioners contend that Meta’s actions are in violation of the Unfair Competition Law, an antitrust legislation which outlaws an ‘unlawful, unfair, or fraudulent business act or practice and unfair, deceptive, untrue or misleading advertising’. They add that it also violates the Consumers Legal Remedies Act.
Arguments: Meta’s conduct was solely in the interest of increasing its profits by acquiring users’ personal information. Meta’s conduct is unjust in that it has reaped millions at the expense of misled consumers who believed in the platform’s integrity and privacy-respecting features. The suit argues that had the Plaintiffs and Class Members known they were being tracked through in-app browser, they would have ‘avoided navigating to third-party websites from within Facebook, and instead would have copied and pasted links into their standard browser to avoid being tracked, thereby avoiding this injury’. Interestingly, the petitioners argue that Meta’s non-consensual and intentional tracking also depreciated the value of the data itself—although no arguments are provided to substantiate this.
Relief sought: Restitution, injunctive relief, and other relief sanctioned by the Unfair Competition Law.
Fifth Claim for Relief: Unjust Enrichment (On Behalf of the Class)
Meta has profited off of the unjust tracking of users described above. Or, alternatively in this case, ‘Plaintiffs and Class members conferred benefits on Meta by using Facebook’. Meta’s retention of these profits and benefits is unjust.
Relief sought: The profits should either be disgorged from Meta, or placed in a ‘constructive trust’ for the Plaintiffs and Class Members to obtain restitution.
Questions of Law to Be Answered in this Case
As per the petitioners, these are the main questions before a Judge and Jury:
- Did Meta intentionally tap the electronic communications of Class members when they visited third-party websites?
- Does Facebook’s in-app browser record Class members’ personally identifiable information and private communications?
- Do Class members have a ‘reasonable expectation of privacy’ when it comes to this kind of information?
- Is Meta’s privacy invasion ‘highly offensive to a reasonable person’?
- Are Meta’s actions in violation of federal and state laws?
- Did Meta’s conduct result in a breach of confidentiality?
- Did Meta’s actions mislead Class members about the control they had over their private communications?
- Are the Class members entitled to damages, restitution, or relief?
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
- Privacy Experts Sue Oracle In Class Action Suit For Non-Consensual, Unlawful Data Collection: Summary
- Why The German Regulator Has Launched An Investigation Into Apple’s App Tracking Transparency
- How Big Is Amazon’s Ad Business? Hint: Probably A Bigger Cash Cow Than AWS
- All You Need To Know About Google’s Privacy Sandbox