Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Facebook sued over illegal collection of user data

A class action suit has been filed against Meta, claiming that Facebook and Instagram iOS apps circumvented App Tracking Transparency in order to illegally continue tracking users without permission.

Since iOS 14, Apple's App Tracking Transparency (ATT) requires apps to cease tracking users unless that user explicitly allows them to continue. Facebook has famously objected to ATT, and revealed that it has had an impact of more than $10 billion on its projected earnings.

According to Bloomberg, however, a proposed new class-action lawsuit claims that Facebook and Instagram owner Meta has been circumventing ATT and collecting data, regardless of user preferences and opt-out.

The suit, filed in San Francisco federal court, is based on research from data privacy researcher, and former Google engineer, Felix Krause. He claims that Facebook and Instagram inject JavaScript code into websites visited by users.

Krause says that this JavaScript code allows Meta to track "anything you do on any website." That goes further than the regular advertising tracking, and even theoretically includes the ability to capture passwords typed into sites.

The suit further alleges that Facebook opens web links in its own in-app browser, rather than using Safari or whatever the user's default browser is.

"This allows Meta to intercept, monitor and record its users' interactions and communications with third parties," says the suit. In doing so the suit also says that it also that data collected to boost advertising revenue, contrary to user preference.

Meta has not commented publicly on the suit. However, Krause's report says that the company acknowledged that it monitors browser activity, but denied the accusation of illegal data collection.

The two cases at the core of the class action filing are Willis v. Meta Platforms Inc., 22-cv-05376, and Mitchell v. Meta Platforms Inc., 22-cv-05267, both filed in the US District Court, Northern District of California (San Francisco).



18 Comments

maciekskontakt 16 Years · 1168 comments

ReactJS framework under review. Now is Google Angular better? Hmmm...

1 Like · 0 Dislikes
ihatescreennames 20 Years · 1989 comments

I have no line for Facebook and all of the plaintiffs claims may be true but are they illegal? I have no idea. Is there a law that says companies must abide by user preferences or something similar?

4 Likes · 0 Dislikes
lkrupp 20 Years · 10521 comments

So what? Lawyers will get a few million and Meta will go on as usual. User data is their life’s blood. Without it they go belly up. Nothing is free and advertising is what we pay. Not saying it’s okay but this is just how it is. Government can do only so much without taking over the economy and we don’t want that.

3 Likes · 0 Dislikes
rob53 14 Years · 3331 comments

I finally got my renewal for the iOS (only?) AI subscription so I don't get ads but it doesn't apply to AI forums so I still get garbage ads on my iPhone even though I'm paying to not get them. Using Safari's tracker capability on my iMac, this forum page has three trackers: doubleclick.net, google-analytics.com, and googletagmanager.com. Using Duck-duck-go's privacy essentials, it shows a B+ rating, tries not load some google things but still loads others. I honestly don't believe there's a way to stop any website from loading at least some trackers.

Tried to delete them on my iMac.


Still allowed these.


3 Likes · 0 Dislikes
williamh 14 Years · 1048 comments

I have no line for Facebook and all of the plaintiffs claims may be true but are they illegal? I have no idea. Is there a law that says companies must abide by user preferences or something similar?

You raise a good point about the state of US privacy law, particularly in comparison to the EU's GDPR.  US privacy law is sector based and offers very specific protections (like HIPAA covering medical information in many contexts) as opposed to the broad and general protection of GDPR that is focused on the private information.

In the US, the Federal Trade Commission can go after a company for violating their own posted policies as "unfair and deceptive acts and practices"  even if the privacy information didn't have other specific legal protection.

The law is the FTC Act, see Section 5.  federal-trade-commission-act

6 Likes · 0 Dislikes