In a recent case in California, Facebook account holders filed a putative class action lawsuit against Facebook, alleging that Facebook knowingly forwarded personal information to online advertisers without its users’ consent. In In re Facebook Privacy Litigation, Plantiffs asserted eight causes of action against Facebook, including violations of the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510, et seq. and various California laws (both statutory and common law), and all were dismissed.
At issue was the mechanism that sends a “Referrer Header” to an advertiser when a Facebook user clicks on an advertisement posted on the website. Plaintiffs asserted that when an advertiser receives a “Referrer Header” from Facebook, which indicates the webpage address the user was viewing before clicking on the advertisement, the advertiser is able to obtain substantial information about a user, including the user’s name, gender and picture. The court explained that in sending these “Referrer Headers,” Facebook “shares users’ personal information with third-party advertisers without users’ knowledge or consent, in violation of [Facebook’s] own policies.”
The court looked closely at the following language of the Wiretap Act, 18 U.S.C. § 2511(3)(a), which provides in part that an entity:
providing an electronic communication service to the public shall not intentionally divulge the contents of any communication (other than one to such entity, or an agent thereof) while in transmission on that service to any person or entity other than an addressee or intended recipient of such communication or an agent of such addressee or intended recipient.
Citing the language of the statute, the court found that Plaintiffs could not state a claim under the Wiretap Act under two potential interpretations of Plaintiffs’ allegations. As to the first interpretation, the court found that Plaintiffs could not set forth a claim because the communication was “one from a user to Defendant” and therefore, Defendant could not be held liable for divulging the communication. Similarly, the court found that Plaintiffs also failed to set forth a claim under the second interpretation because the communication was a “communication from a user to an advertiser,” making the advertiser the “addressee or intended recipient.” As with the first interpretation, Defendant could not be held liable for divulging that communication.
Pursuant to the Stored Communications Act (“SCA”), 18 U.S.C. § 2702(a), “an entity providing an electronic communication service to the public ‘shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.’” Nonethless, an electronic communication service provider is permitted to reveal the contents of a communication to “an addresee or intended recipient of such communication” or “with the lawful consent” of an addressee or intended recipient of a communication. 18 U.S.C. § 2702(b)(1) and (3). As with the analysis of the Wiretap Act, the court found that Plaintiffs failed to state a claim under the SCA under either interpretation of Plaintiffs’ claims because Defendant was allowed to divulge the communications to the advertisers. Although the court ultimately granted Plaintiffs leave to amend the complaint to replead their allegations, the court’s initial ruling suggests that Plaintiffs will have their hands full convincing the court that this litigation should progress past the pleading stage.