A California man has sued Facebook, Inc., claiming that the operator of the world’s largest social networking site violated state laws and its own privacy policy by improperly sharing his and other users’ personally identifiable information with advertisers. See Gould v. Facebook, Inc., Docket No. 10-cv-2389 (N.D. Cal. May 28, 2010). Facebook.com user David Gould claims that the Web site forwards “referrer headers” to advertisers whenever Facebook users click on an advertisement displayed within the social networking Web site. These referrer headers show advertisers the exact URL or Web address from which a Facebook user clicked on the advertisement in question. Gould claims that referrer headers contain users’ personal Facebook IDs, and that advertisers can use the headers to find users’ profiles and obtain personal information such as name, gender, and hometown without users’ consent. Gould has filed his complaint in the U.S. District Court for the Northern District of California, and is seeking class action status.

Gould alleges that Facebook first learned of this problem in August 2009, when researchers published a paper on the topic and forwarded a copy to the social networking giant. Despite this notice, the complaint asserts, Facebook has failed to change its practices and has made misleading statements regarding how it shares users’ personal information.

Gould’s complaint asserts a number of claims, including violation of California’s unfair competition and computer crime statutes, common law breach of contract, and common law negligence. Gould seeks injunctive relief, disgorgement of revenues, and damages on behalf of himself and the millions of Facebook users who have clicked on third-party advertisements posted on Facebook.com. A spokesman for the social media company has said that the lawsuit is without merit and that the company will defend itself vigorously.

Facebook currently faces a number of other challenges related to online privacy. Two Canadian users displeased with the company’s handling of privacy matters spearheaded a widely-publicized Quit Facebook Day campaign. Over 36,000 people – representing only a fraction of Facebook’s 400 million users – committed to deleting their Facebook accounts on May 31, 2010. Additionally, several U.S. senators and a number of privacy groups have called for changes to the company’s privacy practices. Rep. John Conyers, chairman of the U.S. House Judiciary Committee, D-Mich., is considering holding hearings on online privacy concerns; the congressman recently sent an open letter to Facebook expressing concerns about privacy-related issues.

Internet privacy concerns are increasingly important to Web users. Users dissatisfied with companies’ online privacy practices are increasingly expressing their dissatisfaction through public protest and/or litigation. As a result, social networking and other media companies should carefully consider their approach to privacy matters. To learn more about Arent Fox’s work in this area, please contact:

Anthony V. Lupo
lupo.anthony@arentfox.com
202.857.6353

Sarah L. Bruno
bruno.sarah@arentfox.com
202.775.5760

Matthew R. Mills
mills.matthew@arentfox.com
202.715.8582

Grace L. Applefeld
applefeld.grace@arentfox.com
202.857.6498