Meta ends decade-long privacy lawsuit with $90 million settlement

A nearly decade-long data privacy lawsuit against Meta, previously Facebook Inc., has ended in a $90 million settlement agreement and a requirement to “sequester and delete” user data that was collected between April of 2010 and September of 2011.

The complaints alleged that the company illegally profited from and collected user data. The plaintiffs in the class-action suit accused Facebook of using cookies and plug-ins to monitor visits to third-party sites (which utilized Facebook’s “Like” button) even after the users logged out, contradictory to Facebook’s assurance that it would not do so. 

Although the agreed-upon settlement would be considered one of the largest data privacy settlements in U.S. history — pending court approval — the plaintiffs originally sought out $15 billion in damages.

The lawsuit was initially filed in 2012 as 21 separate class-action lawsuits — later consolidated into one — then dismissed in 2017, and successfully appealed in 2020. 

In June 2017, the Northern District Court of California dismissed the complaints on the basis that the plaintiffs could not point to a reasonable expectation of privacy and had not encountered financial loss. 

Later, the Ninth Circuit Court of Appeals reversed the dismissal in part on the basis that Facebook was in violation of the Wiretap Act and the Children’s Information Privacy Act (CIPA). Plaintiffs were able to prove that Facebook violated user privacy, sold user data to outside actors for targeted advertising and that harm was inflicted on users. 

Facebook attempted to appeal and have the case brought before the U.S. Supreme Court, however, their request was denied and brought back down to the trial court for negotiations. 

For Meta, privacy violation penalties are inescapable. Just last year the company paid $650 million in a settlement accusing them of collecting and storing digital scans of users’ faces without consent, violating Illinois’ Biometric Information Privacy Act (BIPA). 

The imposed damages fee may not be the last of its kind for Meta. Texas Attorney General Ken Paxton sued the tech giant last week after violating Texas’ Capture or Use of Biometric Identifier Act and the Deceptive Trade Practices Act. Facebook had reportedly been gathering biometric identifiers, without user consent, millions of times which could result in a $25,000 penalty fee for each violation, Paxton said. 

California has a high volume of data privacy lawsuits due to the number of California-based big tech headquarters and the 2020 implementation of the California Privacy Protection Agency (CPPA). A rise in instances of data privacy lawsuits is expected in the coming year as privacy laws tighten across the country and a movement towards big tech accountability grows.