Not a Lexis Advance subscriber? Try it out for free.

Davis v. Facebook, Inc. (In re Facebook Inc. Internet Tracking Litig.)

United States Court of Appeals for the Ninth Circuit

April 16, 2019, Argued and Submitted, San Francisco, California; April 9, 2020, Filed

No. 17-17486

Opinion

 [*595]  THOMAS, Chief Judge:

In this appeal, we are asked to determine whether: (1) Facebook-users Perrin  [*596]  Davis, Brian Lentz, Cynthia Quinn, and Mathew Vickery ("Plaintiffs") have standing to allege privacy-related claims against Facebook, and (2) Plaintiffs adequately allege claims that Facebook is liable for common law and statutory privacy violations when it tracked their browsing histories after they had logged out of the Facebook application. We have jurisdiction pursuant to 28 U.S.C. § 1291. We affirm in part; reverse in part; and remand for further proceedings.

Facebook uses plug-ins3 to track users' browsing histories when they visit third-party websites, and then compiles these browsing histories into personal profiles which are sold to advertisers to generate revenue. The parties do not dispute that Facebook engaged in these tracking practices after its users had logged out of Facebook.

Facebook facilitated this practice by embedding third-party plug-ins on third-party web pages. The plug-ins, such as Facebook's "Like" button, contain bits of Facebook code. When a user visits a page that includes these plug-ins, this code is able to replicate and send the [**7]  user data to Facebook through a separate, but simultaneous, channel in a manner undetectable by the user.

As relevant to this appeal, the information Facebook allegedly collected included the website's Uniform Resource Locator ("URL") that was accessed by the user. URLs both identify an internet resource and describe its location or address. "[W]hen users enter URL addresses into their web browser using the 'http' web address format, or click on hyperlinks, they are actually telling their web browsers (the client) which resources to request and where to find them. In re Zynga Privacy Litig., 750 F.3d 1098, 1101 (9th Cir. 2014). Thus, the URL provides significant information regarding the user's browsing history, including the identity of the individual internet user and the web server, as well as the name of the web page and the search terms that the user used to find it. In technical parlance, this collected URL is called a "referer header" or "referer." Facebook also allegedly collected the third-party website's Internet Protocol ("IP") address,4 which reveals only the owner of the website.

Facebook allegedly compiled the referer headers it collected into personal user profiles using "cookies"—small text files stored on the user's device. When [**8]  a user creates a Facebook account, more than ten Facebook cookies are placed on the user's browser. These cookies store the user's login ID, and they capture, collect, and compile the referer headers from the web pages visited by the user. As most relevant to this appeal, these cookies allegedly continued to capture information after a user logged out of Facebook and visited other websites.

Read The Full CaseNot a Lexis Advance subscriber? Try it out for free.

Full case includes Shepard's, Headnotes, Legal Analytics from Lex Machina, and more.

956 F.3d 589 *; 2020 U.S. App. LEXIS 11209 **

IN RE FACEBOOK, INC. INTERNET TRACKING LITIGATION,PERRIN AIKENS DAVIS; BRIAN K. LENTZ; CYNTHIA D. QUINN; MATTHEW J. VICKERY, Plaintiffs-Appellants, v. FACEBOOK, INC., Defendant-Appellee.

Prior History:  [**1] Appeal from the United States District Court for the Northern District of California. D.C. No. 5:12-md-02314-EJD. Edward J. Davila, District Judge, Presiding.

In re Facebook Internet Tracking Litig., 290 F. Supp. 3d 916, 2017 U.S. Dist. LEXIS 190819 (N.D. Cal., Nov. 17, 2017)

Disposition: AFFIRMED IN PART, REVERSED IN PART, AND REMANDED.

CORE TERMS

user, privacy, website, collected, tracking, browsing, intrusion, district court, reasonable expectation of privacy, communications, third-party, logged, browser, storage, web, electronic, parties, practices, internet, profits, logged-out, duplicate, stored, motion to dismiss, offensive, unjustly, compile, emails, header, invasion of privacy

Civil Procedure, Appeals, Standards of Review, De Novo Review, Preliminary Considerations, Justiciability, Standing, Defenses, Demurrers & Objections, Motions to Dismiss, Failure to State Claim, Responses, Motions to Dismiss, Standing, Injury in Fact, Constitutional Law, Case or Controversy, Elements, Torts, Intentional Torts, Invasion of Privacy, Intrusions, Public Disclosure of Private Facts, Computer & Internet Law, Privacy & Security, Electronic Communications Privacy Act, Criminal Law & Procedure, Criminal Offenses, Illegal Eavesdropping, Privacy Act, Conversion, Personal Stake, Pleadings, Complaints, Requirements for Complaint, Intrusions, Invasion of Privacy, Illegal Eavesdropping, Business & Corporate Compliance, Breach, Breach of Contract Actions, Elements of Contract Claims, Contracts Law, Contract Interpretation, Contract Formation, Contracts Law, Contract Formation