Even as Facebook is fighting hard to dismiss allegations that it curates its Trending news topics to filter out news content on conservative ideology, the California-based social networking giant is now facing a class action lawsuit which alleges that it scans private messages of its users for URLs which it then uses for advertising or marketing purposes. The plaintiffs allege that by doing this, Facebook has violated the Electronic Communications Privacy Act as well as the California Invasion of Privacy Act. Facebook has disputed the allegations and claims that the method it employs to collect URLs is anonymized and is used in an aggregate form.
The plaintiffs have used the discovery process to gain access to Facebook's source codes and engineers and have found that Facebook continues to scan for URLs in private messages and stores them indefinitely. They allege that apart from violating the privacy of individual users, any Facebook employee can use such data for any use at any time. Even though Facebook does not deny the fact that it collects URLs, it has stressed in court that there is no way for any employee to trace the source of any URL to any particular user. It adds that the URLs that it collects are only used to determine how popular a particular information is, akin to The New York Times publishing a list of bestselling books. The company calls the allegations of privacy violation as "a technical attack on basic elements of computer programming." To prove that what Facebook contends isn't true, the plaintiffs submitted a report based on a technical analysis to the court. The analysis proved that Facebook stores URLs pulled from private messages on a database named Titan. Apart from storing the URLs, Titan contains records like the date and time when such messages were sent as well as user IDs of senders and recipients. Back in 2012, Facebook had introduced an algorithm which increased the number of likes for any content depending upon the number of times it appeared on private messages, a fact which the plaintiffs are using to accuse Facebook of privacy violation. The company has replied to this point by contending that the algorithm was discontinued soon after it was launched.
Even though the case will take some time to be decided, Facebook's data collection techniques have often landed it in hot water. Back in February, the French data protection regulator banned the company from data-mining non-Facebook users to deliver target advertisements. Recently, Facebook's practice of photo-tagging its users was also found to be in violation of Illinois' Biometric Information Privacy Act which mandates any company which collects people's biometric data to obtain prior consent from such persons before it can initiate data collection.