On February 15, 2022, Meta agreed to pay $90 million to settle its decade-long data privacy lawsuit for its use of tracking cookies to follow Facebook users across the internet. “This settlement is a huge win for consumer privacy around the world,” Nicola Nye, Chief Of Staff at Fastmail, told Lifewire via email. “Regardless of what you might think about the motives behind the settlement, its outcome is a glorious landmark for consumer rights.”

Tracking Cookies

Bischoff explained that several other apps and websites bundle third-party elements from these internet giants in the form of advertisements, analytics, and social media widgets. These elements allow internet companies to read the cookie data in our web browsers to identify us.  In the case of Facebook, this enabled the social network to log users’ visits and other activity, even on apps and sites it didn’t operate, as long as they were using some Facebook element. “Facebook’s terms of service at the time the lawsuit was filed agreed that it would only track users who are logged into Facebook. But Facebook continued to track users via cookies even after they logged out, and in some cases, even if they didn’t have a Facebook account at all,” said Bischoff. Nye said the settlement sends a loud and clear message that the days of mechanisms such as tracking cookies are numbered. She believes people are becoming aware of how large organizations have been manipulating and monetizing them and that they’re “horrified by it.” However, Bischoff, ever the realist, believes the settlement might not directly impact average users since most of us never bother logging out of our Facebook accounts. Staying logged into the app or website for convenience means Facebook could continue tracking such users as always. David Straite, a data privacy attorney at DiCello Levitt Gutzler, who also served as co-lead counsel on the lawsuit, agreed. He told Lifewire over email that, if anything, the case demonstrates the importance of logging out of any logged-in accounts before moving on to another website and regularly flushing cookies.  “It sounds laborious, but it is the only way to protect your privacy on the internet. If you lived in a dangerous neighborhood, you would lock your door. The internet is the same way: if you don’t take proactive measures to protect your privacy, you will lose it,” said Straite.

On the positive side, Dirk Wischnewski, COO/CMO at B2B Media Group, told Lifewire via email that data privacy has moved up companies’ agendas since Meta’s actions of the settled lawsuit that dates back to 2010/2011. He said laws and legislation have since been introduced with the intention of giving users greater control over what personal data is being collected and who’s in possession of it.  Straite believes this case has helped establish that online data collectors must obtain consent before intercepting users’ internet communications, including their browsing history.   “I believe the courts and regulators are now ready to answer the ultimate question: is consent valid if obtained passively, for example, simply by showing a link to a privacy disclosure on web pages you visit. Those conversations are now possible because of the Ninth Circuit’s ruling,” said Straite. Wischnewski believes the settlement highlights the importance of building trust between digital services and its users, and as one of the industry’s biggest players, Meta should be setting a precedent for the rest in terms of creating a safe online environment. This resonates with Nye. She’s of the opinion that individuals shouldn’t have to bear the responsibility of figuring out if a company will respect their personal information or not. Nye believes Fastmail, and other privacy-first companies, have demonstrated it’s possible to operate a successful business without resorting to invasive tracking techniques.  “We look forward to the day when data privacy rights are enshrined in law as a minimum requirement to operate a business, and not as an optional extra.”