Skip to main content

Two Facebook users have sued Meta, the parent company of Facebook and Instagram, in the United States for tracking their Internet browsing habits. The built-in browser in the Facebook app sends privacy-sensitive data to Facebook without consent, according to the suit. In doing so, the Facebook app would bypass the tracking security of iPhones.

Apple added tracking security to its operating system for iPhones and iPads last year. That should prevent tech companies such as Meta and Google from tracking people’s browsing habits. According to the suit, Meta circumvents this security with the built-in browser in the Facebook app.

Facebook users sue Meta for bypassing tracking security | Use CookieFirst Consent Management

The two charges are based on a report by data privacy researcher Felix Krause. According to him, the Facebook and Instagram apps add JavaScript (programming code) to websites that users visit via the built-in browser. This would allow Meta to track “everything you do on a website,” including typing passwords.

A spokesman for Meta in the Netherlands was unable to comment on the lawsuits. About built-in browsers, the spokesman said they are common “across the industry.”

“We use built-in browsers in the app to let users surf the Internet safely, easily and reliably,” the spokesperson said. “Correcting or completing Web addresses prevents people from being redirected to malicious sites.”

“Adding this type of feature requires additional programming code. We carefully designed the code to respect users’ privacy choices,” the spokesperson said. Meta denies that the company illegally collects data from users.


Get consent before loading third party tracking scripts

CookieFirst aims to make ePrivacy and GDPR compliance easy and quick to implement. The CookieFirst platform offers third-party script and consent management, statistics, periodic cookie scans, automated cookie declaration, banner customization, multiple language options, and more. Avoid large fines and get consent before loading third-party tracking scripts — try CookieFirst!