Meta’s Settlement Could Be the Beginning of the End of Tracking Cookies

Always remember to log out, warn experts

Key Takeaways

  • Meta has paid $90 million to settle a decade-long privacy lawsuit.
  • The lawsuit questioned the use of tracking cookies by Meta’s Facebook social network.
  • Privacy experts believe the settlement could force online services to adopt a privacy-first approach.
3 Cookies on a computer keyboard. Concept of internet browser cookies

Jarretera / Getty Images

Tracking cookies are the epitome of predatory data capitalism, say privacy experts who believe Meta's latest record-setting settlement shows the regulators are finally waking up to the harm they cause to end-users. 

On February 15, 2022, Meta agreed to pay $90 million to settle its decade-long data privacy lawsuit for its use of tracking cookies to follow Facebook users across the internet.

"This settlement is a huge win for consumer privacy around the world," Nicola Nye, Chief Of Staff at Fastmail, told Lifewire via email. "Regardless of what you might think about the motives behind the settlement, its outcome is a glorious landmark for consumer rights."

Tracking Cookies

"Facebook, Google, Amazon, and other internet giants that make money through online advertising do so by placing a cookie on your device whenever you use their apps or websites," Paul Bischoff, privacy advocate and editor of infosec research at Comparitech, told Lifewire in an email. 

Bischoff explained that several other apps and websites bundle third-party elements from these internet giants in the form of advertisements, analytics, and social media widgets. These elements allow internet companies to read the cookie data in our web browsers to identify us. 

In the case of Facebook, this enabled the social network to log users' visits and other activity, even on apps and sites it didn't operate, as long as they were using some Facebook element.

"Facebook's terms of service at the time the lawsuit was filed agreed that it would only track users who are logged into Facebook. But Facebook continued to track users via cookies even after they logged out, and in some cases, even if they didn't have a Facebook account at all," said Bischoff.

Nye said the settlement sends a loud and clear message that the days of mechanisms such as tracking cookies are numbered. She believes people are becoming aware of how large organizations have been manipulating and monetizing them and that they're "horrified by it."

However, Bischoff, ever the realist, believes the settlement might not directly impact average users since most of us never bother logging out of our Facebook accounts. Staying logged into the app or website for convenience means Facebook could continue tracking such users as always.

"We look forward to the day when data privacy rights are enshrined in law as a minimum requirement... "

David Straite, a data privacy attorney at DiCello Levitt Gutzler, who also served as co-lead counsel on the lawsuit, agreed. He told Lifewire over email that, if anything, the case demonstrates the importance of logging out of any logged-in accounts before moving on to another website and regularly flushing cookies. 

"It sounds laborious, but it is the only way to protect your privacy on the internet. If you lived in a dangerous neighborhood, you would lock your door. The internet is the same way: if you don't take proactive measures to protect your privacy, you will lose it," said Straite.

Valid Consent

On the positive side, Dirk Wischnewski, COO/CMO at B2B Media Group, told Lifewire via email that data privacy has moved up companies' agendas since Meta's actions of the settled lawsuit that dates back to 2010/2011. He said laws and legislation have since been introduced with the intention of giving users greater control over what personal data is being collected and who's in possession of it. 

Straite believes this case has helped establish that online data collectors must obtain consent before intercepting users' internet communications, including their browsing history.  

"I believe the courts and regulators are now ready to answer the ultimate question: is consent valid if obtained passively, for example, simply by showing a link to a privacy disclosure on web pages you visit. Those conversations are now possible because of the Ninth Circuit's ruling," said Straite.

cookies website privacy policy data people looking together

bakhtiar_zein / Getty Images

Wischnewski believes the settlement highlights the importance of building trust between digital services and its users, and as one of the industry's biggest players, Meta should be setting a precedent for the rest in terms of creating a safe online environment.

This resonates with Nye. She's of the opinion that individuals shouldn't have to bear the responsibility of figuring out if a company will respect their personal information or not. Nye believes Fastmail, and other privacy-first companies, have demonstrated it's possible to operate a successful business without resorting to invasive tracking techniques. 

"We look forward to the day when data privacy rights are enshrined in law as a minimum requirement to operate a business, and not as an optional extra."

Was this page helpful?