Judge Rita F. Lin, in the Northern District of California addresses a putative class action against Meta Platforms, Inc. Plaintiffs alleged that Meta’s software development kits (SDKs), embedded in third-party mobile applications, collected and monetized users’ geolocation data without proper consent. The SDKs, including the Facebook Audience Network SDK, were said to enable targeted advertising by transmitting precise location data, device identifiers, and timestamps to Meta’s servers. Plaintiffs claimed they were unaware their data was being shared with Meta and would have avoided using the apps had they known.
Standing and Scope of Data Collection
The court found that plaintiffs had standing to sue, noting the alleged data collection was more invasive than in prior cases, as it involved the creation of comprehensive user profiles and the monetization of sensitive geolocation data. The court recognized that plaintiffs plausibly alleged an entitlement to a share of Meta’s profits derived from their data.
Key Claims Dismissed for Insufficient Allegations
Despite recognizing standing, the court dismissed all four claims—violation of the California Computer Data Access and Fraud Act (CDAFA), violation of the Pen Register Act, invasion of privacy, and unjust enrichment—with leave to amend.
- CDAFA Claim: The court held that while Meta’s SDKs plausibly “accessed” and “used” user data, plaintiffs failed to allege that Meta knew it was acting without user permission. The statutory requirement of “knowingly and without permission” was not met, as privacy policies from the app developers disclosed data sharing with third parties, including Meta. The court noted that amendment could cure this deficiency if plaintiffs can allege facts showing Meta’s awareness of the lack of user consent.
- Pen Register Act Claim: Plaintiffs did not adequately allege that the information collected constituted “dialing, routing, addressing, or signaling” information as required by statute. The complaint focused on geolocation and device data, which did not meet the statutory definition.
- Invasion of Privacy Claim: The court found that Meta’s alleged conduct amounted to “routine commercial behavior” rather than a “highly offensive” intrusion. Plaintiffs did not sufficiently allege that Meta engaged in secret or deceptive data collection, nor that Meta knew it was collecting data without consent.
- Unjust Enrichment Claim: Because the underlying claims for unlawful conduct were dismissed, the unjust enrichment claim also failed.
LISA TSERING, et al., v. META PLATFORMS, INC., No. 25-CV-01611-RFL, 2026 WL 89320 (N.D. Cal. Jan. 12, 2026).
