A California federal judge has dismissed a proposed class action accusing Meta Platforms Inc. of unlawfully collecting location data from users of third-party mobile apps, ruling that the plaintiffs failed to plausibly show the company knew it lacked user permission.
In an order issued Monday, U.S. District Judge Rita F. Lin granted Meta’s motion to dismiss claims brought by Lisa Tsering and Dominique Davis, who alleged that Meta violated California computer-access and privacy laws by receiving geolocation data through tracking software embedded in third-party apps.
The plaintiffs argued that after downloading apps including Solitaire and Nextdoor, they never consented to Meta accessing their location data. They claimed neither Meta nor the app developers adequately disclosed that Meta’s software development kits, or SDKs, would collect and monetize that information for targeted advertising.
Judge Lin found that the alleged scope and sensitivity of the data collection were sufficient to establish standing. However, she concluded that the complaint failed to meet a key legal requirement under the California Computer Data Access and Fraud Act, which prohibits companies from knowingly and without permission accessing data.
“The statute requires awareness not only of accessing data, but of doing so without permission,” Judge Lin wrote, finding that the plaintiffs did not plausibly allege Meta knew the app developers lacked valid user consent.
While the court rejected Meta’s argument that responsibility rested solely with the app developers who installed the SDKs, it held that the complaint did not show Meta had actual knowledge that users had not authorized the data sharing. Allegations that some developers were unaware of the full scope of Meta’s data practices were not enough, the judge said.
Judge Lin noted that the privacy policies for both Solitaire and Nextdoor disclosed that geolocation data could be shared with third-party advertising partners. Although those disclosures did not resolve whether the plaintiffs personally consented, the court said they undermined the claim that Meta must have known consent was impossible to obtain.
The court also dismissed claims under the California Invasion of Privacy Act, rejecting the plaintiffs’ argument that Meta’s SDK functioned as an illegal “pen register.” Judge Lin ruled that the complaint failed to show the collected data qualified as dialing, routing, or signaling information rather than the content of communications.
An invasion-of-privacy claim was likewise dismissed, with the court finding that routine commercial data sharing, without more, does not amount to a highly offensive intrusion. The judge emphasized that the plaintiffs again failed to plausibly allege Meta knowingly acted without consent.
Judge Lin dismissed the claims with leave to amend, giving the plaintiffs until Feb. 9 to file a third amended complaint addressing the identified deficiencies. If no amendment is filed, the case will be closed with prejudice.
Counsel for the parties did not respond to requests for comment.
The plaintiffs are represented by Philip L. Fraietta, Andrew Obergfell, and Julian C. Diamond of Bursor and Fisher PA. Meta is represented by Melanie M. Blunschi, Kristin Sheffield-Whitehead, Dianne Kim, and Margaret A. Upshaw of Latham and Watkins LLP.
The case is Tsering v. Meta Platforms Inc., No. 3:25-cv-01611, U.S. District Court for the Northern District of California.
