Facebook is being sued by two users for intercepting the “content of the users’ communications,” including private messages, with the intent to “mine user data and profit from those data by sharing them with third parties—namely, advertisers, marketers, and other data aggregators.” The plaintiffs argue in a December 30 class action complaint that Facebook’s use of the word “private” in relation to its messaging system is misleading given the way the company treats the info contained within those messages.

Many of the allegations in this case are based on research done in 2012 by the Wall Street Journal for a series of articles about digital privacy. Facebook is far from the first company to use private messages to mint money. Gmail continues to be dinged for creating text ads based off of the content of e-mails ten years after the ads were first introduced. (And Gmail has been sued for that, too.)

Facebook goes to lengths to clearly distinguish its messaging feature as “private,” even calling it “unprecedented” in terms of the privacy controls, the filing alleges. “Facebook never intended to provide this level of confidentiality. Instead, Facebook mines any and all transmissions... in order to gather any and all morsels of information it can about its users.”

Facebook’s privacy policies have been going through data aggregation creep for the last few years. The site was discovered to be handing over user data to advertisers in 2010, including names and user IDs.

The company overhauled its privacy policy 18 months ago to describe the liberties it takes with the information it collects—most user interactions are logged, aggregated, and shared (with anonymizing) to third parties, including data brokers and advertisers. Facebook also pointed out that it would share anything users ever made publicly available with apps, games, or partner websites, and deleting that information from Facebook would not remove it from those partner databases.

The plaintiffs describe how Facebook effectively “clicks” on links within Facebook messages, an activity that it doesn’t explicitly disclose to users. The lawsuit claims Facebook crawls the linked page to see if it contains one of Facebook’s “Like” buttons. If so, Facebook registers that private-message link as a “Like” on the relevant site’s Facebook page—a strange example of turning a private communication public. The lawsuit also claims that Facebook “uses a combination of software and human screening to comb through private messages” to mine for user data for broader uses, including selling to third parties.

The plaintiffs do cite the section of Facebook’s data use policy where the company explains what information it “receives” about a user as they interact with the site, including sending and receiving messages, searching, or clicking on things. But they argue that Facebook’s data use policy doesn’t make clear that Facebook “scans, mines, and manipulates the content of its users’ private messages... in direct conflict with the assurances it provides to its users regarding the privacy and control they should expect.” Likewise, the data use policy does not make clear that “Facebook will register the fact that a URL is communicated privately... as a ‘Like’ for a particular web page,” reads the filing.

For Facebook’s alleged transgressions, the plaintiffs are seeking more than $100 for each day of violation or $10,000 per class member of the lawsuit, as well as statutory damages of either $5,000 per class member or three times the amount of actual damages, whichever is greater.

The lawsuit is based on an older anti-wiretapping law, the Electronic Communications Privacy Act of 1986, as well as California state laws. Civil lawsuits over privacy issues have proliferated in recent years. Many of those lawsuits have settled, but it's not clear whether pre-Internet privacy laws would be successful at trial in barring the data gathering of modern companies.