Two Facebook users are suing parent-company Meta, claiming the company is tracking and collecting their data across the web without consent. The proposed class-action lawsuit says the social media company is evading Apple’s 2021 privacy policy and violating state and federal laws.

Apple first introduced App Tracking Transparency (ATT) in 2021 with a pop-up that asks users if they consent to the app developer tracking their internet activity outside of the app. Most users are selecting, “Ask App Not To Track,” and that loss of tracking data means digital-ad-dependent companies like Meta can not as effectively execute cross-platform marketing. Meta reported the Apple update delivered a $10 billion blow to its revenue in the first year.

The latest lawsuit, filed in San Francisco federal court, is claiming that Meta is now getting around Apple’s rules on Facebook and Instagram by opening web links users click on in an in-app browser instead of the phone’s default browser, Safari. A similar complaint was filed in the same court last week, Bloomberg said.

The two lawsuits are based on a report from an ex-Google security researcher, Felix Krause, who said Meta is injecting JavaScript code that has the ability to monitor links people click on and text they type, even passwords and credit card information. Meta previously responded to that report denying it illegally collected or shared user data.

“There is no code in our In App Browser that shares text selection information from websites without the user taking action to share it themselves via a feature (like quote share),” Meta said in a statement, according to Krause.

Krause also noted in his report that Meta is following ATT rules and he is simply explaining how the app actively puts code on third-party websites using the in-app browser. He noted his report does not discuss legal implications.

Meta has not yet publicly responded to the lawsuits.