A lawsuit claiming Facebook violated federal privacy laws by scanning the content of private messages was partially certified for class action this week in a Northern California court, meaning the case is one step closer toward going to trial.

The lawsuit centers on Facebook’s practice of scanning URLs sent in private messages. While this is done to check for malware, child pornography, and other things worth removing from Facebook, the plaintiffs allege that it could also be used for gathering user-targeting data.

“The records that Facebook creates from its users’ private messages, and which are stored indefinitely, may be put to any use, for any reason, by any Facebook employee, at any time,” the plaintiffs’ attorneys said.

Facebook has argued that the data it gathers from these shared URLs is anonymous, and only looked at in aggregate. In other words, Facebook doesn’t know what link you as an individual user sent to your friend, but instead uses that small piece of information to paint a broader picture of trends. However, a technical analysis performed on behalf of the plaintiffs found that each URL is stored in a database that shows the date, time and user IDs associated with each messaged link.

No matter how the case goes, this week’s class certification will prevent the plaintiffs from winning monetary damages. Instead, this case has become about getting to the bottom of — and publicly exposing — Facebook’s data-mining practices.