Facebook is being sued in the US over alleged breach of privacy, in a class action filed by a number of its members.
The lawsuit claims the social network tracked its members internet use, after they had logged out of their Facebook accounts, in what could be a breach of the federal Wiretap Act.
The action consolidates 21 related cases filed in more than a dozen states in 2011 and early 2012.
The federal law provides statutory damages per user of US$100 (£63) per day of violation, up to a maximum of $10,000 (£6,300) per claimant.
Lawyers representing some of the plaintiffs say that even if Facebook's alleged actions only constitute a single violation of the Act, the cumulative claims of US Facebook users could top $15bn (£9.5bn).
Friday's much-anticipated stock flotation is expected to earn the company around $16bn (£10bn), valuing the social network at more than $100bn (£630bn).
David Straite, partner at Stewarts Law LLP, which is acting for some of the claimants, told Sky News: "This is a consolidated class action, filed in California.
"The 21 cases that were filed previously were filed mostly at the end of 2011, some in early 2012 - all alleging roughly the same thing: that Facebook was caught tracking the internet use of its users, even after they had logged out of the service."
Mr Straite said the case was about defending digital privacy rights, not attempting to cash in on Facebook's success.
He explained: "They want to know exactly what happened, how it happened, and why it happened, then they want to make sure that it does not happen again."
"We live in an age where digital privacy rights are being eroded on a weekly basis, this is a very important issue for all four of the lead plaintiffs who are leading this action - to the extent that money damages are available, of course that's important - but primarily this is a fight for digital privacy rights."
Facebook declined to comment on the lawsuit, but pointed to a 2011 privacy audit by the Irish Data Protection Commissioner , their European regulator, which examined the issue.
The commissioner's report stated: "We were satisfied that no access was made to any information that could be considered to be personal data in the logged information for advertising or profiling purposes."
Facebook Ireland said in response at the time that it had not designed its systems to track user or non-user browsing activity and that users had provided consent for the processing of data.
It said: "When you go to a website with a 'Like' button, we need to know who you are in order to show you what your Facebook friends have liked on that site. The data we receive includes your user ID, the website you're visiting, the date and time, and other browser-related information.
"If you don't have a Facebook account and visit a website with the Like button or another social plugin, your browser sends us a more limited set of information. For example, because you're not a Facebook user, we don't receive a user ID.
"We do receive the web page you're visiting, the date and time, and other browser-related information. We record this information for a limited amount of time to help us improve our products."