Internet giants Facebook and Google both recently reached record deals in privacy-related cases, both of which now face criticism.

In July, Facebook agreed to pay $20 million to settle a class action suit alleging its “Sponsored Stories” – an ad feature that combined a Facebook member’s name and profile picture with an advertiser’s logo and a message that the user “likes” the company – violated user’s privacy and publicity rights. The proposed settlement immediately made headlines as it created a $10 million fund for a cy pres award for privacy-related groups and slated an additional $10 million for class counsel, with no cash payout for the plaintiffs. Facebook also agreed to make changes to the site, including additional notice and engineering controls.

However, U.S. District Court Judge Richard Seeborg of the Northern District of California recently denied preliminary approval of the deal. “[T]here are sufficient questions regarding the proposed settlement that it would not be appropriate simply to grant the motion and postpone resolution of those issues to final approval,” he wrote. Those questions include whether a cy pres-only settlement can be justified on the basis that the class size (estimated at 70 million users) is simply too large for direct monetary relief, as well as the propriety of the $10 million counsel fee.

Judge Seeborg also requested more information about the proposed injunctive relief and an explanation as to whether the $10 million cy pres recovery is fair, adequate, and reasonable. Cy pres payments are intended as compensation for past alleged wrongdoing and the parties failed to provide adequate support for the amount, he wrote. “Although it is not a precise science, plaintiffs must show that the cy pres payment represents a reasonable settlement of past damages claims, and that it was not merely plucked from thin air,” the court said.

Judge Seeborg denied the motion for preliminary approval without prejudice, however, leaving the parties to decide whether to negotiate for modifications to the agreement or present a renewed motion for preliminary approval with additional evidentiary and legal support to allay his concerns.

In other news, Google’s record $22.5 million settlement with the FTC over allegations that it misled consumers about the use of tracking cookies is facing its own problems.

Although the fine was the largest ever levied against a defendant for violating an existing consent order, Commissioner J. Thomas Rosch dissented from the settlement agreement because Google did not admit liability. “Condoning a denial of liability in circumstances such as these [imposing a record fine] is unprecedented,” he wrote. “It arguably cannot be concluded that the consent decree is in the public interest when it contains a denial of liability.”

In agreement with Commissioner Rosch, public interest group Consumer Watchdog filed a motion with the California federal court overseeing the case seeking leave to file an amicus brief in opposition to the order.

“The parties’ submissions here do not even acknowledge the controversy regarding the FTC’s action,” the group wrote. Noting that the standard is whether the proposed settlement is “fair, adequate, reasonable, and in the public interest,” Consumer Watchdog said it can aid the court in making the appropriate evaluation.

To read the order in Fraley v. Facebook, click here.

To read Consumer Watchdog’s motion, click here.

Why it matters: Both cases illustrate the potential pitfalls to settlement even in high-profile matters. Cy pres settlement funds have become increasingly common, particularly in suits concerning privacy violations; however, courts are taking a closer look at the terms of settlements like these where plaintiffs receive little or no financial award. And the issue of whether defendants can deny liability in settlements and consent orders continues to play out in both the courtroom and with federal agencies.