After weeks of news headlines and cable-news talking heads scolding Facebook following the Cambridge Analytica breach news, it was bound to happen, and it did April 9: The social network was served with a class-action lawsuit for ostensibly not providing adequate security for its users’ personal information.
The Hagens Berman law firm filed the class-action lawsuit against the social media giant in San Jose, Calif., accusing it of “unjust enrichment and violation of privacy and consumer-protection laws when it permitted app developers and other third parties to exploit its lax to non-existent enforcement practices.”
The lawsuit filed in the U.S. District for the Northern District of California seeks to represent a class of the estimated 70 million U.S. Facebook users whose data was harvested in 2014 through a voluntary user quiz form and made available to third-party companies who purchased the Facebook user data to influence voting in U.S. elections.
Think Your Data Was Compromised? Join the Class-Action Lawsuit
If you had a Facebook account in 2014 and you or one of your Facebook friends used a personality quiz Facebook app “thisismydigitallife,” you may be affected. Find out more about the lawsuit here.
“Facebook has repeatedly failed to uphold its own privacy agreements and policies, and it’s brazenly neglected the data security of the billions of those who use its social media service,” Steve Berman, managing partner of Hagens Berman, said in a media advisory. “Instead of choosing to be vigilant, making appropriate investments in data security and stopping this massive harvesting of users’ information by third parties, Facebook stood by as the private information of millions was funneled into the hands of bad actors.”
Facebook apparently found out the misuse of this data in 2015 and asked Cambridge Analytica to erase any data it had gathered improperly, but according to an investigation by the New York Times, this never happened.
CEO Mark Zuckerberg and his company’s management had an obligation to verify those user profiles were really deleted when Facebook demanded it.
But that didn't happen. Instead, when Facebook asked Cambridge Analytica in 2015 to erase that information, the company agreed but didn’t actually delete anything. The leaders of Cambridge Analytica lied, and Facebook didn’t check.
"People shared their information via a developer’s app and gave their consent, and that sharing respected their privacy settings on Facebook," Facebook Corporate Communications officer Genevieve Grdina told eWEEK. "Where things went wrong is when the developer (Cambridge University researcher Aleksandr Kogan) violated our policies; he improperly obtained and shared that information with Cambridge Analytica and others. He misled people about how he intended to use their information. We obviously take this very seriously, and have already taken steps in the past few weeks to respond to this issue."
Zuckerberg Apologizes, Pledges to Fix Problem
You can read the statement Zuckerberg was to read before a joint session of the Senate Judiciary and Commerce committees on April 10 here in its entirety via Scribd.
“I've been working to understand exactly what happened and how to make sure this doesn't happen again,” Zuckerberg said in a statement released on Facebook. “The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it.”
The app developer, Kogan, designed and used a Facebook personality quiz app called "This is my digital life" (also referred to as "thisismydigitallife") which prompted users to give access to their own information and that of their Facebook friends.
When users did as they were asked--in fact, voluntarily--Facebook data that their friends had allowed them to see was gathered by Kogan’s English company, GSR, for sale to another English company, GSL Elections. The data eventually was transferred to Cambridge Analytica, which then sold it to other customers.
Since the initial data harvest involving Cambridge Analytica, Facebook “made only the weakest attempts to prevent further access to this data,” the complaint states. Facebook asked these third parties to certify they had destroyed the data; however, as expected, this had little to no impact, according to attorneys.
Lawsuit Claims Facebook ‘Skimped’ on Security
Also, according to the complaint, Facebook has been unjustly enriched at the expense of its users. When users allowed Facebook access to their personal information in order to use the social network, they did so on the condition that it would be protected and shared only under the terms of the agreements and policies that protected it, the law firm said.
When Facebook "skimped" on data protection to save money, thereby enhancing its profits, its users paid the price, the lawsuit contends. Also, Facebook was unjustly enriched when it used this data to make money from its advertising business, even as it was failing to protect it, the suit said. According to Hagens Berman attorneys, Facebook should have to disgorge these unjust profits to affected users.
“Facebook has made immense profits off of the data of our plaintiffs and the rest of the estimated 70 million U.S. Facebook users whose data was freely given to third parties without their knowledge or consent,” Berman said. “We believe they deserve payback. Facebook should not have been allowed to profit from this data, and it violated its own terms for profit.”
“Had a brave whistleblower not come forward with this information, tens of millions of Facebook users would have never known the truth,” Berman said.
The lawsuit seeks compensation for those affected by the covert data usage. Also, it seeks appropriate injunctive relief to ensure that its users are not injured by similar events again.
Hagens Berman said it has represented millions of consumers in class-action cases, recovering more than $200 billion in settlements.
“We are committed to vigorously enforcing our policies to protect people’s information. We will take whatever steps are required to see that this happens," Paul Grewal, Facebook Vice-President and Deputy General Counsel, told eWEEK in a media advisory.
Editor’s note: The Hagens Berman website will ask to know your location, which is considered PII (personally identifiable information).