Facebook claim that users have no expectation of privacy rejected by federal judge
09 Sep 2019 12:00 am by Amy Miller
A federal judge has rejected Facebook’s argument that users suing over the Cambridge Analytica scandal had no expectation of privacy after they shared information with their friends on social media.
US District Judge Vince Chhabria allowed most of the privacy claims in the lawsuit against Facebook to move forward in an order today largely denying the social network’s motion to dismiss the case.
“Facebook’s argument could not be more wrong,” Chhabria said. “When you share sensitive information with a limited audience (especially when you’ve made clear that you intend your audience to be limited), you retain privacy rights and can sue someone for violating them.”
Facebook also argued that even if its users had an expectation of privacy for the information they shared with friends on the platform, they don't have standing to sue in federal court because they weren't tangibly harmed.
“That too is wrong,” Chhabria said. Federal law "has long recognized that a privacy invasion is itself the kind of injury that can be redressed in federal court, even if the invasion does not lead to some secondary economic injury like identity theft.”
Facebook is facing multidistrict litigation alleging that it violated state and federal consumer protection and privacy laws by allowing third parties to access user data without consent or disclosure. About two dozen lawsuits filed across the country were consolidated before Chhabria in 2018 after news broke that data-analytics firm Cambridge Analytica had used data from 87 million Facebook users to influence voters in the 2016 presidential election.
While the initial lawsuits focused on the Cambridge Analytica scandal, the case now includes allegations stemming from later revelations about Facebook’s information-sharing practices.
Facebook argued that the case should be dismissed because users agreed when they signed up for the social network that Facebook could disseminate their “friends only” information.
Chhabria, however, disagreed, and said Facebook users’ allegations that their sensitive information was disseminated to third parties in violation of their privacy is enough to establish standing to sue in federal court.
The plaintiffs adequately claim that Facebook users who set up their accounts before 2009 never consented to the practice of allowing third parties to access their information, Chhabria said. They also adequately alleged that users never consented to Facebook’s practice of allowing some apps and business partners to sell and “otherwise misuse” their sensitive information, “as opposed to restricting the use of this information as Facebook promised it would,” he said.
Facebook had also argued that once someone makes information available to their friends on social media, they give up any privacy interest in that information. Therefore, Facebook said, it does not matter whether users consented to the company’s information-sharing practices.
Even if users didn’t consent and wanted to restrict access to their friends only, and even if Facebook promised not to share their information with anyone else, users can’t complain that their privacy was invaded, Facebook said.
Chhabria also rejected that argument.
Chhabria let claims accusing Facebook of negligence and of violating the Video Protection Privacy Act all move forward.
But he did dismiss some of the plaintiffs’ breach of contract and privacy claims under California law, and partly dismissed claims under the Stored Communications Act, which prohibits the unauthorized disclosure of information from computers.
TikTok may be able to escape its current dispute with the US, but the video-sharing app will still be facing regulatory headwinds around the globe.
03 Aug 2020 9:29 pm by Ana Paula CandilCompanies are pressuring Brazilian lawmakers to delay implementation of the nation's data-protection law from Aug. 16 until next May.
Biggest cyberattack ever caused $15 billion loss to customers of companies directly hit, though banks softened impact, study says31 Jul 2020 12:00 pm by Neil RolandThe most damaging cyberattack ever in 2017, caused a $15 billion loss to customers of companies directly hit, a federal study said.