Some items on our site have recently moved. Visit our News Hub for selected articles, special reports, podcasts and other resources.
Facebook claim that users have no expectation of privacy rejected by federal judge
09 September 2019 00:00 by Amy Miller
A federal judge has rejected Facebook’s argument that users suing over the Cambridge Analytica scandal had no expectation of privacy after they shared information with their friends on social media.
US District Judge Vince Chhabria allowed most of the privacy claims in the lawsuit against Facebook to move forward in an order today largely denying the social network’s motion to dismiss the case.
“Facebook’s argument could not be more wrong,” Chhabria said. “When you share sensitive information with a limited audience (especially when you’ve made clear that you intend your audience to be limited), you retain privacy rights and can sue someone for violating them.”
Facebook also argued that even if its users had an expectation of privacy for the information they shared with friends on the platform, they don't have standing to sue in federal court because they weren't tangibly harmed.
“That too is wrong,” Chhabria said. Federal law "has long recognized that a privacy invasion is itself the kind of injury that can be redressed in federal court, even if the invasion does not lead to some secondary economic injury like identity theft.”
Facebook is facing multidistrict litigation alleging that it violated state and federal consumer protection and privacy laws by allowing third parties to access user data without consent or disclosure. About two dozen lawsuits filed across the country were consolidated before Chhabria in 2018 after news broke that data-analytics firm Cambridge Analytica had used data from 87 million Facebook users to influence voters in the 2016 presidential election.
While the initial lawsuits focused on the Cambridge Analytica scandal, the case now includes allegations stemming from later revelations about Facebook’s information-sharing practices.
Facebook argued that the case should be dismissed because users agreed when they signed up for the social network that Facebook could disseminate their “friends only” information.
Chhabria, however, disagreed, and said Facebook users’ allegations that their sensitive information was disseminated to third parties in violation of their privacy is enough to establish standing to sue in federal court.
The plaintiffs adequately claim that Facebook users who set up their accounts before 2009 never consented to the practice of allowing third parties to access their information, Chhabria said. They also adequately alleged that users never consented to Facebook’s practice of allowing some apps and business partners to sell and “otherwise misuse” their sensitive information, “as opposed to restricting the use of this information as Facebook promised it would,” he said.
Facebook had also argued that once someone makes information available to their friends on social media, they give up any privacy interest in that information. Therefore, Facebook said, it does not matter whether users consented to the company’s information-sharing practices.
Even if users didn’t consent and wanted to restrict access to their friends only, and even if Facebook promised not to share their information with anyone else, users can’t complain that their privacy was invaded, Facebook said.
Chhabria also rejected that argument.
Chhabria let claims accusing Facebook of negligence and of violating the Video Protection Privacy Act all move forward.
But he did dismiss some of the plaintiffs’ breach of contract and privacy claims under California law, and partly dismissed claims under the Stored Communications Act, which prohibits the unauthorized disclosure of information from computers.
26 May 2023 14:59 by Sam ClarkWhen the EU’s General Data Protection Regulation came into force five years ago, some said it would usher in a new era of EU supremacy over Silicon Valley's tech giants, reining in their rampant data-driven power.
24 May 2023 15:39 by Mike SwiftSince the General Data Protection Regulation took effect five years ago this week, more than 40 countries have enacted national privacy laws, most of which drew liberally from the canonical text of the EU law.
23 May 2023 23:47 by Mike SwiftThe count of countries with data protection laws more than doubled to 162 over the past dozen years, a total that includes a wide majority of the world’s nations, with new research suggesting data protection rules are approaching ubiquity.