Can You Sue Facebook for User Data Breach?
No one really reads the terms of service before clicking "accept." Even if those terms allow an app "to edit, copy, disseminate, publish, transfer, append or merge with other databases, sell, license (by whatever means and on whatever terms) and archive your contribution and data."
That's what Aleksandr Kogan's quiz app for Facebook told users before transferring all their data to Cambridge Analytica. Now there's a class action lawsuit against Facebook and Cambridge Analytica over the release of user data.
Could the acceptance of those terms of service come back to haunt the plaintiffs?
Tracking Personal Data
The Los Angeles Times breaks down the personal data transfer at issue:
Cambridge Analytica, a data-mining company, has admitted to obtaining Facebook information through Global Science Research, a company run by researcher Aleksandr Kogan. GSR obtained the personal information on Facebook users and their Facebook friends through a personality test app in 2013, under the guise of academic research. The information was then provided to Cambridge Analytica.
The lawsuit, filed by three Californians on behalf of potentially 87 million Facebook users, claims the social media platform's assurances that users "own all of the content and information" they post on the site and "can control how it is shared" by using the platform's privacy settings" are "false and misleading."
The suit also alleges the data obtained by Cambridge Analytica was used to create profiles and target audiences for political ads in the 2016 presidential election.
Terms and Consent
Cambridge denies that it obtained any user information illegally, and asserts it "did not use any GSR data in the work we did in the 2016 US presidential election."
"Our contract with GSR stated that all data must be obtained legally, and this contract is now a matter of public record," the company claimed in a public statement, "We took legal action against GSR when we found out they had breached this contract."
In testimony before Congress, Mark Zuckerberg claimed to have never seen GSR's terms of service, adding, "It certainly appears that we should have been aware that this app developer submitted a term that was in conflict with the rules of the platform." Facebook says it deleted the app in December 2015 after they found out about the data harvesting.
Despite GSR's terms potentially conflicting with Facebook's rules, Facebook users (of whom Cambridge Analytica claims there aren't more than 30 million) appear to have consented to those terms voluntarily. What role the "no one reads those" defense will play in the class action lawsuit remains to be seen.
Can I Sue For a Data Protection or Cybersecurity Breach?
In some cases, you may be able to sue for a breach of your customer information, such as credit card information, phone numbers, addresses, social security numbers, credit reports, or other private information. Often these data breach lawsuits don't become valid until the customer suffers harm from the data breach. Typically "harm" means a criminal case or civil injuries, such as losing money from the breach.
- Find Class Actions Lawyers Near You (FindLaw's Lawyer Directory)
- Facebook Users Sue Over Personal Data Breach in Cambridge Analytica Case (The Los Angeles Times)
- Who Legally Owns Your Facebook Posts? (FindLaw's Law and Daily Life)
- Don't Have Time to Read the Terms of Service? Here's a Tip (FindLaw's Technologist)