Table of Contents
This week, Group 4 takes a look at a case dealing with consumer protections. This case deals specifically with allegations that Facebook neglected to protect its customers’ personal data. Though this case was filed in Washington, D.C. by the municipality itself, it closely mirrors other cases and class-action lawsuits currently still in litigation, which will be referenced as well.
The facts of this case are as follows: From 2013-2015, an individual named Aleksandr Kogan (a researcher at Cambridge University) was authorized by Facebook to harvest and retain the information of about 70 million Facebook users via a third-party app he had developed (This is Your Digital Life). This data was then sold by Kogan to a company called Cambridge Analytica. Even more concerning was the fact that users didn’t have to download the app for their information to be collected. For instance, in Washington D.C. only 852 Facebook users downloaded the Digital Life app, but over 340,000 D.C. residents’ personal data was collected (DISTRICT, 2018).
Other disturbing allegations from the suit include policies and practices that violate consumer protection laws, including but not limited to:
- forming relationships with partner companies that provided select corporations access to data which was supposedly protected by user privacy settings;
- misrepresentation of the level of protection provided for users regarding their data;
- failure to notify affected users when their information had been collected and sold;
- creating ambiguous privacy settings that are intentionally difficult to understand;
- failure to notify users that certain companies were given special permissions which allowed them to access supposedly-protected personal data (DISTRICT, 2018).
Other allegations from outside this particular case exist, including the fact that private direct messages were also given to Kogan without users’ permission (Hern, 2018).
Further complicating the issue is the company to which the data was sold, Cambridge Analytica. Cambridge Analytica was a London, England-based “political consulting firm that relied on Facebook data to target voters and influence elections in the United States” (DISTRICT, 2018). Kogan was paid over $800,000 for the data provided for 70 million American Facebook users.
Additionally, Cambridge Analytica was paid millions of dollars from multiple U.S. presidential campaigns to provide “digital advertising services during the 2016 election” (DISTRICT, 2018). Finally, if there were any doubt that Facebook was aware of the data breach and its purpose, Facebook had employees working for multiple presidential campaigns who were working alongside employees of Cambridge Analytica throughout the 2016 presidential election.
Dec 19, 2018 lawsuit filed. Facebooks attorney is requesting for a dismissal. “’This is the wrong case in the wrong place, at the wrong time, and it should be dismissed,’ the company’s lawyers said. Noting their client is already defending a broad-based federal lawsuit in California, and dealing with congressional hearings and public criticism, the lawyers derided Racine’s claims as ‘little more than a broadside against Facebook’s business model,’” (Bloomberg Law, 2019). May 31, 2019, Judge rules DC case can proceed with the court proceedings. Ongoing case within the Superior Courts.
Who is responsible here, Facebook only, Cambridge Analytica, Donald Trump and his campaign team, or all of the above? How many privacy laws were broken and what will the consumers receive through this lawsuit? There are many turn around questions and laws broken here. This is an ongoing case, so there will be multiple questions throughout this process.
Explain the Applicable Law(s)
The applicable laws applied to this case are:
- Antitrust law or The Sherman Antitrust Act of 1890 is a federal statute which prohibits activities that restrict interstate commerce and competition in the marketplace (Kubasek, Brennan, & Browne 2015. p.700).
- The Consumer Protection Procedures Act (CPPA) was enacted to “assure that a just mechanism exists to remedy all improper trade practices and deter the continuing use of such practices.” D.C. Code § 28-3901(b)(1) (FTC, 2019). The DC Court of Appeals as held that the CPPA applies broadly:
The Consumer Protection Procedures Act is a “comprehensive statute” with an extensive regulatory framework designed to “remedy all improper trade practices.” The CPPA protects consumers from those “unlawful trade practices” enumerated in § 28-3904, as well as practices prohibited by other statutes and common law.
The CPPA enumerates specific “unlawful trade practices” that are violations of the statute includes; (b) represents that the person has a sponsorship, approval, status, affiliation, certification, or connection that the person does not have; improperly collected private information from the users without making them aware .
The case was brought before the Superior Court of the District of Columbia (Civil Division). Other similar cases have been brought before other courts across the country, including class-action lawsuit brought on behalf of numerous consumers. Due to the recent allegations, and the size and scope of the allegations, all of the lawsuits are still ongoing.
The case is currently ongoing. No court decision has been made. Nevertheless, the District alleges that Facebook’s policies and practices regarding third party access and use of consumer data are in violation of their consumer protection laws. Amongst other things, the District intends to argue that
- Facebook lacked oversight and enforcement of its own policies
- Facebook was negligent in protecting consumer’s information and could have prevented the misuse of consumer data by third parties and
- Facebook mislead consumers generally about third-party and partner company applications.
Ultimately the District will have to prove that the data privacy rights of its’ constituents was violated.
Facebook could very well face serious consequences for the vast amounts of data that were mined without consumer permission. Though the cases are all still being litigated, it would seem that there is a possibility that numerous laws were broken in the process of collecting and releasing information that consumers believed to be private. Consumer protection laws exist for this very purpose – protecting consumers from the illegal activity of large corporations, etc.
In fact, some would argue that it is the size of Facebook and other tech companies that is allowing them to amass such vast amounts of data unchecked, with minimal oversight as to what is done with that data. In response to numerous complaints, including the Cambridge Analytica scandal, the Justice Department and Federal Trade Commission recently opened up investigations into a handful of tech giants, including Facebook.
Depending on the outcome, they may decide that companies as large as Facebook who own multiple companies (Instagram, etc.) represent a threat to consumers in both a consumer protection, as well as economic sense. These allegations help to build a case for antitrust violations and monopoly issues that will be investigated and ultimately litigated by the Justice Dept. & FTC.
These lawsuits will potentially change the way consumer online privacy is regulated and how large social media sites operate moving forward. Potentially, most of the decisions could find that consumers are not entitled to many protections to their data. Much like signing a waiver, the courts may decide that it was reasonable for information to be released, and the FTC may determine that no antitrust violations have occurred. If this is the case, the privacy pendulum would likely swing even further away from the consumer.
Alternatively, the courts could decide that Facebook has far overstepped its bounds and impose significant fines. In addition, the FTC found that the company violated antitrust laws, which could result in a forced break-up of the large corporation. Most would see this as a win for consumer privacy. Either way, these decisions will have far-reaching and significant ramifications for social media companies (and online data) in the years to come.
- Bloomberg Law. (2019, Feb, 11). Facebook Seeks Dismissal of District of Columbia Privacy Lawsuit. Retrieved from https://news.bloomberglaw.com/privacy-and-data-security/facebook-seeks-dismissal-of-district-of-columbia-privacy-lawsuit-1
- DISTRICT OF COLUMBIA v. FACEBOOK, INC. (THE SUPERIO
- R COURT OF THE DISTRICT OF COLUMBIA, Civil Division December 19, 2018). Retrieved from Https://oag.dc.gov/sites/default/files/2018-12/Facebook-Complaint.pdf
- Hern, A., & Cadwalla Dr., C. (2018, April 13). Revealed: Aleksandr Kogan collected Facebook users’ direct messages. Retrieved June 14, 2019, from https://www.theguardian.com/uk-news/2018/apr/13/revealed-aleksandr-kogan-collected-facebook-users-direct-messages
- Kubasek, N. K., Brennan, B. A., & Browne, M. N. (2017). The legal environment of business: A Critical thinking approach (Eighth ed.). Retrieved May 15, 2019, from
- Patricia King, on behalf of herself and all others similarly situated, Plaintiff, v. Facebook, Inc.; Cambridge Analytica LLC, Defendants. (UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF CALIFORNIA April 16, 2018).Https://www.classlawgroup.com/wp-content/uploads/facebook-cambridge-analytica-privacy-breach-lawsuit.pdf