Consumer Fraud Protection
Facebook Data Breach Lawsuit
Facebook has come under scrutiny and is facing dozens of lawsuits after enabling a political data firm to potentially violate privacy laws by collecting private information from more than 87 million of the social media network’s users without their knowledge or permission. In April 2018, Facebook began notifying users if their private information was included. It is believed that more than 87 million users had their personally identifying information exposed to Cambridge Analytica in this breach.
Example Facebook notification
*Yellow highlight added for emphasis
Personal user data harvested without permission
The data, which detailed users’ identities and those of their friends, was used to profile users’ personality traits based on what they liked on Facebook in order to push targeted digital ad campaigns. Cambridge Analytica, the U.K.-based political data firm behind the potentially illegal initiative, was hired by President Trump’s 2016 election campaign for information it could provide on American voters. In addition, the company allegedly pitched its services to Mastercard, the New York Yankees and other potential clients, according to joint reports by The New York Times and London newspaper The Observer.
According to media reports, Cambridge Analytica worked alongside a Russian-American psychology professor, harvesting user information through a web application: thisisyourdigitallife. Roughly 270,000 Facebook users agreed to allow access to their data after downloading the app and completing a survey. Those users were reportedly told that their data would be used for academic purposes. The app, however, allegedly harvested information well beyond the scope of user agreements, going so far as to collect data on their personal contacts and friends without permission.
Facebook is now facing questions from lawmakers in the U.S. and U.K., among others, as well as several federal investigations by the DOJ, FBI and other agencies about its role in the data collection and its obligation in protecting user information.