The Office of the Attorney General for the District of Columbia, Karl A. Racine, filed a lawsuit against Facebook on Wednesday, seeking damages for the company’s Cambridge Analytica scandal which jeopardized tens of millions of Americans. The litigation is specifically focused on over 340,000 consumers from the district whose data was harvested by the now-defunct political consulting firm for the purposes of pushing a political agenda without consent from the vast majority of them.
While not all of Facebook’s actions on the privacy front in the run-up to the Cambridge Analytica debacle directly enabled the thereof, the social media giant should also be held accountable for its omissions, particularly its lax oversight of third-party developers utilizing its platform, one of whom ended up selling sensitive user data to Cambridge Analytica in a secretive manner, AG Racine’s office argues. While the District’s top attorney is now set to start what appears to be a lengthy legal battle with one of the world’s richest companies, the investigation that led to the litigation is still ongoing and the lawsuit may end up being expanded in the future, government officials said. Facebook itself only issued a brief comment on the development to media outlets, saying it’s currently in the process of reviewing the complaint and has yet to make a firm decision on how to proceed.
Facebook “failed” and “deceived” users
AG Racine minced no words in his remarks on the lawsuit’s filing, saying Facebook both “failed” and “deceived” its users by not protecting their data, providing them with highly misleading information on who was able to access it, and ultimately doing little to work in the interest of preserving their privacy. While the AG’s office is describing the Cambridge Analytica episode as the epitome of Facebook’s failures on the privacy front, the litigation it initiated earlier today will also span other similar incidents of data leaks, breaches, and other such gaffes which compromised the privacy of Americans using the world’s largest social media platform. AG Racine specifically mentioned violations of the District of Columbia’s Consumer Protection Procedures Act (CPPA), accusing the Menlo Park, California-based firm of engaging in deceptive and unfair trade practices.
The lengthy lawsuit covers dozens of points but focuses on a handful of crucial transgressions that could result in massive fines. Among other things, the AG’s office claims the Cambridge Analytica debacle and other privacy scandals prove Facebook repeatedly failed to properly monitor third-party developers, purposefully made it difficult for users to control the type of data they’re sharing with those other parties with the goal of making that information more valuable to its partners, engaged in a systematic cover-up of the aforementioned episode for over two years and only admitted it following a large-scale media exposé, and ultimately failed to inform users that some of its partners are even capable of overriding the privacy policies they’ve set, ultimately rendering them meaningless.
The District’s AG office is presently seeking an injunction that would force Facebook to implement safeguards and protocols meant to monitor user data access and other relevant information in a consumer-friendly manner. The litigation is also pushing for additional fines, restitution, and process costs, though the total amount of the thereof could still vary by a significant margin, depending on how many of the plaintiff’s claims end up being proven in the court of law and whether the case even ends with a verdict or simply a settlement.
Data abuse as a service
Facebook won’t be looking back at 2018 with fond memories as its public image took several massive hits over the course of this year. While the Cambridge Analytica debacle was certainly its largest scandal over the course of the last twelve months, numerous similar cases emerged ever since, many of which were discovered only after the company was forced to start reviewing its partners and the manner in which they approach user privacy in a more conscious manner. Outside of third-party failures and abuses, Facebook itself had issues with protecting the digital lives of their users and found itself on the receiving end on numerous online campaigns pushing for people to delete their Facebook profiles. While their impact was limited, numerous industry trackers now agree the social media service largely peaked in its home country, by far its most lucrative market.
Facebook’s privacy scandals aren’t showing any end in sight either; just last week, the company disclosed it accidentally exposed photos of millions of people over a two-week period earlier this year. And while the company’s gaffes may be inevitable, they’re also about to become much costlier as the European Union now appears keen on using the Internet juggernaut to set an example with its General Data Protection Regulation that went into effect in late May and allows for penalization of such failures with up to five percent of a given transgressor’s revenue, which would amount to billions of dollars in Facebook’s case. Capitol Hill has also been signaling it’s looking at drafting a similar legislative framework in the near future, which is likely to be one of the rare few bipartisan efforts U.S. Congress ends up passing in the next two years.
Legislators now (finally) keen on catching up
While Mark Zuckerberg and his trusted executives built a massive digital empire on the back of a “free” business model supported by advertising, legislators around the world are now taking issues with the manner in which they approached user privacy. The debate is still relatively young and misunderstandings over the difference between data privacy and security are still plentiful but the regulatory scrutiny Facebook attracted over the course of this year doesn’t appear to be going away anytime soon, even as lawmakers around the world took years until deciding to catch up with a wide variety of predatory practices in the digital advertising industry. At a hearing with Mr. Zuckerberg held in the immediate aftermath of the Cambridge Analytica scandal, several members of the European Parliament even publicly pondered the idea of breaking up Facebook, questioning whether the company’s dominance in the social media segment constitutes a monopoly, though such issues still aren’t believed to be on Brussel’s immediate agenda.