Lane v. Facebook, Inc.

Lane v. Facebook
United States District Court for the Northern District of California
Full case name Sean Lane, et al. v. Facebook, Inc., Blockbuster Inc., Fandango Inc., Hotwire, Inc., STA Travel Inc., Overstock.com, Inc., Zappos.com, GameFly, Inc.
Date decided March 17, 2010
Judge sitting Richard G. Seeborg
Case holding
Settled under court order; Facebook shut down its Beacon Service and created a $9.5M privacy fund.
Keywords
internet privacy

Lane v. Facebook was a class-action lawsuit in the United States District Court for the Northern District of California regarding internet privacy and social media.[1] In December 2007, Facebook launched Beacon, which resulted in user's private information being posted on Facebook without consent. A simultaneous class-action lawsuit in Texas, Harris v. Blockbuster Inc., also alleged injuries based on Facebook's Beacon. Facebook ended up terminating the Beacon program, and created a $9.5 million fund for privacy and security. There was no money awarded to Facebook users that were affected negatively by the Beacon program.

Background

Plaintiff Sean Lane represented the class of Facebook users who had visited Beacon sites. In 2007, he purchased an intended surprise diamond ring from Overstock.com for his wife. Without his knowledge, this purchase was broadcast to hundreds of people in his network on Facebook, including his wife. The Beacon feature was opt-out; in order to disable the feature, one had to understand the privacy controls on Facebook as well as all of its 40+ affiliate sites.[2] There was also no option to turn off the service permanently.[3] For Facebook, the feature was intended to be a "completely new way of advertising online."[3]

The Beacon feature remained turned on by default, until December 2007, when Facebook instituted new privacy controls. The lawsuit concerns the window of time before those easier-to-understand controls were implemented.[4]

The feature was heavily criticized by security experts and privacy advocates.[5] Security researchers found that Beacon transmitted data even if the user was logged out of Facebook.[6] MoveOn.org, a civic action political group, posted a petition objecting to the new program, that gathered the signatures of over 50,000 Facebook members in 10 days.[7]

Litigants

The class that the plaintiffs represented were all Facebook users who visited Beacon affiliate sites, a class of about 3.6 million users.[8] The law firm involved was also behind the lawsuits involving digital rights management on the Amazon Kindle, Spore, and the Sony rootkit.[9]

The Beacon affiliated companies were Blockbuster Inc., Fandango.com Inc, Hotwire Inc, STA Travel Inc, Overstock.com Inc, Zappos.com Inc, and GameFly Inc.

Claims

The motion was brought individually on behalf of all Facebook users that had been affected by this service, and used it without their knowledge between November and December 2007.[10] The Plaintiffs claimed that Beacon had breached several federal and state privacy laws.

Electronic Communications Privacy Act

Plaintiffs alleged that Electronic Communications Privacy Act was violated, since the browsing information sent between a Facebook user's computer and the websites of Beacon affiliates was intercepted, and this communication was disclosed for an unlawful purpose. Furthermore, the plaintiffs alleged that this intercepted communication was used to enhance profitability through advertising. By the ECPA, plaintiffs and the Class were entitled to statutory damages of the greater of $10,000 or $100 a day for each day of violation, as well as profits and legal fees.[2]

Video Privacy Protection Act

Plaintiffs alleged that the Video Privacy Protection Act was violated by Fandango, Blockbuster, Overstock, and Gamefly, since those companies are "video tape service providers" within the meaning of the Act, and they knowingly disclosed personally identifiable information to Facebook without informed consent. They also alleged Facebook aided in this violation.[2]

California Consumer Legal Remedies Act

Plaintiffs alleged that Facebook and its Beacon affiliates violated the California Consumer Legal Remedies Act since the terms of the Beacon Affiliates did not state that personally identifiable information was being transmitted to Facebook. The CLRA applies to transactions that are intended to result in the sale of goods to customers. Plaintiffs alleged that this information in conjunction with the disclosure of their identity inflicted irreparable harm.[2]

Other

The plaintiffs alleged that Facebook and its Beacon affiliates violated the California Computer Crime Law and the Computer Fraud and Abuse Act by collecting the information.[2]

Throughout this entire process, Facebook denied any wrongdoing whatsoever on their part or on the part of any of the companies involved with them.

Settlement

Facebook established a cash settlement fund of $9.5 MM.[11] The money was used to establish and operate a privacy foundation which was devoted to funding and sponsoring programs designed to educate users. The privacy foundation has sole responsibility over the management and distribution of its funds. Facebook also had to provide the following relief:

Reaction to settlement

The decision to let Facebook have one seat on the newly established privacy funds' three-person board was controversial.[4] Several nonprofit organizations, including the Electronic Privacy Information Center and Center for Digital Democracy wrote an objection to the settlement, on the grounds that the proposed foundation would not satisfactorily represent the interests of Facebook users.[13]

See also

Google Buzz, another service where privacy issues resulted in a class action lawsuit

References

External links