Facebook is once again facing a class action lawsuit in California for contravening users’ privacy, this time for using links sent across users’ private messages for commercial reasons. It’s alleged that Facebook tracks and stores information sent across private messages, going against the very idea of ‘private’ and therefore the privacy expectations amongst its users. It’s said they use the information for profit, by selling the information to advertisers who use the data to target customers.
The lawsuit is being brought against the social network giant by two claimants, Michael Hurley and Matthew Campbell, and is based on information uncovered last year by Swedish security firm High-Tech Bridge. Their research revealed that Facebook was using web crawlers to mine information (ie. web links) sent between users on private messages. Between this and the ‘likes’ that a user builds up the claimants suppose the information is used to build user profiles which are then sold to advertisers who are able to target specific user profiles. They claim:
“(this use) enables Facebook to mine user data and profit from those data by sharing them with third parties – namely, advertisers, marketers, and other data aggregators”.
The use of Facebook storing and making information in this way is not mentioned in the user agreement and so the claim is that Facebook are breaching the 1986 Electronic Communications Privacy Act, which states that wiretrapping for profit cannot be undertaken without consent of the court. What is less clear is if this applies to commercial sites, as this is not explicitly referred to in the arguably dated legislation.
Hurley and Campbell will be pushing for $100 per day per US user compensation, for the whole time that Facebook has breached the act. Facebook have retaliated to say they will defend themselves “vigorously” and that the claims are “without merit”.
It’s not the first time they have come under attack for not properly adhering to users’ privacy rights however. Previously another class action lawsuit was brought against them and was successful – Facebook had to pay out $20 million for using users’ images without their consent, again for advertising purposes.
Google was accused of similar activity when it became apparent that they used information sent across users’ Gmail accounts, in order that advertisers could promote more targeted advertising. They defended the way in which they used personal information by claiming that users should not expect absolute privacy from an email subscription service.