In a previous post, we discussed the lawsuit filed against Facebook in Illinois for its facial recognition technology. Surprisingly, Facebook is under fire once again for its data collection methods. This time Facebook may have violated federal privacy laws by scanning user’s private messages. A class-action lawsuit was filed on May 18, 2016 against the social media site. The suit claims that Facebook was scanning and logging URLs sent through its private messaging system. The plaintiffs claim Facebook scans these URLs to better advertise to its users by providing more user-targeted ads. Facebook has said they engage in the practice of scanning URLs for anti-malware protection and to comply with industry standards on child pornography searches. The company also said URLs are scanned in bulk and that URL data is anonymous. This statement originally made it seem like Facebook would not be able to come up with user-targeted ads by scanning private messages. However, the company later said they may have also used their scanning for advertising purposes and to boost “like” counts.
If Facebook did use their system to better target users with their advertisements, the social media giant may have violated the Electronic Communications Privacy Act and the California Invasion of Privacy Act. Attorneys for the plaintiffs’ were able to gain an abundant amount of information about the site’s data collection methods, but there were some exhibits that were still sealed. After engaging in the discovery process, the plaintiffs’ attorney said “the records that Facebook creates from its users’ private messages, and which are stored indefinitely, may be put to any use, for any reason, by any Facebook employee, at any time.” This statement definitely would shock Facebook users and may be the reason Facebook is aggressively fighting the lawsuit.
Facebook continues to argue that their users remain anonymous after their private messages are scanned. The plaintiffs completed a technical analysis on their own to disprove Facebook’s claims and they were successful. The analysis showed that Facebook collected the date, time, content, sender, and recipient of each private message. Attorneys for Facebook said they were”speculative” of this analysis.
Although the plaintiffs may succeed in their lawsuit against Facebook, they should not expect any monetary damages. The court ruled that Facebook can be prohibited from scanning private messages in the future, but the company would not be required to payout the plaintiffs because the company’s conduct did not result in actual harm. Everything shared on Facebook is often shared on purpose, but users should have been able to expect privacy when sending private messages. The plaintiffs filed an amended complaint. Facebook continues to hold its position that it never aimed to compromise the security or identity of its users to third parties.
Source referenced: The Verge