Facebook Sued Over Privacy Concerns…and Maybe More

Facebook Sued Over Privacy Concerns…and Maybe More

It’s not the first time and it probably won’t be the last. Social media giant Facebook has been named in another class action suit for its oft criticized treatment of user data.

This part of the story may not be all that surprising. Concerns about online privacy, especially where social media is concerned, are old news.

So the question becomes, why has there been so much buzz over the latest case? Well, ultimately it may be because Facebook is again really being sued over its business model.

After all, there are lots of businesses these days that use customer data…including small ones. And in the end, that’s what the suit filed on behalf of about 160 plaintiffs really boils down to.

Facebook Suit Focuses on Company’s Data Use

Specifically, Facebook is accused of violating California privacy laws and the Electronic Communication Privacy Act. The suit says the company scanned users’ private messages. It then sold information it collected to advertisers and data aggregators, reports AdWeek and other news sources.

Though the fact that Facebook and other businesses use customer data isn’t that surprising, the amount of data used and the disclosure to customers is the real issue here.

In a recent post on LinkedIn, Bernard Marr, an enterprise performance expert from the UK observes:

“In principle, there is nothing wrong with Facebook using our data to make commercial gains. In the end, the service is free and Facebook has to make money somehow. However, my biggest concern is that the data mining activities are not as transparent as they should be.”

In another class action suit filed last year, Facebook was accused of sharing members’ “likes” on sponsored posts without their permission. The company ultimately settled in that case.

Many Companies Use Customer Data

Certainly many companies today large and small use customer data. What’s important is for these businesses to think carefully about how they are using this data, and to be aware of the risks.

For example, Pam Nelson, co-owner of Butter Lane, which operates two specialties bakeries in New York, says her business tracks customers by their credit card number to separate first time and repeat customers. More recently, the company has begun tracking more detailed data using a new customer loyalty program.

Nelson says that by signing up for the program, customers are allowing the business to track them by name with each credit card transaction.

Customers are then given cash back or other rewards depending upon the amount of money they spend. The program allows Butter Lane to cater to their best customers, reward their patronage and encourage them to spend more.

Consider How You Use Customer Data

Of course, it’s important to seek legal counsel when determining whether your use of customer data fits the rules. But there are some things to consider in the meantime:

  • Consider whether you have customer consent. In the case of Butter Lane, customers are asked to provide their names so that their buying behavior can be tracked and rewarded.
  • Consider whether you’ve been transparent. As Marr points out, the greatest concern in the most recent Facebook case is whether users were made aware that data from their private messages would be shared.
  • Consider whether the data you are collecting is aggregate or personal. Data that follows customer behavior as opposed to data that identifies customers individually is very different, Tom Lefroy, chief executive of the U.K.-based Advertising Association told the Financial Times recently. Are your customers more comfortable with you using one than the other?

Bottom line: The answers to these questions will not guarantee whether your company is safe in its use of customer data in the rapidly changing digital economy. But it may get you thinking about the risks you face and how to minimize them in the future.

Dislike Concept Photo via Shutterstock

More in: 15 Comments ▼

Shawn Hessinger Shawn Hessinger is the Executive Editor for Small Business Trends and a professional journalist with more than 20 years experience in traditional and digital media for trade publications and news sites. He is a member of the Society of Professional Journalists and has served as a beat reporter, columnist, editorial writer, bureau chief and managing editor for the Berks Mont Newspapers.

15 Reactions
  1. Considering the amount of money Facebook has, it is not surprising a lawsuit like this has happened. Poorer and smaller companies may be overlooked.

  2. I agree that it is not at all surprising. But what surprised me that it even got to a lawsuit. After all, while you want to preserve your privacy, why expose your details in a social media website in the first place?

    • Hi Aira,
      I’m with you about sharing personal data online, but I would point out that:
      1.) the case involves personal messages meaning users may have had a greater expectation of privacy (right or wrong)
      2.) the case seems less about whether users expected their personal data to be compromised than about how transparent Facebook was regarding what they intended to do with that data

      • I see. I guess you’re right. Personal messages are expected to be kept private. I was quite surprised that they will compromise that type of information.

  3. Wait, Facebook allegedly scanned private messages? Can Facebook do that?

    OK, to be honest, I wouldn’t put it past them, but shouldn’t they let us know about that so we can make an informed decision about whether to then use private messaging.

    If it’s what FB is indeed doing, it’s wrong. End of.

  4. People are always concerned about their privacy and especially on social media platforms.
    Certainly many companies today large and small use customer data, but scanning users’ private messages?

  5. I find it interesting how using the word “scanning” seems to personalize what Facebook did. Like there was a person reading it. If they had used the word “parsing”, which is more accurate since it’s a computer program, I would anticipate less reaction.

    And why isn’t everyone concerned about how Google “scans” your emails (aren’t those private messages too?) so they can put contextually relevant ads next to them?

    • Fair point, Robert, re: Google. Fair point.

      In my above comment, my mind went to email accounts, Yahoo, Gmail, Hotmail, and them perhaps doing something similar. However, there’s something about Facebook (allegedly) doing it that gets my back up more.

  6. Great info, Shawn.

    And, I’ll be surprised if this lawsuit won’t start a domino effect.
    You wrote:

    “The suit says the company scanned users’ private messages. It then sold information it collected to advertisers and data aggregators”

    I understand. Consumers said ok when they opened accounts on FB.

    That doesn’t bother me as much as the general attitude at FB.

    They just don’t seem to care about privacy when it comes to the important privacy stuff. Like when teens are using FB. And, when they do “privacy changes” before asking users if they’re okay with them. (Not recently though. That’s good.)

    If they were hurting financially, they wouldn’t have as much leverage.

    But, cash is King. And they have it.

    So, until the chips fall–theirs, I’m speaking of, they won’t change things.

    The Franchise King®

  7. Alesha May Murray

    Hi Shawn, the purpose of my reply below is that it is a requirement of a business ethics course I am currently undertaking in New Zealand. I understand it may be a bit lengthy in comparison to other responses, though appreciate good food for thought.

    Your post addresses the concern for privacy breaches, allegedly violated by Facebook, and articulates that this isn’t the first time the billion dollar social media network has been in the limelight for such allegations. But firstly, what is privacy?

    When researched, there are a number of variations of the meaning, freedom theorist Stanley Benn 1978 (The Open Polytechnic of New Zealand) views privacy as individual personality, and Carl Wellman 1978 (The Open Polytechnic of New Zealand), a rights theorist, articulates the definition to be associated with the US declaration of human rights. Carl goes on to describe the legislation to provide protection to those whose privacy is violated, and, legal protection against any violations. On a personal note Carl expresses the desire to add a third claim of protection where an individual is in a position initiate a lawsuit against a state if the state itself, is violating or obstructing the fundamentals of privacy legislation. (The Open Polytechnic of New Zealand).

    The accusation against Facebook is that private messages have been scanned and the content sold to advertisers, data aggregators and other news sources (Hessinger, 2014). Though what is wrong with this? When Facebook users sign up to the social media network, they agree to their information being used in a sense that isn’t doesn’t directly identify them. And as outlined by both yourself and Robert below, it isn’t uncommon for businesses to use customer data for business purposes; in fact it is rather common. Take for example OneCard; a New Zealand customer loyalty programme that is used in certain supermarkets to capture trends through their purchases. The reward for signing up to the programme is access to discounts and reward vouchers.

    Furthermore, you comment that the suit filed against Facebook comes down to about one hundred and sixty plaintiffs. In October 2013 it was recorded that there were roughly 1.9 billion monthly users, which account for less than 1% of those, does this not show the irrelevance of the complaint? Unfortunately I am unfamiliar with US legislation, though I can share that under New Zealand legislation, personal information can be shared as long as the information directly identifying an individual isn’t passed on to a third party for their own use.

    In response to your comment outlining there is nothing wrong with Facebook using our data to make commercial gains, I agree though would argue that there is nothing wrong with using customer data given the customer has given consent to do so, and that the use of data isn’t within breach of privacy legislation. At the end of the day the service is free, and I’m sure was a business strategy to attract the number of users it holds today, which in a sense has created the demand for advertising and as a business, more so because it is listed on the stock market, Friedman would say that Facebook has a social responsibility to engage in activities which increase profit” (Friedman, 2005) providing there is no deception of fraud.

    Furthermore I support your statement that perhaps the way in which data is used is not as transparent as it should be, but disagree in a sense that isn’t this a desirable business trait in order to retain customer satisfaction that ultimately leads to business development, and not one which is required?
    Although I do ask, is Facebook acting ethically? A utilitarian would suggest that the best option would be to maximise happiness and minimise suffering. However taking into account, a utilitarian will never accept an action to be moral if it only maximises happiness for the majority at the expense of the minority. Which in this instance is could be the 1% of unsatisfied customers. Though, is this really at their expense? If they have not disclosed information that directly identifies them, and have just scanned messages to identify market trends to on sell to advertisers, is this not just a misunderstanding of data use. As you have mentioned Shawn, I would say that as the messages are labelled private, there is greater expectation they remain private.

    A Utilitarian would in this instance, consider the actions of Facebook to be morally acceptable as by providing the social network service to customers, and advertising rights and market trends to advertisers, they would be maximising happiness, and not at the expense of the minority, given there is no information disclosed to a third party directly identifying them.

    Kantianism advocates that moral actions should apply to everyone, and that moral behaviour lies in the principle of an action to respect rational humanity. Kant would suggest that as this action, given no private information directly identifying an individual was provided to a third party, or breaches privacy legislation would be appropriate as a universal law, remembering Facebook has a social responsibility to engage in activities that increase profit.

    Virtue ethics would suggest that to express virtues would be to be honest and truthful, two traits of character Facebook have expressed in a terms and conditions disclosure to users when signing up to the network by listing the framework they will worth within when handling personal information.
    As stated before, Facebook users, agree to the terms and conditions when they sign up, let alone agree they have actually read the terms and conditions. In contrast to this, if however, it turns out that Facebook has breached legislation, then regardless of those who have agreed to the terms and conditions, under New Zealand legislation they will be unenforceable.

    In response to your further comment, “to be aware of the risks”, what are the risks? Simply to ensure that any personal information shared with a third party cannot identify an individual?