Facebook faces a potential class action lawsuit (“Matthew Campbell v. Facebook Inc.”) for allegedly violating the US Electronic Communications Privacy Act and California privacy and unfair competition laws. At issue is the company’s alleged practice of scanning private Facebook messages (first discovered in 2012) for URLs and then using that information as part of its ad targeting data.
Reportedly it treats the presence of the URL in a private message as a Like of that publisher or content.
The complaint essentially argues:
- Facebook’s statements to users creates expectations of privacy in its private messaging
- In contrast to those representations “Facebook messages are systematically intercepted” and mined for URLs
- This data mining is done without user knowledge or consent
- Users are likely to share things in private Facebook messages that they wouldn’t otherwise disclose or share publicly on Facebook
- The data collected (URLs) are shared with third parties for ad-targeting purposes
The federal Electronic Communications Privacy Act is an anti-wiretapping statute, with numerous exceptions, first passed in 1986 and amended several times since then. Google faces similar allegations and litigation for scanning the contents of Gmail.
Facebook indicated in formal statements that it believes the lawsuit is “without merit” and plans to “vigorously” contest it. It’s not clear whether the alleged private message scanning implicates the company’s consent decree with the US FTC and thus whether the regulatory agency will become involved.
From a review of news coverage in October 2012 Facebook appears to acknowledge scanning private messages. That doesn’t automatically mean however that the plaintiffs will succeed in their litigation.
The complaint seeks to stop the identified practices. It also asks for attorney fees and damages on behalf of each class member, defined as all Facebook users who “have sent or received private Facebook messages that included a URL.” Facebook has roughly 200 million “monthly active users” in the US. It’s not clear to me how many fall into the category of people sending URLs in private messages.
Regardless, under formulas provided in the various statutes plead in the complaint, monetary damages easily run into the many billions of dollars.