While Facebook has encountered plenty of public outrage and bad publicity since the Cambridge Analytica scandal first emerged in March, its legal penalties have been few and far between. That could change soon, as the attorney general of the District of Columbia filed a lawsuit against the social network on Wednesday. It alleges that Facebook violated the law and “harmed consumers” by “failing to protect its users’ data.”
In Attorney General Karl Racine’s complaint, he alleges that Facebook is guilty of violating the Consumer Protection and Procedures Act for losing control of 87 million users’ data and waiting two years to inform anyone about it. In a press release, Racine’s office narrowed the ways in which Facebook allegedly harmed users into six categories:
- Misleading users about the security of their data
- Failing to properly monitor third-party apps’ use of data
- Making it difficult for users to control data settings for apps
- Failing to disclose the Cambridge Analytica breach to consumers for more than two years
- Failing to ensure users’ improperly obtained data was deleted
- Failing to inform consumers that some companies could override data privacy settings
Racine recapped the saga of Global Science Research (GSR) using a quiz app to collect an enormous dataset from Facebook users and their friends, which was subsequently sold to political consulting firm Cambridge Analytica. Facebook’s terms of service prohibit this kind of transaction, and the company knew about it as far back as 2015 but waited until March of this year to come clean as it faced an onslaught of whistleblower reports. The fact that President Trump’s former campaign organizer, Steve Bannon, was once Cambridge Analytica’s vice president, and that the firm lent its services to Trump in the 2016 election, made the scandal all the more intense for Facebook. A former Cambridge employee claimed the Facebook data was used to create psychological profiles of voters to target campaign messages.
Reached for comment regarding how it intends to respond to the lawsuit, a Facebook spokesperson told Gizmodo, “We’re reviewing the complaint and look forward to continuing our discussions with attorneys general in DC and elsewhere.”
The AG is representing the citizens of the District of Columbia in his lawsuit and said that 852 Facebook users from his jurisdiction installed GSR’s nefarious Facebook app. Because the app also sucked up the data from those users’ friends without their knowledge, it ultimately collected the personal information of 340,000 DC residents, according to the lawsuit. It’s important to note that Racine is only representing a portion of the victims involved in the data breach. As Facebook’s statement indicates, other attorneys general across the U.S. could bring litigation on behalf of all 71 million Americans who were affected. And a federal investigation that could potentially result in “trillions of dollars” in fines from the FTC still looms in the distance, even if such a substantial fine is unlikely.
All that is on top of consequences the company has already faced. In July, UK regulators fined Facebook 500,000 pounds (around $690,000 at current exchange rates) for enabling Cambridge Analytica to improperly obtain the trove of user data.
The DC attorney general’s lawsuit seeks to force Facebook to implement “protocols and safeguards to monitor users’ data and to make it easier for users to control their privacy settings,” as well as penalties and consumer restitution.
These days, it’s nearly impossible to get through writing about a Facebook privacy scandal before another one pops up, and that’s taking a heavy toll on the company’s stock price. As of 1pm on Wednesday, Facebook was down 6.8 percent for the day. Since August, the company’s stock has lost around 44 percent of its value. It’s been a hell of a year for the social network, and we can all look forward to the horrors we have to imagine Facebook could unleash in a Christmas Eve news dump.