May 02, 2019

U.S. District Judge William Alsup said Thursday he’s troubled by Facebook’s argument that it isn’t liable for failing to protect user data because its service is free, saying Facebook makes “gobs of money” selling users’ information to advertisers who “bombard you with ads” — and that comes at a cost.

During a hearing in San Francisco, Judge Alsup acknowledged that previous case law finds that companies have limited liability when their services are offered “without a cost.” But the judge said Facebook’s “whole system” is set up so users can share “all kinds of information,” which Facebook monetizes.

“Isn’t that a cost to the consumer? Shouldn’t there be bone-crushing discovery getting into how [Facebook] is monetizing [the data]?” the judge asked Facebook’s counsel. “That’s what bothers me about your argument.”

. . .

Meanwhile, counsel for the Facebook users, Douglas J. McNamara of Cohen Milstein Sellers & Toll PLLC, said Facebook’s argument that it’s a free service and therefore isn’t liable is “a little outdated,” because the currency at issue is users’ personal identifying information, or PII. That’s how Facebook makes $40 billion a year, he said. McNamara also said the company promises to protect user data, but it is now trying to argue that it’s not legally required to do so.

“This is clearly one-sided. They’re getting the benefits of PII, and you’re getting nothing,” he said.

The judge asked McNamara to show him the provision in which Facebook guarantees that the company will protect data. McNamara responded by pointing out that the company has made the assurances in public statements and that its CEO, Mark Zuckerberg, told Congress the company has a responsibility to protect data, “and if we don’t, we don’t deserve to serve you.”

McNamara said that Zuckerberg’s message is clearly at odds with its arguments in the current litigation and that Facebook’s inconsistent positions makes its user contract procedurally and substantively unconscionable.

. . .

During the hearing, the parties also took starkly different positions on how many users were affected by the breach and what information was stolen. Facebook’s counsel argued that its investigation shows that at most hackers accessed only 3.9 million users’ accounts, and mostly only email addresses and phone numbers were compromised.

But the plaintiffs’ counsel, Andrew N. Friedman also of Cohen Milstein Sellers & Toll, argued that the hackers accessed 29 million accounts and that nearly half of those accounts had their names, email addresses, user names, dates of birth, relationship status, hometown, religion, current city, 10 recent locations and 15 recent Facebook searches stolen. Friedman added that they still haven’t taken enough discovery to know the extent of the hack.

The complete article can be accessed here.