View this email in your browser

This Week with Bob Ambrogi

Law in the news from LexBlog's editor-in-chief
March 23, 2018

The Many Faces of Facebook's Legal Woes

News that political data-mining firm Cambridge Analytica harvested data from more than 50 million Facebook users put the social-networking site front and center in the news this week. The scandal caused the company’s stock to plunge and its chief information security officer to resign.

While not a classic data breach, the incident poses real risks for the popular social media platform, according to Fox Rothschild’s Privacy Compliance & Data Security blog. One of the blog’s authors, Scott Vernick, founder of the firm’s Privacy & Data Security Practice, discussed the implications for Facebook in an interview with the TD Ameritrade Network.

“Consumers do select companies and want to do business with companies that have control over their data and that can secure their data,” Vernick said. “In turn, If you lose consumer confidence, you lose advertiser confidence, so that is the challenge for Facebook.”

Faceprint Class Action

But Cambridge Analytica was not Facebook’s only legal concern making the news. In California, Facebook suffered a major loss when a federal judge denied its motion to dismiss a proposed class action alleging that the company had secretly collected users’ biometric data without consent, in violation of the Illinois Biometric Information Privacy Act.

The ruling was a clear victory for privacy advocates, particularly those who have cautioned that facial recognition and authentication techniques that employ biometrics implicate important privacy and data security concerns, writes Proskauer partner Jeffrey Neuburger at New Media and Technology Law Blog.

Even so, the ruling may be on shaky ground, as it is at odds with several Illinois decisions interpreting the BIPA, writes Erin Bolan Hines at BakerHostetler’s Data Privacy Monitor. “These Illinois courts rejected general claims of ‘invasion of privacy’ or ‘actual injury’ premised on alleged violations of BIPA’s notice and consent provisions.”

At Cleary Cybersecurity and Privacy Watch, Rahul Mukhi and Gregory N. Wolfe also say the ruling is “arguably in tension” with other decisions. They add that the ruling is likely to encourage plaintiffs to bring other lawsuits under the BIPA and analogous statutes. “We expect that courts will continue to grapple with standing and injury issues as privacy and data breach litigation proliferates.”

And lest you think Facebook’s legal woes are confined to the U.S., there is this: In Germany, a court held that Facebook’s default privacy settings and parts of its terms and conditions are invalid under the German Data Protection Act. Sven Schonhofen provides details at Technology Law Dispatch.

About Bob

Bob is a lawyer, journalist and editor-in-chief of LexBlog.  Contact him via email or Twitter.
© 2018 LexBlog, Inc.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.