Two class action lawsuits target Facebook and the largest maker of Facebook applications -- alleging that the companies breached consumers' privacy by illegally sharing their information with third parties, in violation of Facebook's own policies.
Both suits follow a Wall Street
on Monday detailing a disturbing apparent data breach -- or, more
accurately, "leak" -- of consumer information.
Specifically, the article found that many Facebook applications "have been ... providing access to people's names and, in some cases, their friends' names ... to dozens of advertising and Internet tracking companies."
According to the report, the applications -- commonly called "apps" -- provide consumers' "user ID numbers," which can in turn be used to find their names and, in certain cases, other identifying information. The policy is in direct violation of Facebook's rules, which provide that developers cannot "directly or indirectly transfer any data you receive from us to (or use such data in connection with) any ad network, ad exchange, data broker, or other advertising related toolset, even if a user consents to such transfer or use."
Scores of users affected
The issue affects tens of millions of consumers who use Facebook apps, even those who have enabled the maximum privacy controls on their profiles, the Journal found. Additionally, all ten of the site's most popular apps transmit the user IDs and three of the top ten -- including FarmVille -- also send information about users' friends, according to the report.
The Journal found that data from the apps is going to "at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities."
Once the report was released, it took less than 12 hours for the lawsuits to start flying.
Separate suits, similar allegations
One of the lawsuits, filed Monday in a San Francisco federal court, targets Zynga, which makes many of Facebook's popular games, including FarmVille, Mafia Wars and Texas HoldEm.
That suit, which names Nancy Walther Graf as the lead plaintiff, accuses Zynga of "illegally sharing [customer data] with advertisers and data brokers" for "substantial profit," and is brought on behalf of all registered Facebook users in the U.S. who registered with Zynga any time after October 18, 2006.
Meanwhile, a Rhode Island suit targets Facebook directly, contending that it is responsible for the data leaks. The Rhode Island suit was originally filed in June but has been updated with charges similar to those in the California action.
"This appears to be another example of an online company failing the American public with empty promises to respect individual privacy rights," Michael Aschenbrener, one of the California plaintiffs' attorneys, said in a statement.
In a statement, Facebook said the California complaint "is without merit and we intend to defend against it vigorously."
The allegations between the two suits include breach of contract and violations of the Consumer Legal Remedies Act, the Electronic Communications Privacy Act, the Stored Communications Act and the Computer Crime Law.
Facebook's been down this road before
Class action lawsuits alleging privacy violations are nothing new for Facebook. Most recently, in July, a Canadian law firm filed a suit taking issue with the website's late 2009 decision to change users' default privacy setting to "public," making scores of photos, friend lists, and other identifying information available to the world, even if the user had previously set stricter controls on her account. Users who wanted to return to the more stringent privacy settings had to go in and affirmatively change their account preferences.
And last November, both Facebook and Zynga were named in a suit brought by Facebook gamers who say they were scammed into giving up personal information in exchange for virtual "cash" that could be redeemed in Zynga-created games. All the users got, according to the suit, was a subscription to "a useless SMS service" -- and the monthly fees that go along with it.
And, perhaps most infamously, there was the Facebook Beacon disaster. Beacon, an advertising feature rolled out in November 2007, recorded users' activities on other websites, then relayed it back to their news feeds. Facebook agreed to shut Beacon down in September 2009 as part of the settlement of yet another class action.