A shareholder lawsuit alleging that Facebook officers and directors failed to protect the privacy of user data, and violated the law and their fiduciary duties, will be allowed to proceed after a Delaware judge refused to dismiss it. The complaint alleges that Facebook officials repeatedly and continually violated a 2012 consent order with the Federal Trade Commission, which aimed to prevent the collection and sharing of personal data with third-party applications without user consent. The lawsuit accuses Facebook of having sold user data to commercial partners in direct violation of the consent order, and also of having removed disclosures from privacy settings that were required under the agreement. The company’s conduct resulted in significant fines from regulators in Europe and culminated in the Cambridge Analytica scandal in 2018.
The judge agreed with the plaintiffs that they did not need to first demand that Facebook‘s board take legal action before filing litigation because there is reasonable doubt that many board members, who have close personal and business ties to Mark Zuckerberg, would be willing to confront the CEO and founder of the company, now known as Meta Platforms Inc., over its privacy failures. The plaintiffs are seeking damages awarded to the company, disgorgement of profits allegedly made through insider trading, and corporate governance reforms.
The judge noted that this is a case involving alleged wrongdoing on a colossal scale, where the accusations are “encyclopedic and specific,” telling a story of Facebook‘s directors who were aware of the law breaking, whether they either affirmatively went along with it or consciously disregarded it. While allowing the plaintiffs to pursue their claims that Zuckerberg and several others breached their fiduciary duties to the company, Laster dismissed insider trading claims against several defendants, with the exception of Zuckerberg.
Meta has said in filings with securities regulators that it believes the lawsuit is without merit. This case marks the continuation of Facebook‘s long-running conflict with data privacy regulators and highlights the increasingly important issue of internet security for companies that collect and process vast amounts of user data.
Editorial:
The decision by the Delaware judge further validates the concerns surrounding Facebook, which has been the focus of numerous data breaches and accusations regarding its negligence in protecting the information of its users. This ruling should serve as a warning to other companies that process vast amounts of user data to prioritize the protection and security of that data, rather than seeking to exploit or monetize it at the expense of their users’ privacy.
Recommendations:
Companies should prioritize user data privacy and protection by implementing robust security measures that ensure data is only collected and processed with express user consent and protected from unauthorized access or disclosure. Boards and executives must be held accountable for safeguarding user data, and those who fail to do so should be held responsible, both civilly and criminally. Companies must also be transparent about their data collection practices and disclose any potential risks to user privacy, along with the steps being taken to mitigate those risks. Finally, regulators should continue to hold companies that disregard user privacy accountable and seek to impose appropriate penalties and fines to deter future violations.
<< photo by Jason Dent >>
