Feeds

Facebook absolved for exposing user info to advertisers

No harm, no foul, etc.

5 things you didn’t know about cloud backup

A federal judge has gutted a lawsuit filed against Facebook for allegedly leaking users' personal information to advertisers on the grounds that they didn't suffer specific injuries and the leak didn't run afoul of wiretap and computer fraud statutes.

The lawsuit, filed in federal Court in San Jose, California, last year, alleges that the social network violated its own privacy policy by including users' ID numbers in referrer headers that were created each time they clicked on an ads. Two California men alleged that the disclosure, which spanned a three-month period earlier that year, shared their personally identifiable information with advertisers. They sued for violations of the Electronic Communications Privacy Act, federal wiretap statutes, breach of contract, and other laws.

On Thursday, US District Judge James Ware threw out all eight of the claims brought in an amended complaint, although he gave the men leave to revive parts of the case if they could bring more specific allegations. The thrust of Ware's dismissal was that the Facebook users didn't document any real harm resulting from the alleged leak.

“Here, in regard to damages, plaintiffs allege only that as a result of the alleged breach of contract, plaintiffs 'suffered injury,'” Ware wrote. “However, plaintiffs fail to allege any actual damages in their complaint. Thus, under California law plaintiffs fail to state a claim for breach of contract.”

Ware used similar reasoning to throw out a claim brought under California's unfair competition law.

The judge went on to strike down claims brought under the Stored Communications Act and statutes prohibiting unauthorized wiretaps on the grounds that information leaked in referrer headers didn't meet the requirements spelled out in those laws.

The ruling is only the latest time a lawsuit brought for alleged privacy breaches has been dismissed because the plaintiffs didn't allege a specific injury. In late 2009, a federal judge threw out claims brought against Express Scripts for a lapse that exposed customers' names, dates of birth, social security numbers, and prescription drug histories. Last year, the Ninth US Circuit Court of Appeals absolved clothing retailer The Gap for exposing sensitive information for 800,000 customers when laptops with unencrypted contents were stolen.

In the lawsuit filed against Facebook, Ware gave the plaintiffs, David Gould and Mike Robertson, until June 13 to file an amended complaint. An attorney for the plaintiffs didn't return a call inquiring whether they planned to do so.

The ruling comes a few days after researchers from Symantect said Facebook exposed millions of user credentials because of a years-old bug that overrides individual privacy settings.

A PDF of Ware's ruling is here, and legal analysis from Venkat Balasubramani of the Technology & Marketing Law Blog is here. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.