Facebook’s Latest Privacy FAIL Costs Company $550M

Facebook has settled a class action lawsuit in Illinois for $550 million. It’s alleged the social network’s face-recognition algorithms are illegal in the Prairie State.

Zuckerberg’s lawyers say the company did nothing wrong. So it seems they’re shelling out to make the problem go away.

Half a billion here, half a billion there. Pretty soon you’re talking serious money. In today’s SB Blogwatch, we rummage down the back of the couch.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: All art is transformative.

Land of Lincoln, State of Secrets

What’s the craic? Natasha Singer and Mike Isaac report—“Facebook to Pay $550 Million to Settle Facial Recognition Suit”:

 [It gives] privacy groups a major victory that again raised questions about the social network’s data-mining practices. [The class-action lawsuit] said the Silicon Valley company violated an Illinois biometric privacy law by harvesting facial data for Tag Suggestions from the photos of millions of users in the state without their permission and without telling them how long the data would be kept.

The sum amounted to a rounding error for Facebook. … “We decided to pursue a settlement as it was in the best interest of our community and our shareholders to move past this matter,” a Facebook spokesman said.

The privacy settlement coincides with heightened public concern over the spread of powerful surveillance technology like facial recognition. … The American Civil Liberties Union and other groups have warned that the spread of such services could end people’s ability to remain anonymous in public.

Fair enough, fair enough. All is Alison Durkee: [Too subtle—Ed.]

 Facebook’s privacy missteps are once again coming with a hefty price tag. … According to lawyers involved with the suit, the settlement marks the largest cash settlement ever for a privacy related lawsuit.

Illinois-based Facebook users … alleged that Facebook’s “tag suggestions” feature, which automatically predicts which Facebook users appear in photos, improperly gathered users’ biometric facial data without their permission and with no disclosure as to how long the data was being kept. By doing so, Facebook was allegedly in violation of Illinois’s biometric privacy law.

[It] comes as Facebook has increasingly come under fire for a myriad of practices spanning everything from user privacy and antitrust concerns to its political advertising policy. … And this isn’t the first time that Facebook has been targeted for its own facial-recognition practices.

As the Facebook CEO comes off a year that saw him widely reviled by everyone from Washington D.C. lawmakers to his own Silicon Valley peers, [he] held strong against the criticism that follows both his company and him personally. … “My goal for this next decade isn’t to be liked, but to be understood. In order to be trusted, people need to know what you stand for. … Over the next decade I want us to build a reputation for privacy that’s as strong as our reputation around building good, stable services.”

Best of luck with that, Zuck. Jeff Horwitz and Asa Fitch imply another criticism—“Suit alleges company violated a 2008 Illinois law”:

 [CFO] David Wehner slipped news of the settlement into the company’s fourth-quarter earnings call, with the deal being cited as a principal cause for higher expenses. … Facebook didn’t admit to wrongdoing.

The $550 million Facebook has agreed to pay will be the largest-ever cash privacy settlement won by class-action attorneys, with estimated payouts of around $200 for each affected user, according to a press release by the attorneys. … Filed in 2015 by lawyers from three firms—Edelson PC, Robbins Geller Rudman & Dowd and Labaton Sucharow LLP—the suit sought penalties of more than $1,000 per user.

Facebook’s lawyers had sought to dismiss the case on the grounds that the Illinois law didn’t cover its method for identifying users in photos. The company also said it had given users the ability to opt out of the feature, an argument which didn’t succeed in court. … The U.S. Supreme Court declined to hear Facebook’s appeal, leaving the company with the choice of settling or facing a trial.

Wouldn’t you like to hear from someone Way Smarter Than You?

 Losing with a judgement sets a legal precedent—and watch the flood of lawsuits come in. A settlement is non-binding and non precedent setting for future lawsuits. It also keeps FB from subpoenas for detailed information on just how deeply scummy they are. Settling was the smart call.

But does the punishment fit the crime? Orbiting the analysis, it’s SkyBelow:

 Even many minor laws include a short jail sentence. Imagine if the penalty was that Facebook had to full shutdown everything for 2 months.

A fine that you’ll make up in no time is not a punishment at all, just a fee for the privilege of being allowed to ignore the law.

Still, it’s more than half a billion. Caroline Haskins—@carolineha_—offers a comparison:

 For perspective, Equifax paid $380 million to settle a class action suit over its 2017 breach.

How does that $550M break down? This slightly cynical Anonymous Coward suggestifies thuswise:

 Each of Illinois’ 21 million facebook users will receive a postcard check for $0.24 … and the lawyers will receive $544.96 million in legal fees.

And  Alec Stapp—@AlecStapp—tries to be a bit more realistic:

 Ballpark math:

Lawyers get $150 million.
Illinois has 12.7 million people.
About two-thirds … are on Facebook.
That’s 8.5 million people.

So, about $50 a person.

Meanwhile, the ACLU likes this law, and thinks other states should do likewise:

 Strong privacy laws make a difference. We should all be able to sue privacy-violating companies — lawmakers across the country should follow Illinois’ lead.

And Finally:

There is no art without transformation

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Anthony Quintano (cc:by)

Richi Jennings

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Sponsorships Available Unlike ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 421 posts and counting.See all posts by richi