11:52 AM

Facebook Settles Lawsuit Over Sponsored Stories

Proposes paying $10 million to settle class action lawsuit over using Facebook users' names and images in advertising without their permission.

Facebook's History: From Dorm To IPO Darling
Facebook's History: From Dorm To IPO Darling
(click image for larger view and for slideshow)
Facebook has proposed paying $10 million to settle a class action lawsuit over its use of Facebook users' images and names in its Sponsored Stories advertising campaigns.

Before becoming final, however, the proposed settlement must first be approved by a federal judge.

The settlement relates to a class action lawsuit first filed in U.S. District Court in California in March 2011 by Angel Fraley, Paul Wang, and Susan Mainzer, as well as two minors named only by their initials (J.H.D. and W.T.). It alleged that Facebook's use of its users' images for advertising purposes--without compensation--had caused them economic harm.

[ For more on Facebook and privacy concerns, see Facebook Buys Face.com: At What Privacy Cost? ]

"At issue here is one of Facebook's advertising practices in particular, 'Sponsored Stories,' which appear on a member's Facebook page, and which typically consist of another member's name, profile picture, and an assertion that the person 'likes' the advertiser, coupled with the advertiser's logo," read court documents filed in support of the lawsuit. "Sponsored Stories are generated when a member interacts with the Facebook website or affiliated sites in certain ways, such as by clicking on the 'Like' button on a company's Facebook page."

After the lawsuit was first filed, Facebook issued the following statement: "We are reviewing the decision and continue to believe that the case is without merit." Facebook also sought to distinguish its Sponsored Stories from advertising. For example, last year in an interview with the BBC, Facebook public policy VP Elliot Schrage explained to BBC reporter Emily Maitlis the process by which clicking the "Like" button could lead to users' names or images being used in Sponsored Stories. "When I press a 'Like' button on an ad, I'm trying on the Facebook system, I am affirmatively communicating that I am associating myself with whatever I'm liking. And what that does is create a story," he said.

"Well, you can call it a story--many people would call it an advertisement--and Facebook is getting paid for those by the companies," responded Maitlis.

Interestingly, the presiding judge in the "Fraley versus Facebook" case appeared to agree. "California has long recognized a right to protect one's name and likeness against appropriation by others for their advantage," U.S. District Judge Lucy Koh wrote in a December 2011 ruling that granted and denied parts of a motion filed by Facebook to dismiss the lawsuit.

Koh ruled that Facebook's interpretation that its "Like" button constituted a consumer endorsement of any product or service, allowing their name or likeness to be used for free in advertising, potentially violated California's Right of Privacy Law.

The plaintiffs argued--under the state's Right of Privacy Law--that they were economically injured by having their names and likenesses used without compensation. But Facebook, in its motion to dismiss the case, argued that because the Facebook users weren't celebrities, they should first have to demonstrate that had "some preexisting commercial value to their names and likenesses," according to court documents. Koh dismissed that argument, noting that under California law, residents didn't have to be celebrities to suffer economic injury when their name, voice, signature, photograph, or likeness was used without their consent.

The plaintiffs also argued that Facebook's privacy policy "led them to believe they have control over Facebook's use of their likeness in advertising such as Sponsored Stories," according to court documents.

But actually opting out of Sponsored Stories isn't a straightforward process. "Members are unable to opt out of the Sponsored Stories service, which was introduced after Plaintiffs became Facebook members, and instructions on how to disable an individual post from appearing on Friends' News Feeds or as a Sponsored Story are only available on a 'buried Help Center page, not connected by any link within the Privacy Policy or Statement of Rights and Responsibilities pages,'" wrote Koh in her ruling.

Facebook didn't immediately respond to a request for comment about what changes the company might make in the wake of the proposed settlement, such as altering its data use policy or discontinuing its practice of using members' names and images as part of Sponsored Stories should they click the "Like" button for a company, brand, or product.

Facebook's proposed settlement would distribute $10 million not to users, but rather "to groups whose charters set out actions and programs relevant to advocacy related to the purposes for which the case was brought." The settlement focused on that type of a payout after finding that any type of compensation for affected members would be "not practicable," wrote Edward A. Infante, the retired Chief Magistrate Judge of the U.S. District Court who mediated the settlement agreement. For example, any damages awarded under the California Right of Publicity Law could involve a minimum of $750 per person affected, which, if applied to all Facebook users, would result in a fine of $75 billion.

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.