Risk
6/21/2012
11:52 AM
Connect Directly
RSS
E-Mail
50%
50%

Facebook Settles Lawsuit Over Sponsored Stories

Proposes paying $10 million to settle class action lawsuit over using Facebook users' names and images in advertising without their permission.

Facebook's History: From Dorm To IPO Darling
Facebook's History: From Dorm To IPO Darling
(click image for larger view and for slideshow)
Facebook has proposed paying $10 million to settle a class action lawsuit over its use of Facebook users' images and names in its Sponsored Stories advertising campaigns.

Before becoming final, however, the proposed settlement must first be approved by a federal judge.

The settlement relates to a class action lawsuit first filed in U.S. District Court in California in March 2011 by Angel Fraley, Paul Wang, and Susan Mainzer, as well as two minors named only by their initials (J.H.D. and W.T.). It alleged that Facebook's use of its users' images for advertising purposes--without compensation--had caused them economic harm.

[ For more on Facebook and privacy concerns, see Facebook Buys Face.com: At What Privacy Cost? ]

"At issue here is one of Facebook's advertising practices in particular, 'Sponsored Stories,' which appear on a member's Facebook page, and which typically consist of another member's name, profile picture, and an assertion that the person 'likes' the advertiser, coupled with the advertiser's logo," read court documents filed in support of the lawsuit. "Sponsored Stories are generated when a member interacts with the Facebook website or affiliated sites in certain ways, such as by clicking on the 'Like' button on a company's Facebook page."

After the lawsuit was first filed, Facebook issued the following statement: "We are reviewing the decision and continue to believe that the case is without merit." Facebook also sought to distinguish its Sponsored Stories from advertising. For example, last year in an interview with the BBC, Facebook public policy VP Elliot Schrage explained to BBC reporter Emily Maitlis the process by which clicking the "Like" button could lead to users' names or images being used in Sponsored Stories. "When I press a 'Like' button on an ad, I'm trying on the Facebook system, I am affirmatively communicating that I am associating myself with whatever I'm liking. And what that does is create a story," he said.

"Well, you can call it a story--many people would call it an advertisement--and Facebook is getting paid for those by the companies," responded Maitlis.

Interestingly, the presiding judge in the "Fraley versus Facebook" case appeared to agree. "California has long recognized a right to protect one's name and likeness against appropriation by others for their advantage," U.S. District Judge Lucy Koh wrote in a December 2011 ruling that granted and denied parts of a motion filed by Facebook to dismiss the lawsuit.

Koh ruled that Facebook's interpretation that its "Like" button constituted a consumer endorsement of any product or service, allowing their name or likeness to be used for free in advertising, potentially violated California's Right of Privacy Law.

The plaintiffs argued--under the state's Right of Privacy Law--that they were economically injured by having their names and likenesses used without compensation. But Facebook, in its motion to dismiss the case, argued that because the Facebook users weren't celebrities, they should first have to demonstrate that had "some preexisting commercial value to their names and likenesses," according to court documents. Koh dismissed that argument, noting that under California law, residents didn't have to be celebrities to suffer economic injury when their name, voice, signature, photograph, or likeness was used without their consent.

The plaintiffs also argued that Facebook's privacy policy "led them to believe they have control over Facebook's use of their likeness in advertising such as Sponsored Stories," according to court documents.

But actually opting out of Sponsored Stories isn't a straightforward process. "Members are unable to opt out of the Sponsored Stories service, which was introduced after Plaintiffs became Facebook members, and instructions on how to disable an individual post from appearing on Friends' News Feeds or as a Sponsored Story are only available on a 'buried Help Center page, not connected by any link within the Privacy Policy or Statement of Rights and Responsibilities pages,'" wrote Koh in her ruling.

Facebook didn't immediately respond to a request for comment about what changes the company might make in the wake of the proposed settlement, such as altering its data use policy or discontinuing its practice of using members' names and images as part of Sponsored Stories should they click the "Like" button for a company, brand, or product.

Facebook's proposed settlement would distribute $10 million not to users, but rather "to groups whose charters set out actions and programs relevant to advocacy related to the purposes for which the case was brought." The settlement focused on that type of a payout after finding that any type of compensation for affected members would be "not practicable," wrote Edward A. Infante, the retired Chief Magistrate Judge of the U.S. District Court who mediated the settlement agreement. For example, any damages awarded under the California Right of Publicity Law could involve a minimum of $750 per person affected, which, if applied to all Facebook users, would result in a fine of $75 billion.

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7052
Published: 2014-10-19
The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7056
Published: 2014-10-19
The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7070
Published: 2014-10-19
The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7075
Published: 2014-10-19
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7079
Published: 2014-10-19
The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.