11:52 AM

Facebook Settles Lawsuit Over Sponsored Stories

Proposes paying $10 million to settle class action lawsuit over using Facebook users' names and images in advertising without their permission.

Facebook's History: From Dorm To IPO Darling
Facebook's History: From Dorm To IPO Darling
(click image for larger view and for slideshow)
Facebook has proposed paying $10 million to settle a class action lawsuit over its use of Facebook users' images and names in its Sponsored Stories advertising campaigns.

Before becoming final, however, the proposed settlement must first be approved by a federal judge.

The settlement relates to a class action lawsuit first filed in U.S. District Court in California in March 2011 by Angel Fraley, Paul Wang, and Susan Mainzer, as well as two minors named only by their initials (J.H.D. and W.T.). It alleged that Facebook's use of its users' images for advertising purposes--without compensation--had caused them economic harm.

[ For more on Facebook and privacy concerns, see Facebook Buys Face.com: At What Privacy Cost? ]

"At issue here is one of Facebook's advertising practices in particular, 'Sponsored Stories,' which appear on a member's Facebook page, and which typically consist of another member's name, profile picture, and an assertion that the person 'likes' the advertiser, coupled with the advertiser's logo," read court documents filed in support of the lawsuit. "Sponsored Stories are generated when a member interacts with the Facebook website or affiliated sites in certain ways, such as by clicking on the 'Like' button on a company's Facebook page."

After the lawsuit was first filed, Facebook issued the following statement: "We are reviewing the decision and continue to believe that the case is without merit." Facebook also sought to distinguish its Sponsored Stories from advertising. For example, last year in an interview with the BBC, Facebook public policy VP Elliot Schrage explained to BBC reporter Emily Maitlis the process by which clicking the "Like" button could lead to users' names or images being used in Sponsored Stories. "When I press a 'Like' button on an ad, I'm trying on the Facebook system, I am affirmatively communicating that I am associating myself with whatever I'm liking. And what that does is create a story," he said.

"Well, you can call it a story--many people would call it an advertisement--and Facebook is getting paid for those by the companies," responded Maitlis.

Interestingly, the presiding judge in the "Fraley versus Facebook" case appeared to agree. "California has long recognized a right to protect one's name and likeness against appropriation by others for their advantage," U.S. District Judge Lucy Koh wrote in a December 2011 ruling that granted and denied parts of a motion filed by Facebook to dismiss the lawsuit.

Koh ruled that Facebook's interpretation that its "Like" button constituted a consumer endorsement of any product or service, allowing their name or likeness to be used for free in advertising, potentially violated California's Right of Privacy Law.

The plaintiffs argued--under the state's Right of Privacy Law--that they were economically injured by having their names and likenesses used without compensation. But Facebook, in its motion to dismiss the case, argued that because the Facebook users weren't celebrities, they should first have to demonstrate that had "some preexisting commercial value to their names and likenesses," according to court documents. Koh dismissed that argument, noting that under California law, residents didn't have to be celebrities to suffer economic injury when their name, voice, signature, photograph, or likeness was used without their consent.

The plaintiffs also argued that Facebook's privacy policy "led them to believe they have control over Facebook's use of their likeness in advertising such as Sponsored Stories," according to court documents.

But actually opting out of Sponsored Stories isn't a straightforward process. "Members are unable to opt out of the Sponsored Stories service, which was introduced after Plaintiffs became Facebook members, and instructions on how to disable an individual post from appearing on Friends' News Feeds or as a Sponsored Story are only available on a 'buried Help Center page, not connected by any link within the Privacy Policy or Statement of Rights and Responsibilities pages,'" wrote Koh in her ruling.

Facebook didn't immediately respond to a request for comment about what changes the company might make in the wake of the proposed settlement, such as altering its data use policy or discontinuing its practice of using members' names and images as part of Sponsored Stories should they click the "Like" button for a company, brand, or product.

Facebook's proposed settlement would distribute $10 million not to users, but rather "to groups whose charters set out actions and programs relevant to advocacy related to the purposes for which the case was brought." The settlement focused on that type of a payout after finding that any type of compensation for affected members would be "not practicable," wrote Edward A. Infante, the retired Chief Magistrate Judge of the U.S. District Court who mediated the settlement agreement. For example, any damages awarded under the California Right of Publicity Law could involve a minimum of $750 per person affected, which, if applied to all Facebook users, would result in a fine of $75 billion.

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Latest Comment: nice one
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-04-17
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

Published: 2015-04-17
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

Published: 2015-04-17
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

Published: 2015-04-17
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

Published: 2015-04-17
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.