Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Facebook Settles Lawsuit Over Sponsored Stories

Proposes paying $10 million to settle class action lawsuit over using Facebook users' names and images in advertising without their permission.

Facebook's History: From Dorm To IPO Darling
Facebook's History: From Dorm To IPO Darling
(click image for larger view and for slideshow)
Facebook has proposed paying $10 million to settle a class action lawsuit over its use of Facebook users' images and names in its Sponsored Stories advertising campaigns.

Before becoming final, however, the proposed settlement must first be approved by a federal judge.

The settlement relates to a class action lawsuit first filed in U.S. District Court in California in March 2011 by Angel Fraley, Paul Wang, and Susan Mainzer, as well as two minors named only by their initials (J.H.D. and W.T.). It alleged that Facebook's use of its users' images for advertising purposes--without compensation--had caused them economic harm.

[ For more on Facebook and privacy concerns, see Facebook Buys Face.com: At What Privacy Cost? ]

"At issue here is one of Facebook's advertising practices in particular, 'Sponsored Stories,' which appear on a member's Facebook page, and which typically consist of another member's name, profile picture, and an assertion that the person 'likes' the advertiser, coupled with the advertiser's logo," read court documents filed in support of the lawsuit. "Sponsored Stories are generated when a member interacts with the Facebook website or affiliated sites in certain ways, such as by clicking on the 'Like' button on a company's Facebook page."

After the lawsuit was first filed, Facebook issued the following statement: "We are reviewing the decision and continue to believe that the case is without merit." Facebook also sought to distinguish its Sponsored Stories from advertising. For example, last year in an interview with the BBC, Facebook public policy VP Elliot Schrage explained to BBC reporter Emily Maitlis the process by which clicking the "Like" button could lead to users' names or images being used in Sponsored Stories. "When I press a 'Like' button on an ad, I'm trying on the Facebook system, I am affirmatively communicating that I am associating myself with whatever I'm liking. And what that does is create a story," he said.

"Well, you can call it a story--many people would call it an advertisement--and Facebook is getting paid for those by the companies," responded Maitlis.

Interestingly, the presiding judge in the "Fraley versus Facebook" case appeared to agree. "California has long recognized a right to protect one's name and likeness against appropriation by others for their advantage," U.S. District Judge Lucy Koh wrote in a December 2011 ruling that granted and denied parts of a motion filed by Facebook to dismiss the lawsuit.

Koh ruled that Facebook's interpretation that its "Like" button constituted a consumer endorsement of any product or service, allowing their name or likeness to be used for free in advertising, potentially violated California's Right of Privacy Law.

The plaintiffs argued--under the state's Right of Privacy Law--that they were economically injured by having their names and likenesses used without compensation. But Facebook, in its motion to dismiss the case, argued that because the Facebook users weren't celebrities, they should first have to demonstrate that had "some preexisting commercial value to their names and likenesses," according to court documents. Koh dismissed that argument, noting that under California law, residents didn't have to be celebrities to suffer economic injury when their name, voice, signature, photograph, or likeness was used without their consent.

The plaintiffs also argued that Facebook's privacy policy "led them to believe they have control over Facebook's use of their likeness in advertising such as Sponsored Stories," according to court documents.

But actually opting out of Sponsored Stories isn't a straightforward process. "Members are unable to opt out of the Sponsored Stories service, which was introduced after Plaintiffs became Facebook members, and instructions on how to disable an individual post from appearing on Friends' News Feeds or as a Sponsored Story are only available on a 'buried Help Center page, not connected by any link within the Privacy Policy or Statement of Rights and Responsibilities pages,'" wrote Koh in her ruling.

Facebook didn't immediately respond to a request for comment about what changes the company might make in the wake of the proposed settlement, such as altering its data use policy or discontinuing its practice of using members' names and images as part of Sponsored Stories should they click the "Like" button for a company, brand, or product.

Facebook's proposed settlement would distribute $10 million not to users, but rather "to groups whose charters set out actions and programs relevant to advocacy related to the purposes for which the case was brought." The settlement focused on that type of a payout after finding that any type of compensation for affected members would be "not practicable," wrote Edward A. Infante, the retired Chief Magistrate Judge of the U.S. District Court who mediated the settlement agreement. For example, any damages awarded under the California Right of Publicity Law could involve a minimum of $750 per person affected, which, if applied to all Facebook users, would result in a fine of $75 billion.

New apps promise to inject social features across entire workflows, raising new problems for IT. In the new, all-digital Social Networking issue of InformationWeek, find out how companies are making social networking part of the way their employees work. Also in this issue: How to better manage your video data. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...