Connect with us

Hi, what are you looking for?


Data Breaches

Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches

Judge refuses to dismiss shareholder lawsuit alleging that Facebook violated the law and fiduciary duties in failing for years to protect user data privacy.

A Delaware judge on Wednesday refused to dismiss a shareholder lawsuit alleging that Facebook officers and directors violated both the law and their fiduciary duties in failing for years to protect the privacy of user data.

Vice Chancellor J. Travis Laster rejected arguments that the complaint should be dismissed because the plaintiffs did not first demand that Facebook’s board take legal action before filing litigation themselves. Under Delaware law, shareholders must make such a demand or demonstrate that doing so would be futile because a majority of directors were self-interested, lacked independence or faced a substantial likelihood of liability.

Laster agreed with the plaintiffs that demand would be futile because there is reasonable doubt that a majority of the relevant Facebook board members, many with close personal and business ties to Mark Zuckerberg, would be willing to confront the CEO and founder of the company now known as Meta Platforms Inc., over its privacy failures.

Meta has said in filings with securities regulators that it believes the lawsuit is without merit.

In refusing to dismiss the lawsuit, the judge noted that he was required to accept the allegations in the complaint, which he described as “encyclopedic and specific” as true for purposes of ruling on the motion.

“It tells a story of directors who were on notice of the law breaking, and who either affirmatively went along with it or consciously disregarded it,” Laster said. “What we don’t have is a little lawbreaking, what we don’t have is isolated lawbreaking, what we don’t have are immaterial violations. … This is a case involving alleged wrongdoing on a truly colossal scale.”

The complaint alleges that Facebook officials repeatedly and continually violated a 2012 consent order with the Federal Trade Commission under which the company agreed to stop collecting personal data on platform users and friends without their consent, and sharing it with the third-party applications.

Advertisement. Scroll to continue reading.

Facebook later sold user data to commercial partners in direct violation of the consent order, and removed disclosures from privacy settings that were required under consent order, the lawsuit alleges. The company’s conduct resulted in significant fines from regulators in Europe and culminated in the Cambridge Analytica scandal in 2018. That case involved a British political consulting firm hired by Donald Trump’s 2106 presidential campaign that paid a Facebook app developer for the personal information of tens of millions Facebook users.

The fallout led to Facebook agreeing to pay unprecedented $5 billion penalty to settle Federal Trade Commission charges that the company violated the 2012 consent order by deceiving users about their ability to protect their personal information.

While allowing the plaintiffs to pursue their claims that Zuckerberg and several others breached their fiduciary duties to the company, Laster dismissed insider trading claims against several defendants, with the exception of Zuckerberg. The plaintiffs are seeking damages awarded to the company, disgorgement of profits allegedly made through insider trading and corporate governance reforms.

Related: Facebook Agrees to Pay $725 Million to Settle Privacy Suit

Related: Meta Hit With 390 Million Euro Fine Over EU Data Breaches

Related: Meta Slapped With 5.5 Million Euro Fine for EU Data Breach

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...