Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches

A Delaware judge on Wednesday refused to dismiss a shareholder lawsuit alleging that Facebook officers and directors violated both the law and their fiduciary duties in failing for years to protect the privacy of user data.

Vice Chancellor J. Travis Laster rejected arguments that the complaint should be dismissed because the plaintiffs did not first demand that Facebook’s board take legal action before filing litigation themselves. Under Delaware law, shareholders must make such a demand or demonstrate that doing so would be futile because a majority of directors were self-interested, lacked independence or faced a substantial likelihood of liability.

Laster agreed with the plaintiffs that demand would be futile because there is reasonable doubt that a majority of the relevant Facebook board members, many with close personal and business ties to Mark Zuckerberg, would be willing to confront the CEO and founder of the company now known as Meta Platforms Inc., over its privacy failures.

Meta has said in filings with securities regulators that it believes the lawsuit is without merit.

In refusing to dismiss the lawsuit, the judge noted that he was required to accept the allegations in the complaint, which he described as “encyclopedic and specific” as true for purposes of ruling on the motion.

“It tells a story of directors who were on notice of the law breaking, and who either affirmatively went along with it or consciously disregarded it,” Laster said. “What we don’t have is a little lawbreaking, what we don’t have is isolated lawbreaking, what we don’t have are immaterial violations. … This is a case involving alleged wrongdoing on a truly colossal scale.”

The complaint alleges that Facebook officials repeatedly and continually violated a 2012 consent order with the Federal Trade Commission under which the company agreed to stop collecting personal data on platform users and friends without their consent, and sharing it with the third-party applications.

Facebook later sold user data to commercial partners in direct violation of the consent order, and removed disclosures from privacy settings that were required under consent order, the lawsuit alleges. The company’s conduct resulted in significant fines from regulators in Europe and culminated in the Cambridge Analytica scandal in 2018. That case involved a British political consulting firm hired by Donald Trump’s 2106 presidential campaign that paid a Facebook app developer for the personal information of tens of millions Facebook users.

The fallout led to Facebook agreeing to pay unprecedented $5 billion penalty to settle Federal Trade Commission charges that the company violated the 2012 consent order by deceiving users about their ability to protect their personal information.

While allowing the plaintiffs to pursue their claims that Zuckerberg and several others breached their fiduciary duties to the company, Laster dismissed insider trading claims against several defendants, with the exception of Zuckerberg. The plaintiffs are seeking damages awarded to the company, disgorgement of profits allegedly made through insider trading and corporate governance reforms.

Related: Facebook Agrees to Pay $725 Million to Settle Privacy Suit

Related: Meta Hit With 390 Million Euro Fine Over EU Data Breaches

Related: Meta Slapped With 5.5 Million Euro Fine for EU Data Breach