Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Delaware Judge Refuses to Dismiss Facebook Shareholder Suit Over User Data Privacy Breaches

Judge refuses to dismiss shareholder lawsuit alleging that Facebook violated the law and fiduciary duties in failing for years to protect user data privacy.

A Delaware judge on Wednesday refused to dismiss a shareholder lawsuit alleging that Facebook officers and directors violated both the law and their fiduciary duties in failing for years to protect the privacy of user data.

Vice Chancellor J. Travis Laster rejected arguments that the complaint should be dismissed because the plaintiffs did not first demand that Facebook’s board take legal action before filing litigation themselves. Under Delaware law, shareholders must make such a demand or demonstrate that doing so would be futile because a majority of directors were self-interested, lacked independence or faced a substantial likelihood of liability.

Laster agreed with the plaintiffs that demand would be futile because there is reasonable doubt that a majority of the relevant Facebook board members, many with close personal and business ties to Mark Zuckerberg, would be willing to confront the CEO and founder of the company now known as Meta Platforms Inc., over its privacy failures.

Meta has said in filings with securities regulators that it believes the lawsuit is without merit.

In refusing to dismiss the lawsuit, the judge noted that he was required to accept the allegations in the complaint, which he described as “encyclopedic and specific” as true for purposes of ruling on the motion.

“It tells a story of directors who were on notice of the law breaking, and who either affirmatively went along with it or consciously disregarded it,” Laster said. “What we don’t have is a little lawbreaking, what we don’t have is isolated lawbreaking, what we don’t have are immaterial violations. … This is a case involving alleged wrongdoing on a truly colossal scale.”

The complaint alleges that Facebook officials repeatedly and continually violated a 2012 consent order with the Federal Trade Commission under which the company agreed to stop collecting personal data on platform users and friends without their consent, and sharing it with the third-party applications.

Facebook later sold user data to commercial partners in direct violation of the consent order, and removed disclosures from privacy settings that were required under consent order, the lawsuit alleges. The company’s conduct resulted in significant fines from regulators in Europe and culminated in the Cambridge Analytica scandal in 2018. That case involved a British political consulting firm hired by Donald Trump’s 2106 presidential campaign that paid a Facebook app developer for the personal information of tens of millions Facebook users.

Advertisement. Scroll to continue reading.

The fallout led to Facebook agreeing to pay unprecedented $5 billion penalty to settle Federal Trade Commission charges that the company violated the 2012 consent order by deceiving users about their ability to protect their personal information.

While allowing the plaintiffs to pursue their claims that Zuckerberg and several others breached their fiduciary duties to the company, Laster dismissed insider trading claims against several defendants, with the exception of Zuckerberg. The plaintiffs are seeking damages awarded to the company, disgorgement of profits allegedly made through insider trading and corporate governance reforms.

Related: Facebook Agrees to Pay $725 Million to Settle Privacy Suit

Related: Meta Hit With 390 Million Euro Fine Over EU Data Breaches

Related: Meta Slapped With 5.5 Million Euro Fine for EU Data Breach

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.