Facebook seems like receiving the short end of the stick once more, as a U.S. District Judge William Alsup ruled that the trial of the case against Facebook’s “View As” fiasco of September 2018 will proceed as scheduled. The judge ruled last June 21, denying Facebook’s appeal to junk the case due to lack of merit, but instead confirmed that there is probable cause for Facebook’s negligence for handling their users’ data. Under the “View As” feature controversy, around 50 million Facebook accounts were affected, which the social media giant later downplayed to just 30 million impacted accounts. View As had a severe bug where the personal information that the user deemed “private” were exposed to the visitor publicly.
Facebook immediately took down the View As feature pending the patch needed to fix the security glitch. View As is now a working feature of Facebook albeit not in its fulltime operations compared to prior the issue was discovered. Facebook argued that the case should be dismissed given that there is no sensitive information that was involved in the View As fiasco, no real harm is done to 30 million of their customers. The prosecution argued that Facebook is only trying to dodge liability, repainting themselves as the champions of user rights to security and privacy.
Judge Alsup favored the prosecution team, stressing that if the court drops the case, it only means the government is “turning a blind eye” with for-profit companies that continue to neglect their legal obligation to safeguard user data. Facebook had just recovered from the hefty fine of due to the Cambridge-Analytica incident, and the View As controversy has further pulls the company’s name to shame. Aside from that, Facebook is also receiving a lot of backlash with the way Facebook Lite and Instagram clients had a bug of saving passwords in the database as plain text instead of hashed values. This caused the social media giant to lose control of millions of email addresses, which were stolen due to the plain text password bug.
“From a policy standpoint, to hold that Facebook has no duty of care here ‘would create perverse incentives for businesses who profit off the use of consumers’ personal data to turn a blind eye and ignore known security risks,” explained Judge Alsup.
A separate case under the Federal Trade Commission Facebook is also facing a serious penalty, approximately the commission is set to slap Facebook with a hefty fine not exceeding $5 billion. The company, in turn, has stated that Facebook is setting aside $3 billion for the possible payment of penalties. Turkey also has a say, given that 300,000 Turkish citizens were victims of the View As security breach, making the Turkish government penalize Facebook with $280,000 fine. Under Turkish law, companies that handle personally identifiable information are expected to perform due diligence in protecting and security of its users.
“This case involves the continuing and absolute disregard with which Defendant Facebook, has chosen to treat the PII of account holders who utilize Facebook’s social media platform. While this information was supposed to be protected, Facebook, without authorization, exposed that information to third parties through lax and non- existent data safety and security policies and protocols,” concluded the court order.