Appeals Court Revives DC Privacy Suit Against Facebook

Originally brought by the District's attorney general, the suit alleges that the social media platform misled consumers about its data-privacy practices, in violation of the D.C. Consumer Protection Procedures Act (CPPA).

"In the District’s telling, Facebook violated the CPPA by unintentionally misleading consumers about which of their data was accessible to third-party applications through a Facebook user’s friends and about Facebook’s enforcement capabilities for auditing third-party applications," and "made a material omission by failing to disclose to users that their data had been obtained in violation of Facebook’s policies," said Judge Vijay Shanker.

"The trial court granted summary judgment for Facebook after observing that the District had to prove its CPPA claims by clear and convincing evidence," he added. "In light of our conclusion that CPPA claims based on unintentional conduct may be proved by a preponderance of the evidence, we reverse and remand for the trial court to consider whether summary judgment is appropriate under the correct burden of proof."

The lawsuit stemmed from the 2016 Cambridge Analytica scandal, where the data of nearly 2 billion Facebook users was allegedly exposed. A shareholder lawsuit in the Delaware Court of Chancery seeking $8 billion from Facebook for privacy violations in connection with Cambridge Analytica was reportedly settled earlier in July, though no details were released (see 2507170054).

The FTC issued a $5 billion privacy fine against Facebook for violating consumer privacy in 2019 (see 1910250049).