Google Safari Workaround case inspires campaign to sue Facebook in UK's High Court over Cambridge Analytica app

'Facebook You Owe Us' wants to run a not-quite-class-action-style lawsuit

A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become a representative action in the High Court, its instigators said today.

The campaign, "Facebook You Owe Us", is riding on the coat-tails of former Which? director Richard Lloyd's similarly named campaign, "Google You Owe Us", following the latter's victory in the Court of Appeal over its representative action status.

A representative action in the High Court is a close cousin of the US class-action procedure, though there are some legal differences.

The campaign said in a statement: "In 2013 and 2014, thousands of people participated in the thisisyourdigitallife app on Facebook. Facebook allowed this app to harvest the data of the app users' friends without their friends' permission or knowledge, including Alvin Carpio, the representative claimant. By taking data without consent, it is alleged that Facebook failed to meet their legal obligations under the Data Protection Act 1998."

The thisisyourdigitallife app was created by Cambridge Analytica as a data-harvesting exercise, as reported last year when Facebook paid a £500,000 fine to the Information Commissioner's Office while, bizarrely, not admitting liability or guilt. Data harvested from the app's users was then used by the controversial firm to target adverts across social media platforms on behalf of paying political clients. A later ICO investigation found that Cambridge Analytica's sales and marketing spiel vastly outweighed its actual impact.

Nonetheless, the fine provided the legal hook for Facebook You Owe Us. Using Richard Lloyd's so far successful case (Google has the option of taking it to the Supreme Court), the idea is to claim on behalf of "almost a million" people said to be affected by Facebook allowing the Cambridge Analytica app to operate.

The Register understands the campaign is at the earliest stage of taking legal action; namely, sending Facebook a pre-action protocol letter notifying the US company that it intends to sue. It will have to overcome a number of procedural hurdles before any courtroom hearings.

If the campaign is operating in the same way as the Lloyd case – it shares a legal team with him – the lawyers running the case could be in for a bumper payday. The Lloyd case is being bankrolled by Therium Capital Management Ltd, which stands to receive a share of the financial proceeds if Lloyd wins. As Google's barrister, Antony White QC told the High Court in 2018, in what were ultimately unsuccessful submissions: "The amounts could be very substantial indeed. If there are 4.4 million claimants, each entitled to several hundred pounds, under the current damages-based regime the maximum share is 50 per cent. If 50 per cent were taken by the funder, the amount generated in this action for the funder would be a very substantial sum of money."

The Court of Appeal later ruled that the "representative class" of people had a strong enough collective interest in the case for it to go ahead, irrespective of other considerations.

James Oldnall, managing partner of law firm Milberg London, which acts for representative litigant Carpio, said in a statement: "Cases like Facebook You Owe Us and Google You Owe Us provide consumers with an essential route to redress. The courts are beginning to recognise that personal data has value, and that representative actions are a suitable mechanism to hold companies to account for abusing or misusing that data." ®

Similar topics

Other stories you might like

  • Research finds consumer-grade IoT devices showing up... on corporate networks

    Considering the slack security of such kit, it's a perfect storm

    Increasing numbers of "non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models.

    According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."

    The company surveyed 1,900 IT decision-makers across 18 countries including the UK, US, Germany, the Netherlands and Australia, finding that just over three quarters (78 per cent) of them reported an increase in non-business IoT devices connected to their org's networks.

    Continue reading
  • Huawei appears to have quenched its thirst for power in favour of more efficient 5G

    Never mind the performance, man, think of the planet

    MBB Forum 2021 The "G" in 5G stands for Green, if the hours of keynotes at the Mobile Broadband Forum in Dubai are to be believed.

    Run by Huawei, the forum was a mixture of in-person event and talking heads over occasionally grainy video and kicked off with an admission by Ken Hu, rotating chairman of the Shenzhen-based electronics giant, that the adoption of 5G – with its promise of faster speeds, higher bandwidth and lower latency – was still quite low for some applications.

    Despite the dream five years ago, that the tech would link up everything, "we have not connected all things," Hu said.

    Continue reading
  • What is self-learning AI and how does it tackle ransomware?

    Darktrace: Why you need defence that operates at machine speed

    Sponsored There used to be two certainties in life - death and taxes - but thanks to online crooks around the world, there's a third: ransomware. This attack mechanism continues to gain traction because of its phenomenal success. Despite admonishments from governments, victims continue to pay up using low-friction cryptocurrency channels, emboldening criminal groups even further.

    Darktrace, the AI-powered security company that went public this spring, aims to stop the spread of ransomware by preventing its customers from becoming victims at all. To do that, they need a defence mechanism that operates at machine speed, explains its director of threat hunting Max Heinemeyer.

    According to Darktrace's 2021 Ransomware Threat Report [PDF], ransomware attacks are on the rise. It warns that businesses will experience these attacks every 11 seconds in 2021, up from 40 seconds in 2016.

    Continue reading

Biting the hand that feeds IT © 1998–2021