News

Mass legal action brought against Facebook over ‘data protection failure’

The claim alleges that Facebook allowed a third-party app to access the personal information of users without their knowledge or consent.
The claim alleges that Facebook allowed a third-party app to access the personal information of users without their knowledge or consent. The claim alleges that Facebook allowed a third-party app to access the personal information of users without their knowledge or consent.

A mass legal action has been launched on behalf of at least one million UK Facebook users over claims that the social media giant failed to protect their personal data.

The representative claim has been filed with the High Court in London and alleges that Facebook allowed a third-party app to access the personal information of users without their knowledge or consent between November 2013 and May 2015.

It is claimed the social network’s settings permitted the app, called This Is Your Digital Life, to harvest the personal information of not only the users of the app, but also their Facebook friends.

The legal action has been filed by journalist and writer Peter Jukes, on behalf of himself and around one million other affected users in England and Wales.

Announcing his decision to bring the action, Mr Jukes said: “Facebook profits from its billions of users, who reasonably rely on the platform to protect the personal information they entrust to it.

“Facebook exploited that trust by making users’ private data available to a third-party app, without their consent or even knowledge.

“This opened our personal data up to abuse. It is only right that we, as consumers, hold Facebook to account for failing to comply with the law and for putting our personal data at risk, to ensure that this is not allowed to happen again.”

The representative action seeks damages from Facebook, on behalf of affected individuals in England and Wales, as a result of the tech giant’s failure to comply with its statutory duties under the Data Protection Act 1998.

The claim is being brought against Facebook Inc and Facebook Ireland Limited under rules which allow a representative claimant to bring a claim on behalf of a class of people with the same interest – who are all included unless they opt out.

Michael Bywell, partner at Hausfeld law firm, which is representing Mr Jukes, said: “Facebook breached its legal obligations to protect the data of its users.

“The law is clear that Facebook had a duty to safeguard users’ personal information – a duty that it neglected.

“We believe this claim offers the best avenue of redress for consumers who suffered at the hands of Facebook’s failure to abide by data protection laws.”

Facebook agreed to pay a fine of £500,000 in October 2019 following an investigation into the misuse of personal data in political campaigns.

The Information Commissioner’s Office (ICO) carried out a wide-ranging investigation into the use of data analytics for political purposes and issued the penalty to the tech giant in October 2018.

The investigation found that, between 2007 and 2014, Facebook processed user data by letting third-party app developers access personal information without the user’s informed consent.

The most high-profile aspect of this was political consulting firm Cambridge Analytica after it was found to have harvested data, which resulted in multiple investigations and fines.

Cambridge Analytica, which closed in 2018, is said to have worked with Donald Trump on his US presidential campaign run by whistleblower Christopher Wylie.

In the UK, the firm was accused of using the data to target potential Leave voters in the 2016 Brexit referendum.

Facebook’s settings at the time allowed app developers to access the personal data of not just the people who used their app, but of all of their friends as well.

The breach was thought to have affected 87 million users worldwide, with at least one million of them based in the UK.

The ICO later found no evidence that any UK user’s data was shared with Cambridge Analytica.

A Facebook spokesman said in a statement: “The Information Commissioner’s Office investigation into these issues, which included seizing and interrogating Cambridge Analytica’s servers, found no evidence that any UK or EU users’ data was transferred by Dr (Aleksandr) Kogan to Cambridge Analytica.”