Legal Update: Facebook users with an active account between May 2007 and December 2022 can apply for some of its parent company Meta's $725 million settlement related to the Cambridge Analytica scandal. How much you can get depends on how many class members submit valid claims and how long you were a user on Facebook during the relevant time frame. To file a claim, you can fill out a form and submit it online, or print it out and mail it. If you submit a claim through the mail, your claim form must be postmarked by August 25, 2023. If you submit your claim online, the deadline is 11:59 p.m. PDT on August 25, 2023. Go to the official settlement website to learn more and submit a claim.
Facebook and other social media websites collect data you voluntarily supply, like your age, employer, relationship status, and where you live. These sites also often track what other places you visit online and what apps you use. The sites then use that information to sell advertisements. This practice sounds relatively harmless.
But in March 2018, it came out that a political data firm, Cambridge Analytica, improperly harvested and used 87 million Facebook users' personal data. Following this incident, the way Facebook and other websites treat personal information has been under increasing scrutiny.
In response to the scandal, Facebook said it was simplifying and centralizing its privacy settings to make it easier for users to change how much personal information they share. But can users rely on internet companies to self-regulate privacy protections? Most experts think not.
So, a regulatory crackdown at the federal and state levels regarding online privacy is looking more likely and necessary.
Currently, posted privacy policies rather than specific federal or state laws typically determine your privacy rights concerning the personal data that Internet-based companies collect on you. Facebook, for instance, has a privacy policy stating what it can and can't do with your information. To use the site, you must agree to the privacy policy terms.
Following the Cambridge Analytica debacle, Facebook CEO Mark Zuckerberg admitted to House and Senate lawmakers in April 2018 that Facebook hadn't done enough to protect the privacy of its 2.2 billion users' data. He also promised that the company is now committed to safeguarding people's data. But rather than relying on Internet companies to police themselves, the public is starting to demand that lawmakers introduce—and pass—laws that address Internet privacy.
On April 10, 2018, around the time that Zuckerberg talked to House and Senate lawmakers about data privacy issues, two Democratic senators, Ed Markey (Massachusetts) and Richard Blumenthal (Connecticut), introduced a bill that would protect Americans' personal information from such privacy breaches. The proposed law is called the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act.
The CONSENT Act (S. 2639) is designed to be a privacy bill of rights. It would require the Federal Trade Commission to establish basic protections for the customers of online providers like Facebook and Google.
If passed, the legislation would require providers to:
On April 10, 2018, the bill was referred to the Committee on Commerce, Science, and Transportation. To keep tabs on this bill's progress (actually, lack thereof), go to Congress.gov, the official website for U.S. federal legislative information.
On April 12, 2018, Senators Amy Klobuchar (D-Minnesota) and John Kennedy (R-Louisiana) announced a plan to introduce a similar bill designed to protect the privacy of consumers' online data. And on January 17, 2019, they introduced the Social Media Privacy and Consumer Rights Act (SB 189), bipartisan legislation that would protect the privacy of consumers' online data.
Also, two other bills that address online privacy are pending before the Subcommittee on Digital Commerce and Consumer Protection in the House Committee on Energy and Commerce:
Unfortunately, none of the proposed laws discussed here have passed and are hung up in committee. If you're concerned about privacy laws and your online data, advocate that Congress pass laws to protect you.
A few states, like Illinois and California for example, have laws addressing privacy, while in others privacy laws are being proposed.
Social media websites often collect biometric facial data, usually for photo tagging. In 2008, Illinois enacted the Biometric Information Privacy Act (BIPA). This law requires companies to:
The law also allows consumers to sue companies that don't comply with these requirements, which has led to numerous lawsuits, including suits against Facebook.
As of January 1, 2020, the California Consumer Privacy Act gives Californians the right:
The law also imposes penalties on companies that don't comply with the law.
Again, if you're concerned about privacy laws and your online data, advocate that Congress—and your state legislature—pass laws to protect you. Also, read the privacy settings for each social networking and other websites you use, and make all your pages as private as possible.
Remember that you don't have to give all your personal information in your social media profiles—so don't—and don't blindly accept privacy policies without reading them. If you don't agree with a policy, don't accept it.
Need a lawyer? Start here.