Sponsored Content

Trouble Comes in Threes: Long-term Impacts of the Facebook/Cambridge Analytica Controversy


Beginning in 2014 and leading up to the 2016 Presidential election, Facebook disclosed approximately 87 million users’ personal data to political consulting and data analytics firm Cambridge Analytica, who in turn used the data to target certain Facebook users with political messaging. Facebook’s misuse of personal data — and the universal public outrage it caused—carries short- and long-term consequences for companies collecting, storing, and using consumers’ personal data. The short-term impact of the Facebook/Cambridge Analytica debacle is heightened awareness and skepticism by both government agencies and private consumers of data collection and aggregation. Your company can combat this short-term consequence by reevaluating your company’s privacy policy—privacy policies and vendor agreements that tell the consumer exactly what you are doing or intend to do with her data reduce the risk of public exposure as dishonest and unethical.

But the long-term impact of the Facebook controversy on your company is less certain and more difficult to anticipate; it depends on how successful public and private actors outside the company—government agencies, public officials, investors, and so on—are changing best privacy practices within your industry. Facebook’s data misuse may cause long-term impacts in three areas: 1) regulation, 2) litigation, and 3) legislation.

1.  The FTC could increase the number of enforcement actions (and the accompanying monetary penalties) against non-compliant companies.

Recent failures to prevent or remediate data breaches and data misuse were met with FTC enforcement, and last year the FTC brought nearly two hundred privacy and data security enforcement actions—a record for the agency. In January, the FTC settled with electronic toy maker VTech for $650,000 after the company collected personal information from children without providing direct notice and obtaining parental consent.[1] Just last month, the FTC also proposed an order against Uber that would require the company to submit reports to the agency about software design security and initiatives to prevent, detect, and respond to attacks.[2]

For More Information click here

With FTC acting director Tom Pahl confirming an investigation into Facebook’s privacy practices,[3] it is clear the agency is willing and able to investigate and penalize companies that violate FTC Act Section 5(a), engaging in unfair acts that cause substantial injury to consumers, through data misuse. Though the agency carries the burden of proving non-compliance, the Facebook case could stimulate even more aggressive FTC enforcement against and penalties for data misuse than witnessed in the recent VTech and Uber cases, as some suggest Facebook could face millions of dollars in FTC fines.[4]

2.  Litigation: You may see an increase in shareholder class action or derivative suits for consequences of data breaches.

Within weeks of the Facebook scandal, investors filed a stock-drop suit in the U.S. District Court for the Northern District of California, alleging the company made misleading statements to the SEC about data misuse. Yuan v. Facebook, Inc. et al., No. 3:18-cv-01725 (N.D. Cal. Mar. 20, 2018) (Complaint). According to the complaint, Facebook knew Cambridge Analytica was misusing data but did not inform the SEC or shareholders. Id. Facebook’s stock then dropped more than $20 over two days after publication of the scandal. Though a recent class action suit brought by consumers against VTech for data breach was dismissed,[5] companies may still be liable to investors for breach of fiduciary duty.

In a similar case, a single investor filed a stockholder derivative suit in the Delaware Chancery Court last month, claiming she was entitled to “extraordinary equitable relief” after Facebook executives breached their fiduciary duty when hiding the scandal. Sbriglio v. Zuckerberg et al., No. 2018-0307 (Del. Ch. 2018) (Complaint). In the complaint, Sbriglio alleges Facebook board members didn’t inform shareholders about the disclosures because it would have served as an admission that the company violated a 2011 FTC settlement to stop allowing third party access to data without user consent. Id.

Both cases serve as a warning to companies collecting, storing, and using personal data: misleading or outright lying about data misuse can not only create issues with the FTC, but it can also lead to shareholder suits that, even if you win, cost your company time and money.

3. Legislation: Even if Congress doesn’t fully understand the Internet, they could pass legislation that restricts the previously self-regulated tech industry.

Still reeling from Mark Zuckerberg’s testimony last month, Congress proposed legislation that will regulate how industry leaders like Facebook, Google, and Twitter use and share consumer data. The Facebook revelations produced widespread public outcry that forced politicians to pacify constituents. Senators Richard Blumenthal (D-Conn.) and Ed Markey (D-Mass.) recently proposed the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act, which would force the FTC to create and enforce privacy protections for customers of “edge” providers like Facebook.[6] While legislation like the CONSENT Act won’t have significant impact on small businesses and other non-edge providers, you can expect tougher regulation on tech leaders, on which your clients and employees may rely depending on your industry.

For guidance on data protection and privacy compliance, please contact Nick Merker. Nick Merker is a partner and co-chair of Ice Miller’s Data Security and Privacy Practice. Mason Clark is a summer clerk and lead author on this article.

This publication is intended for general information purposes only and does not and is not intended to constitute legal advice. The reader should consult with legal counsel to determine how laws or decisions discussed herein apply to the reader’s specific circumstances.

[1] Federal Trade Commission, Electronic Toy Maker VTech Settles FTC Allegations That it Violated Children’s Privacy Law and the FTC Act, FTC Press Release (Jan. 8, 2018).

[2] Federal Trade Commission; Uber Technologies, Inc., Analysis to Aid Public Comment, 83 Fed. Reg. 18,061 (Apr. 25, 2018).

[3] Federal Trade Commission, Statement by the Acting Director of FTC’s Bureau of Consumer Protection Regarding Reported Concerns about Facebook Privacy Practices, FTC Press Release (Mar. 26, 2018).

[4] Timberg, Craig and Romm, Tony, Facebook could face record fine, say former FTC officials, The Washington Post (Apr. 8, 2018).

[5] In re VTech Data Breach Litigation, No. 1:15-cv-10889 (N.D. Ill. 2017).

[6] S.2639, CONSENT Act. 115th Congress (2017-2018).

  • Perspectives

    • 3 Tips to Attract and Retain Employees in the Gig Economy

      The gig economy has been around ever since workers began looking for supplemental income, but, it has recently evolved with the introduction of technology. Companies emerging like Uber, Lyft and GrubHub, are changing the gig economy landscape of the workforce. The gig economy has attracted millennials and Gen Zers because of the flexibility and autonomy to work from anywhere, at any time.



Company Name:
Confirm Email:
INside Edge
Morning Briefing
BigWigs & New Gigs
Life Sciences Indiana
Indiana Connections


  • Most Popular Stories

    • (Industrial hemp photo courtesy of Purdue University)

      Hemp Processor Announces Expansion

      Indianapolis-based BDX Indiana has announced plans to bring more than 100 new jobs to central Indiana, with about a third of those going to a planned hemp extraction facility in Westfield. BDX extracts CBD oil from Indiana-grown hemp and is a sister company of Biodynamic Ventures, the largest hemp grower in Indiana. The city says the phase one build-out of the overall $50 million project is expected to begin this month with production to start in December. 

    • Butler Blue III is retiring next spring as the school's mascot. (photo courtesy Butler University)

      Butler Mascot Set to Retire

      One of the best-known ambassadors for Butler University is stepping down, all four legs of him, at the end of the current academic year. The university says their furry mascot, Butler Blue III, is ready to retire after nearly eight years of greeting visitors, students and staff. 

    • (photo courtesy of Indianapolis International Airport)

      Indy Airport Showcases New Retail Offerings

      Indianapolis International Airport is celebrating the opening of the first wave of new retail offerings. The new stores are part of the airport's multi-year Concessions Refresh initiative, which aims to bring a greater mix of nationally-known brands, such as FAO Schwarz and Vineyard Vines, with more local offerings, including Natalie's Candy Jar and Fountain Square Market. In all, nine new retail stores opened Tuesday morning. In an interview with Inside INdiana Business...

    • (image courtesy of Pixabay/VIN JD)

      Cyber Security Battalion to be Located in Indiana

      Indiana’s growing defense industry is further expanding into the digital battlefield. Governor Eric Holcomb has announced a National Guard cyber battalion will be located in the Hoosier state. The 127th Cyber Protection Battalion will be made up of nearly 100 soldiers focused on cybersecurity and cyber warfare. 

    • CEO of Knox County Development Corp. Steps Down

      The president and chief executive officer of the Knox County Development Corp. has resigned. Kent Utt had held the position for five years. Officials say Utt will continue to work with the corporation’s leadership to ensure a smooth transition going forward.