Case 3:18-md-02843-VC Document 491 Filed 08/04/20 Page 1 of 366 Lesley E. Weaver (SBN 191305) Derek W. Loeser (admitted pro hac vice) BLEICHMAR FONTI & AULD LLP KELLER ROHRBACK L.L.P. 555 12th Street, Suite 1600 1201 Third Avenue, Suite 3200 Oakland, CA 94607 Seattle, WA 98101 Tel.: (415) 445-4003 Tel.: (206) 623-1900 Fax: (415) 445-4020 Fax: (206) 623-3384 [email protected] [email protected] Plaintiffs’ Co-Lead Counsel Additional counsel listed on signature page UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA IN RE: FACEBOOK, INC. CONSUMER MDL No. 2843 PRIVACY USER PROFILE LITIGATION Case No. 18-md-02843-VC This document relates to: SECOND AMENDED CONSOLIDATED COMPLAINT ALL ACTIONS Judge: Hon. Vince Chhabria SECOND AMENDED CONSOLIDATED MDL NO. 2843 COMPLAINT ASE O MD C N . 18- -02843-VC Case 3:18-md-02843-VC Document 491 Filed 08/04/20 Page 2 of 366 TABLE OF CONTENTS I. INTRODUCTION ...............................................................................................................1 II. JURISDICTION, VENUE, AND CHOICE OF LAW ........................................................5 III. PARTIES .............................................................................................................................6 A. Plaintiffs ...................................................................................................................6 B. Defendants and Co-Conspirators ...........................................................................85 1. Prioritized Defendant and Doe Defendants: ....................................................85 2. Non-Prioritized Defendants (Individual Defendants Named in Actions Consolidated in this MDL as to Whom Co-Lead Counsel Seek a Stay) .........86 C. Interested Parties ....................................................................................................86 D. Unnamed Co-Conspirators: Cambridge-Analytica-Related Entities .....................87 E. Other Non-Defendant Co-Conspirator ...................................................................89 IV. FACTUAL BACKGROUND ............................................................................................89 A. Facebook’s Transition from Social Media Company to Data Broker ...................89 1. Facebook Encouraged User Engagement to Drive Advertising Revenues. .....91 2. User Engagement Increased When Facebook Gave App Developers Users’ Content and Information ..................................................................................93 3. Facebook’s Partnerships with Data Brokers Resulted in Aggregated, Deanonymized User Information ...................................................................101 4. The Wealth of Data About Users Enabled Highly Invasive Forms of Psychographic Marketing ..............................................................................103 B. Facebook Made It Difficult and Sometimes Impossible for Users to Prevent Facebook from Publishing Their Content and Information to Third-Party Applications. ........................................................................................................107 1. Overview of the Facebook User Platform .....................................................107 2. Facebook Falsely Promised Users That Their Privacy Controls Limited Sharing of Their Content and Information to the Audiences They Selected ...................108 SECOND AMENDED CONSOLIDATED i MDL NO. 2843 COMPLAINT CASE NO. 18-MD-02843-VC Case 3:18-md-02843-VC Document 491 Filed 08/04/20 Page 3 of 366 3. Facebook’s “Privacy Controls” Misled Users About How to Control the Information and Content That They Shared with Applications. ....................109 4. To Control Sharing with Applications, Facebook Required Users to Hunt for, Find, and Change the Default Preferences of Their App Settings. .........................117 5. Facebook Changed the Default Privacy Settings from 2010-2014 to Make More Content Public, Prompting FTC Action. .......................................................124 C. Facebook Allowed Third Parties to Access Facebook Users’ Content and Information Without or Beyond the Scope of Users’ Consent. ...........................127 1. Facebook Developed an Interface That Allowed App Developers to Access a Facebook User’s Content and Information Via That User’s Friend. .............127 2. Graph API Allows App Developers to Access Users’ Video Information. ...134 3. To Allow Third Parties Unfettered Access to Users’ Content and Information, Facebook Stripped Users’ Privacy Designations for Certain Content Available on Graph API. .....................................................................................................137 4. Cambridge Analytica Used Facebook’s Graph API Interface to Take Users’ Content and Information. ...............................................................................141 5. The Cambridge Analytica Scandal Has Triggered Additional Revelations of Apps’ Misuse of User Content and Information.......................................................153 6. Facebook Also Enabled Device Makers and Other Business Partners to Access Users’ Content and Information Through Friends. ........................................155 7. Facebook Extended Certain “Whitelisted” Companies Access to Friends’ Information Despite Facebook’s Contrary Representations to Users. ...........159 D. Facebook Failed to Monitor and to Protect User Content and Information from Third Parties’ Unauthorized Use. ..................................................................................166 1. Facebook Has a History of Discarding Its Promises to Protect User Privacy in Reckless Pursuit of Growth. ..........................................................................167 2. Facebook Ignored Internal Warnings Regarding Risks Posed by Third Parties’ Access to Users’ Content and Information. ...................................................171 3. Facebook Failed to Monitor Business Partners’ and Whitelisted Companies’ Use of Users’ Content and Information. ...............................................................175 4. Facebook Failed to Limit Business Partners’ and Whitelisted Companies’ Access to Users’ Content and Information. ...............................................................177 SECOND AMENDED CONSOLIDATED ii MDL NO. 2843 COMPLAINT CASE NO. 18-MD-02843-VC Case 3:18-md-02843-VC Document 491 Filed 08/04/20 Page 4 of 366 5. Facebook Allowed Business Partners and Whitelisted Companies to Deceive Users About Their Access to Users’ Content and Information. ..............................178 6. Facebook Also Took No Action to Ensure App Developers Followed Its Platform and Privacy Policies. ......................................................................................180 7. Facebook Failed to Adequately Mitigate Harm Caused by Kogan and Cambridge Analytica or to Prevent Further Risk of Harm. ..............................................181 8. Facebook’s Failure to Notify Plaintiffs of the Misuse of Their Data Hindered User’s Ability to Take Remedial Measures. ..................................................183 E. Plaintiffs Did Not Consent to Facebook’s Misconduct. ......................................184 1. Facebook’s SRR and Data Policy Did Not Create Consent. .........................184 a. Facebook’s SRR and Data Policy Did Not Create Consent with Respect to the VPPA. ................................................................................................185 b. Facebook’s SRR and Data Policy Did Not Create Consent to Conduct that Violated the SRR and Data Policy. ..........................................................186 (i) By Allowing Users No Control over Sharing with Business Partners, Facebook Violated Its Pledge That Users Would Have Control over How Their Content and Information Was Shared. .....................................186 (ii) Facebook Violated Its Pledge That Apps and Websites Would Use Users’ Content and Information Merely “in Connection with” Their Friends.186 (iii)By Continuing to Allow Whitelisted Apps and Business Partners’ Apps to Have Access Even to Users That Had Turned off All App Access, Facebook Violated Its Pledge That Users Could Bar Apps from Accessing Their Data. ........................................................................187 (iv) Facebook Violated Its Pledge Not to Give Content and Information to Advertisers by Permitting Access by Apps, Websites, and Business Partners That Were Also Advertisers. ...............................................188 (v) By Stripping Metadata from Content and Information, Facebook Violated Its Pledge That Apps Would Respect Users’ Privacy. .......................190 c. Users Did Not Consent to Misconduct That the Documents Wholly Failed to Disclose. ...................................................................................................190 (i) Facebook Failed to Disclose Its Data Sharing with Business Partners ..............................................................................................191 (ii) Facebook Failed to Disclose Psychographic Profiling. .....................192 SECOND AMENDED CONSOLIDATED iii MDL NO. 2843 COMPLAINT CASE NO. 18-MD-02843-VC Case 3:18-md-02843-VC Document 491 Filed 08/04/20 Page 5 of 366 (iii)Facebook Failed to Disclose That When Apps and Websites Accessed Data from the Friends of Users, Those Friends’ Privacy Metadata Was Stripped. .............................................................................................192 d.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages366 Page
-
File Size-