A privacy violation is a real harm.
After The New York Times revealed last month that Facebook continued to share personal information of millions of consumers with companies like Netflix, Yahoo, Spotify and Google — despite contrary assertions to Congress — many people decided to delete their Facebook accounts. But if Facebook’s actions, as described by The Times, violated the law, consumers should be able to send an even more powerful message, one that could leave a much larger imprint on the company’s ledger books: suing the company for damages.
Facebook knows this and has been working to make it near impossible to do so.
For example, consumers recently filed a lawsuit in Illinois claiming Facebook violated a state privacy law by using facial recognition technology on their uploaded photographs without their consent. Facebook is fighting the lawsuit by trying to get the court to buy into troubling arguments that would make it even more difficult for consumers to sue lawbreaking companies for damages.
Facebook is arguing that the law at issue doesn’t grant consumers the ability to sue companies, otherwise known as a “private right of action,” based solely on the fact that a company violated the law. Instead, according to Facebook, consumers should have to show that the lawbreaking practice caused additional harm beyond a mere violation to get their day in court and damages.
If you applied Facebook’s twisted interpretation of the law in this case to other contexts, sharing your intimate messages without your permission or handing over detailed profiles of you to political operatives without your consent — even if in direct violation of the law — alone shouldn’t cost the company a penny in court. Facebook is paradoxically arguing that privacy itself has no price, even in cases where it’s this precise lack of privacy that allows it to turn a profit.
It’s not the first time we’ve seen this argument, and other companies have made similar arguments in privacy lawsuits. In addition, major industry players, including the U.S. Chamber of Commerce, have put forward similar views. They are fighting legislation that would grant consumers the ability to sue companies for privacy violations and are lobbying for federal privacy legislation where enforcement is tied only to “concrete” harm, not necessarily to violations of the law.