Facebook Class Action Privacy Lawsuit Moves Forward But Without Any Teeth
December 1, 2019 - A federal judge in San Francisco is allowing a class action lawsuit against Facebook over a data breach involving nearly 30 million users to move forward. At the same time, the judge - William Alsup - pretty well defanged any potential remedy against the company when he removed the ability of the plaintiffs to recover any damages associated with the breach. As a result, the suit now only allows the plaintiffs to force the company to enhance its privacy and data security practices.
The judge's decisions stated that the costs of credit monitoring for those whose data was leaked were not a "cognizable injury." And he came to the conclusion that individuals who had to spend time attempting to prevent identity theft, or to correct credit issues that occurred due to identity theft from this breach, needed to be handled individually rather than as a class. In other words, the victims will be forced to sue Facebook as individuals.
As anyone who has ever been a victim of identity theft will tell you, it can take years of work to repair damaged credit. While we have repeatedly stated for many years that credit monitoring is a worthless service in our estimation, we also understand the desire of anyone who has their data breached to protect themselves. And if that desire leads victims to purchase credit monitoring services that they never would have needed in the first place if their data had been properly protected, it is impossible for us to reach the conclusion that their damages don't amount to a "cognizable injury."
Judge Alsup's decision is completely misguided in our estimation. The only way that companies will make the investment in proper data security procedures is if not doing so is more costly to them. That's been proven out time and again. Otherwise, the cost of fighting lawsuits such as this one will simply be viewed as a cost of doing business and nothing will change.