In a flashback to Facebook's early days, the U.S. Supreme Court Monday declined to review the settlement of a lawsuit against the social network over an ill-fated advertising program called Beacon, which was abandoned after users complained it violated their privacy.
The program — one of the first of Facebook's ongoing conflicts over user privacy — launched in November 2007. Participating companies would notify Facebook when a logged-in member bought something on one of their websites. In a privacy gaffe that seems almost quaint compared to how widely user information is shared today, Facebook then sent a message to the member's friends notifying them that someone they knew just made a purchase.
Facebook's members began to complain that the notices were embarrassing or tipped off their friends about surprise gifts. And they said that opting out of Beacon was made intentionally difficult. In September 2009, after making adjustments to the program, Facebook shut it down.
While it was still in operation, 19 people filed a class action lawsuit over Beacon. They eventually agreed to a $9.5 million settlement that provided a few thousand dollars each to the original plaintiffs and required Facebook to pay $6.5 million to establish the Digital Trust Foundation. Its mission: "fund and sponsor programs designed to educate users, regulators and enterprises regarding critical issues relating to protection of identity and personal information online." The rest of the money went to lawyers.
One of the original members of the class action challenged the settlement, arguing that the federal courts are becoming too willing to accept agreements like this, in which class members get next to nothing and companies are allowed instead to make payments to charities or other organizations. Facebook responded that the size of the class of potential plaintiffs was so large that direct payments would have been tiny and that setting up the foundation was consistent with the interests of those who filed the lawsuit.
While Chief Justice John Roberts said he agreed with the Supreme Court's decision not to take the case, he too raised questions about the procedure used in the lower courts to resolve the dispute.
In a brief opinion concurring with the court's denial of the case, Roberts wrote that this kind of settlement is becoming more common, in which consumers get little to nothing. "In a suitable case, this Court may need to clarify the limits on the use of such remedies."
Following the Beacon debacle, loss of user privacy online has been an ongoing concern, especially on Facebook.
In August 2012, Facebook reached a settlement with the Federal Trade Commission related to the social network's 2009 privacy rollback, which removed privacy controls on information such as your name and profile photo. According to the FTC, Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public."
As a result of the settlement, Facebook is now barred "from making any further deceptive privacy claims." It also requires "that the company get consumer's approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years." The social network was not required to reinstate the removed privacy controls cited in the complaint.
The current ubiquity of the Facebook "Like" button across the Internet, which helps both the social network and advertisers track your Internet behavior, allows those with access to compile detailed user profiles for marketing purposes.
In Facebook's most recent privacy rollback, 13- to 17-year-old users are no longer limited to sharing posts any further than "friends of friends." Though privacy settings for Facebook's youngest users now default to "friends," teens have the option to both share posts publicly and have Twitter-style followers as well.