Facebook has been sued for its alleged failure to keep hold of the personal data of more than one million UK users.
The mass legal action has been filed with the High Court in London and claims the social media giant allowed a third-party app to access the information of users without their consent or knowledge between November 2013 and May 2015.
It is alleged that Facebook’s privacy settings at the time allowed the app, called This is Your Digital Life, to harvest not only the users’ information, but also that of their Facebook friends who may never have interacted with the program.
Peter Jukes, a journalist and writer, has brought forward the case on behalf of himself and around one million other affected users in England and Wales.
Mr Jukes, who is represented by law firm Hausfeld, claimed the alleged harvesting opened the information to abuse by other firms such as Cambridge Analytica. The Information Commissioner’s Office (ICO) described it as a “very serious data incident”.
Information on name, gender, location, tagged photos and pages liked were all collected by the app, according to the lawsuit.
Hausfeld was unable to give an insight on to how much money users could receive should the suit be successful due to a lack of precedence.
The case has been taken against Facebook and Facebook Ireland using the Civil Procedure Rules, which allows a claimant to bring a case on behalf of a class of people with the same interest.
Everyone with the same interest is included in the case unless they choose to opt-out.
Mr Jukes said that Facebook profited from “billions of users” who relied on it to protect their personal information.
“Facebook exploited that trust by making users’ private data available to a third-party app, without their consent or even knowledge,” he said in a statement on Tuesday.
“This opened our personal data up to abuse. It is only right that we, as consumers, hold Facebook to account for failing to comply with the law and for putting our personal data at risk, and to ensure that this is not allowed to happen again.”
Michael Bywell, partner at Hausfeld, said that Facebook had “breached its legal obligations” to its users.
“The law is clear that Facebook had a duty to safeguard users’ personal information – a duty that it neglected,” he said.
“With an experienced team, committed class representative and funding and after-the-event insurance in place, we believe this claim offers the best avenue of redress for consumers who suffered at the hands of Facebook’s failure to abide by data protection laws.”
In 2019, Facebook agreed to pay a £500,000 fine after an ICO investigation into the misuse of personal data in political campaigns. The ICO’s probe found that between 2007 and 2014, Facebook processed user data by letting third-party app developers access personal information with the user’s informed consent.
Cambridge Analytica was the most high-profile of the cases involved. The company closed in 2018 and was said to have worked with Donald Trump on his US presidential campaign. In the UK, the company was accused of using data to target potential Leave voters in 2016’s Brexit referendum.
At the time, Facebook’s settings allowed developers to access the personal data not just of the people who used their app but of all their friends as well. The breach was thought to have hit 87 million users worldwide with around one million based in the UK. The ICO later found there was no evidence that any UK user’s data was shared with Cambridge Analytica.
A spokesman for Facebook said in a statement: "The Information Commissioner's Office investigation into these issues, which included seizing and interrogating Cambridge Analytica's servers, found no evidence that any UK or EU users' data was transferred by Dr (Aleksandr) Kogan to Cambridge Analytica."