Facebook is the subject of a recent media blitz due to the allegations that 50 million people had their information improperly disclosed to Cambridge Analytica, a data research firm that may have played a role in the 2016 election.

The premise of the allegations is that Cambridge Analytica sent out a personality test to roughly 270,000 of Facebook’s users, stating that it would use the test for academic purposes.  However, allegedly, Cambridge Analytica collected the personal information not only of those who replied to the survey, but also of all of those individuals’ Facebook “friends.”  By doing so, the 270,000 users extrapolated to 50 million users.

While this news is only a few days old, already, a Facebook user sued Facebook and Cambridge Analytica in San Jose, California federal court (Price v. Facebook, Inc., N.D. Cal., No. 18-1732, 3/20/18).  In addition to the inevitable wave of law suits, there are now reports that the Federal Trade Commission (FTC) is investigating whether this event violated Facebook’s 2011 Consent Decree.  This Consent Decree required Facebook to notify users and receive affirmative consent before sharing users’ personal data that exceeds the privacy settings that each user individually specifies.  If the FTC finds that Facebook violated its Consent Decree, Facebook could find itself facing a penalty of up to $40,000 per violation.  When considering the sheer number of users that are potentially affected, Facebook could be facing a steep penalty depending on the results of the FTC’s investigation.  If that wasn’t enough, Facebook officials are in the midst of briefing members of congressional intelligence committees.  We will continue to follow developments as they arise.

Print:
EmailTweetLikeLinkedIn
Photo of Daniel J. Kagan Daniel J. Kagan

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and…

Dan Kagan is an Associate in the Health Care, Long Term Care and Privacy and Cybersecurity Groups. He represents hospitals, physicians, nursing homes, assisted living communities, CCRCs and other health care clients with a wide range of regulatory, compliance, risk management, transactional and reimbursement issues.

With regard to Privacy and Cybersecurity, Dan has experience drafting privacy policies and notices, website terms of use, written information security plans and incident response plans.  Dan counsels clients on compliance issues related to state, federal and international privacy laws including the General Data Protection Regulation (GDPR).  Dan also has experience representing both health care and non-health care clients that have suffered data breaches and assists such clients with breach response and applicable reporting obligations.  Dan writes extensively on privacy and cybersecurity issues and is a co-editor of Murtha’s Privacy and Cybersecurity Perspectives blog.

As a member of the Health Care and Long Term Care groups, Dan has experience representing clients with HIPAA compliance, Stark and anti-kickback analyses, purchase and sale transactions, reviewing and drafting contracts, certificate of need requirements, rate appeals, Medicare and Medicaid audits, medical staff and credentialing matters, licensing and change of ownership proceedings.

Prior to joining Murtha Cullina, Dan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court.

Dan received his J.D. with honors from the University of Connecticut School of Law where he was a Notes and Comments Editor for the Connecticut Insurance Law Journal. He earned his Bachelor of Arts in Economics from McGill University.