Facebook continues to ramp up its legal action against companies which break its rules, this time launching a new suit against a data analytics firm which stole Facebook user data via connected apps.
As explained by Facebook:
"Today, Facebook filed a federal lawsuit in California court against oneAudience, a New Jersey-based data analytics company that improperly accessed and collected user data from Facebook and other social media companies by paying app developers to install a malicious Software Development Kit (SDK) in their apps."
oneAudience claimed to provide advertisers with real audience data and reach, based on actual user info.
As per the oneAudience website:
"There’s a lot of mobile information out there – most of which is based on probabilistic methods (in other words, guesswork). oneAudience eliminates uncertainty by sourcing real, verified users with our deterministic device ID methods to offer advertisers a fraud-free and personalized way to target mobile users across all devices."
The company has gone quiet however - all of its social media profiles have been deleted, and a large announcement on its front page relates specifically to Facebook's case, dated November 2019:
"Recently, we were advised that personal information from hundreds of mobile IDs may have been passed to our oneAudience platform. This data was never intended to be collected, never added to our database and never used. We proactively updated our SDK to make sure that this information could not be collected on November 13, 2019. We then pushed the new version of the SDK to our developer partners and required that they update to this new version."
Facebook claims that oneAudience was well aware of this misuse, and as noted, paid developers to include its SDK, and its data-gathering capacity, into their apps.
"Security researchers first flagged oneAudience’s behavior to us as part of our data abuse bounty program. Facebook, and other affected companies, then took enforcement measures against OneAudience. Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate."
This has now lead to Facebook taking the next step, enforcing action against the company in court.
As noted, this is the latest example of Facebook taking firmer action against those who fail to comply with platform rules. In the wake of Cambridge Analytica, Facebook, it seems, is not letting such abuses off so easily - for example:
- In March 2019, Facebook filed suit against several companies over the sale of fake followers and likes, following a ruling by New York's Attorney General that selling fake social media followers and likes is essentially illegal.
- In August 2019, Facebook launched another set of legal proceedings against two app developers over 'click injection fraud', which simulates clicks in order to extract ad revenue.
- In December, Facebook announced legal action against a company which used Facebook posts and ads to trick users into downloading malware, in order to steal their personal information.
In the past, Facebook has not been as active in taking these cases to trial, but now, with its business integrity in question, and social media becoming a more significant part of the professional landscape, Facebook is looking to establish more solid legal ground with such cases. Rulings in their favor will help build legal precedent, which will then enable Facebook to better deter similar programs in future.
And really, this is what Facebook needs to do. If Facebook can continually show that, more than just implementing rules around data use, that it's actually enforcing them, and holding businesses accountable, that will help improve Facebook's standing, and lessen the perception that it's not responsible with user data.
Maintaining control over such is better for Facebook's business either way, but from a PR perspective, such actions could be even more valuable in the long run.