Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

FTC Opinion Holds False Express Privacy Claims are Material

Share

The Federal Trade Commission’s Opinion finding that Cambridge Analytica engaged in deceptive practices to harvest personal information closes another chapter in the Commission’s actions against Cambridge Analytica and its former chief executive and app developer. The opinion is noteworthy for two reasons. First, the procedural posture of this matter is unique because Cambridge Analytica failed to appear or to answer the complaint. This allowed the Commission under its Rules of Practice to find the facts to be as alleged in the complaint and to enter a final decision. Second, the Commission’s opinion holds that a false express privacy claim is material and thus violates Section 5 of the FTC Act.

In July 2019, the FTC filed an administrative complaint against Cambridge Analytica and announced settlements with Cambridge Analytica’s former chief executive and an app developer who worked with the company. The complaint alleged that the respondents employed deceptive tactics to harvest personal information from tens of millions of Facebook users for voter profiling and targeting. Specifically, the FTC’s complaint alleged that Cambridge Analytica, Krogan and Nix deceived consumers by falsely representing that they did not collect personally identifiable information from Facebook users who were asked to answer survey questions and shared some of their Facebook profile data. The complaint also alleged that Cambridge Analytical misrepresented its participation in Privacy Shield and its adherence to Privacy Shield principles.

The settlements with the former chief executive, Alexander Nix and app developer Aleksandr Kogan were put out for public comment and are not yet final.

Under the Commission’s rules of practice, because Cambridge Analytica failed to file an answer to the complaint or oppose complaint counsel’s Motion for Summary Decision, there is no genuine issue of material fact which authorizes the Commission, without further notice to them, to find the facts as alleged in the complaint and enter a final decision.1 As students of the Commission are well aware, a Commission opinion is a higher form of precedent than negotiated settlements and orders, which while providing useful guidance, are not binding on others. That is why the Commission’s Opinion is significant.

The Commission’s complaint against Cambridge Analytica contained three counts. The first alleged that Cambridge Analytica falsely represented to Facebook users who authorized the GSRApp that it did not collect their personally identifiable information. The second count alleged that Cambridge Analytica was a participant in Privacy Shield from May to November 2018, even though it had allowed its certification to lapse. The third count alleged that Cambridge Analytica would adhere to Privacy Shield principles, even though it failed to affirm to the Department of Commerce, as required, that it would continue to apply those principles to personal information it had acquired while participating in the program.

The GSRApp was the app that asked users to answer survey questions. According to the complaint, through the GSRApp Cambridge Analytica made the following representation: “In this part, we would like to download some of your Facebook data using our Facebook app. We want you to know that we will NOT download your name or any other identifiable information – we are interested in your demographics and likes.” The Commission’s opinion found that this representation was false and misleading because contrary to the representation, the GSRApp did in fact collect participating users’ personally identifiable information, notably their Facebook User IDs. Accordingly, the Commission found that this claim was deceptive because it was false and material.

For an act or practice to be deceptive, it must be material. The Commission’s 1983 Policy on Deception2 stated that certain categories of information are presumptive material such as express claims, claims that involve health or safety, or areas with which a reasonable consumer would be concerned. Cambridge Analytica did not rebut the legal presumption. In addition, the Commission found that there was other evidence to support the materiality of this claim. Specifically, according to the complaint, Cambridge Analytica included the representation as the point in the surveys where the GSRApp requested App Users’ permission to collect “some” of their Facebook data after learning that half of the survey participants had refused to granny any permission to the GSRApp absent such an assurance. Therefore, the Commission inferred that Cambridge Analytica included the statement as a means of inducement.

The Commission’s opinion similarly found counts two and three relating to privacy shield to be false and material and hence deceptive.

The FTC’s opinion affirms that express false privacy claims are material.


116 CFR § 3.12(c).

2 FTC Policy Statement on Deception

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

Receive Email Alerts to New Articles

SUBSCRIBE

December 9, 2019
Written by: Discerning Data Editorial Board
Category: FTC
Tags: FTC, personal data

Post navigation

Previous Previous post: $1.6 Million Civil Money Penalty for HIPAA Breach Impacting 6,617 Individuals
Next Next post: ED Requires Higher Education Audits to Review GLBA Data Security Compliance

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT