The Federal Trade Commission’s Opinion finding that Cambridge Analytica engaged in deceptive practices to harvest personal information closes another chapter in the Commission’s actions against Cambridge Analytica and its former chief executive and app developer. The opinion is noteworthy for two reasons. First, the procedural posture of this matter is unique because Cambridge Analytica failed to appear or to answer the complaint. This allowed the Commission under its Rules of Practice to find the facts to be as alleged in the complaint and to enter a final decision. Second, the Commission’s opinion holds that a false express privacy claim is material and thus violates Section 5 of the FTC Act.
In July 2019, the FTC filed an administrative complaint against Cambridge Analytica and announced settlements with Cambridge Analytica’s former chief executive and an app developer who worked with the company. The complaint alleged that the respondents employed deceptive tactics to harvest personal information from tens of millions of Facebook users for voter profiling and targeting. Specifically, the FTC’s complaint alleged that Cambridge Analytica, Krogan and Nix deceived consumers by falsely representing that they did not collect personally identifiable information from Facebook users who were asked to answer survey questions and shared some of their Facebook profile data. The complaint also alleged that Cambridge Analytical misrepresented its participation in Privacy Shield and its adherence to Privacy Shield principles.
The settlements with the former chief executive, Alexander Nix and app developer Aleksandr Kogan were put out for public comment and are not yet final.
Under the Commission’s rules of practice, because Cambridge Analytica failed to file an answer to the complaint or oppose complaint counsel’s Motion for Summary Decision, there is no genuine issue of material fact which authorizes the Commission, without further notice to them, to find the facts as alleged in the complaint and enter a final decision.1 As students of the Commission are well aware, a Commission opinion is a higher form of precedent than negotiated settlements and orders, which while providing useful guidance, are not binding on others. That is why the Commission’s Opinion is significant.
The Commission’s complaint against Cambridge Analytica contained three counts. The first alleged that Cambridge Analytica falsely represented to Facebook users who authorized the GSRApp that it did not collect their personally identifiable information. The second count alleged that Cambridge Analytica was a participant in Privacy Shield from May to November 2018, even though it had allowed its certification to lapse. The third count alleged that Cambridge Analytica would adhere to Privacy Shield principles, even though it failed to affirm to the Department of Commerce, as required, that it would continue to apply those principles to personal information it had acquired while participating in the program.
The GSRApp was the app that asked users to answer survey questions. According to the complaint, through the GSRApp Cambridge Analytica made the following representation: “In this part, we would like to download some of your Facebook data using our Facebook app. We want you to know that we will NOT download your name or any other identifiable information – we are interested in your demographics and likes.” The Commission’s opinion found that this representation was false and misleading because contrary to the representation, the GSRApp did in fact collect participating users’ personally identifiable information, notably their Facebook User IDs. Accordingly, the Commission found that this claim was deceptive because it was false and material.
For an act or practice to be deceptive, it must be material. The Commission’s 1983 Policy on Deception2 stated that certain categories of information are presumptive material such as express claims, claims that involve health or safety, or areas with which a reasonable consumer would be concerned. Cambridge Analytica did not rebut the legal presumption. In addition, the Commission found that there was other evidence to support the materiality of this claim. Specifically, according to the complaint, Cambridge Analytica included the representation as the point in the surveys where the GSRApp requested App Users’ permission to collect “some” of their Facebook data after learning that half of the survey participants had refused to granny any permission to the GSRApp absent such an assurance. Therefore, the Commission inferred that Cambridge Analytica included the statement as a means of inducement.
The Commission’s opinion similarly found counts two and three relating to privacy shield to be false and material and hence deceptive.
The FTC’s opinion affirms that express false privacy claims are material.
116 CFR § 3.12(c).
2 FTC Policy Statement on Deception
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.