Facebook's repetitive losses of users' privacy supplies a long-term need for supervision: US Judge

A federal judge said up to 29 million Facebook Inc users whose personal information was stolen in a September 2018 data breach cannot sue as a group for damages, but can seek better security at the social media company after a series of privacy lapses. In a decision late Tuesday night, US District Judge William Alsup in San Francisco said neither credit monitoring costs nor the reduced value of stolen personal information was a “cognizable injury” that supported a class action for damages. Alsup also said damages for time users spent to mitigate harm required individualised determinations rather than a single classwide assessment. Users were allowed to sue as a group to require Facebook to employ automated security monitoring, improve employee training, and educate people better about hacking threats. (Also read:  How three bugs allowed hackers to compromise over 90 million Facebook accounts ) [caption id=“attachment_7571201” align=“alignnone” width=“1280”] Facebook has faced many lawsuits over privacy, including for allowing British political consulting firm Cambridge Analytica access data. Image: Facebook[/caption] Alsup rejected Facebook’s claim that these were unnecessary because it had fixed the bug that caused the breach. “Facebook’s repetitive losses of users’ privacy supplies a long-term need for supervision,” at least at this stage of the litigation, Alsup wrote. Also read:  Cambridge Analytica data scandal: Timeline of the year gone by shows Facebook has a lot to do ) Allowing a damages class action could have exposed Facebook to a higher total payout. Lawyers for the Facebook users did not immediately respond to requests for comment. Facebook did not immediately respond to similar requests. On 28 September 2018, Facebook said that **hackers had exploited software flaws to access 50 million users' accounts** , at the time considered the largest breach in the California-based company’s 14-year history. It scaled back the size two weeks later, saying 30 million users had their access tokens stolen, while 29 million had personal information such as gender, religion, email addresses, phone numbers and search histories taken. Facebook has faced many lawsuits over privacy, including for allowing British political consulting firm **Cambridge Analytica access data for** an estimated 87 million users. (Also read:  Facebook accused of 'intentionally and knowingly' violating UK privacy rules ) In September, US District Judge Vince Chhabria in San Francisco said Facebook must face most of a damages lawsuit over access by third parties such as Cambridge, calling Facebook’s views about users’ privacy expectations “so wrong.” Facebook Chief Executive Mark Zuckerberg outlined his “privacy-focused vision” for social media in a 6 March blog post. “Privacy gives people the freedom to be themselves and connect more naturally, which is why we build social networks,” he wrote. The case is Adkins v Facebook Inc, US District Court, Northern District of California, No. 18-05982. (Also read:  Facebook agrees to provide additional documents by 26 November for California privacy probe )