Digital Rights Ireland (DRI) is calling on victims of the recent major Facebook data breach to join a legal case against the tech giant in what will be the largest-ever mass action of its kind.
- Digital Rights Ireland is inviting Europeans affected by the recent breach of personal data by Facebook to join a mass action lawsuit at facebookbreach.eu
- DRI will sue Facebook to recover damages for those affected, a first for legal actions against tech companies in Europe.
- The case will be filed in the courts of Ireland on behalf of thousands of Facebook users.
EU citizens among the half a billion people affected by the recent data breach can sign up at facebookbreach.eu to sue Facebook for damages. Personal data – including individuals’ names, Facebook IDs, and phone numbers – were compromised as part of the major breach.
Digital Rights Ireland has made a complaint to the Irish Data Protection Commission (DPC). The group is now preparing to take the case to the Irish courts on behalf of individuals affected by the breach.
Dr TJ McIntyre, Chairperson of DRI, said: “DRI is calling on EU residents to join us in taking action against Facebook for monetary damages. Forcing companies like Facebook to pay money to users whose privacy rights they’ve violated is the most effective way to really change the behaviour of these big tech companies.
The prospect of class and mass actions is going to be a major impetus for the largest and most profitable of tech companies to become legally compliant and stop treating user data like a commodity. Facebook is a uniquely powerful company, reaching into the lives of its billion plus users, and they need to get this right.”
Antoin O Lachtnain, Director of DRI, added: “The scale of this breach, and the depth of personal information compromised, is gobsmacking. Those impacted deserve action and Facebook’s handling of this breach has been entirely inadequate. This will be the first mass action of its kind but we’re sure it won’t be the last. The laws are there to protect consumers and their personal data and it’s time these technology giants wake up to the reality that protection of personal data must be taken seriously.”
DRI is taking action on Facebook’s most recent failure to protect user data, a breach discovered on Saturday April 3rd and affecting 533 million users. Data was scraped as the result of an address book contacts import feature. According to DRI, Facebook not only failed to implement privacy by design and by default to protect this user data, the company also failed to notify those affected when the leak occurred, and also failed to notify the Data Protection Commission. Each of these is a duty under the GDPR.
Irish law does not provide for class actions in the way the US law does. A “mass action” is a more general, less legally specific term. In a mass action, large numbers of people are represented in a single complaint, with the same or very similar facts and laws applying to all of their situations.
Those impacted by the breach who sign up to take part in this legal action could be awarded monetary damages. In comparable cases in other jurisdictions damages have varied between €300 and £12,000 for breach of one person’s rights.
To check if you are impacted by the Facebook data breach, visit the DRI campaign website at facebookbreach.eu.
About Digital Rights Ireland
Digital Rights Ireland is a civil rights group dedicated to defending civil, human and legal rights in a digital age. DRI primarily focuses on mounting legal challenges, educating legislators, and public campaigning. Previous public interest campaigns and successful legal challenges include actions striking down the EU Data Retention Directive and being joined by the Irish High Court to the Schrems 1 case which resulted in the Court of Justice of the European Union overturning the Safe Harbour Agreement covering EU data flows to the United States.
Antoin O Lachtnain
Director, Digital Rights Ireland
+353 87 240 6691
AVAILABLE FOR COMMENT:
Dr TJ McIntyre is chairperson of Digital Rights Ireland and an Associate Professor in the Sutherland School of Law, University College Dublin where his research focuses on issues involving information technology law, cybercrime, and civil liberties.