Skip to main content

No Motion to Dismiss in Facebook "Sponsored Stories" Case

Written by Jake Romero

California district judge Lucy Koh has rejected a motion to dismiss brought by Facebook, Inc. in response to a lawsuit brought by plaintiffs Angel Fraley, et al. alleging that Facebook’s “Sponsored Stories” violate California’s Right to Publicity Statute (CA Civil Code §3334).

Sponsored Stories are paid advertisements containing the name and profile picture of one of the friends of the Facebook user viewing the advertisement, suggesting that that user’s friend “likes” the sponsor’s product or service.  Aside from clicking the “Like” button on the web page associated with such sponsor’s product or service, the user being featured in the Sponsored Story does not otherwise consent to the use of his or her name or likeness.  Although Facebook’s privacy settings can be customized in a number of ways, the plaintiffs allege that it is impossible to entirely opt out of participation in Sponsored Stories.

Facebook has previously prevailed in petitioning to have a number of privacy-related lawsuits dismissed.  However, the court held that Fraley may be distinguishable from such prior cases in a number of ways.  First, plaintiffs were able to allege injury with sufficient specificity by asserting that Facebook has violated the plaintiffs’ right of publicity.  California’s Right to Publicity Statute prohibits the nonconsensual use of another’s name, voice, signature, photograph, or likeness for advertising, selling or soliciting purposes.  By describing precisely the information of each plaintiff that was used by Facebook (primarily names and profile photos), the court held that the plaintiffs were able to allege injuries concrete and imminent enough to survive Facebook’s motion to dismiss.  The plaintiffs in Fraley allege that in violating the rights granted by California’s Right to Publicity statute, each plaintiff has suffered an injury similar to a celebrity whose image or likeness is misappropriated to sell a produce or service for the commercial gain of another.  “[I]n essence,” the plaintiffs argued, “[Facebook's users] are celebrities – to their friends.”

In its motion to dismiss, Facebook claimed that the plaintiffs lacked standing because the alleged injury was conjectural or hypothetical and cited a number of privacy cases which were dismissed for failure to show injury.  However, the court rejected this argument because the plaintiffs alleged that the economic injury to each of the plaintiffs can be quantified and valued on the basis of Facebook’s own profit and valuation of sponsored advertising.  According to published articles, the sale of targeted advertising such as Sponsored Stories is a primary source of revenue for Facebook.  Plaintiffs in Fraley supported this argument, in part, by quoting Facebook CEO Mark Zuckerberg as stating that “[a] trusted referral influences people more than the best broadcast message.”  In other words, while plaintiffs in prior privacy claims failed to show, for example, that each individual plaintiff’s browsing history or the direction of advertisements toward the plaintiff, had caused economic injury, the plaintiffs in Fraley used Facebook’s own valuation of sponsored advertisements to allege specific economic harm on an individual basis.

Finally, the court also rejected Facebook’s argument that it is shielded from liability by Section 230 of the Communications Decency Act (CDA) which provides broad immunity to websites that primarily publish the content of third parties.  The court held that while Facebook falls under the definition of an interactive website under the CDA, by compiling Sponsored Stories Facebook may be a content provider, and therefore may not be entitled to immunity under the CDA.

This case hits at the heart of the Facebook revenue model, and bears close watching with an anticipated IPO for the company in 2012.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.