Skip to main content

A U.S. judge ordered Facebook Inc. to give shareholders e-mails and other records concerning how the social media company handles data privacy, after data for 87 million users was accessed by the British political consulting firm Cambridge Analytica.

In a 57-page decision on Thursday, which followed a one-day trial in March, Vice-Chancellor Joseph Slights of the Delaware Chancery Court said shareholders demonstrated a “credible basis” to believe Facebook board members may have committed wrongdoing related to data privacy breaches.

Justice Slights noted that Facebook had, at the time of the 2015 Cambridge Analytica breach, been subject to a U.S. Federal Trade Commission consent decree that required it to bolster its data-security measures. The breach was not revealed until March, 2018.

“Evidence presented at trial provides a credible basis to infer the board and Facebook senior executives failed to oversee Facebook’s compliance with the consent decree and its broader efforts to protect the private data of its users,” Justice Slights wrote.

Shareholders sued Facebook last September to obtain records related to Cambridge Analytica and other breaches, and said that upon finding wrongdoing, they might sue company officers and directors through a so-called derivative lawsuit.

Derivative lawsuits are brought on behalf of companies, with money recovered from officers and directors, or their insurers, going to the companies themselves.

Facebook declined to comment on Friday. Daniel Rehns, a lawyer for the shareholders, also declined to comment.

Facebook’s share price sank 19 per cent, wiping out US$120-billion of shareholder wealth, last July 26 after the Menlo Park, Calif., company posted disappointing results in the first full quarter since the Cambridge Analytica breach was revealed, and said it was spending more on security measures.

Cambridge Analytica, hired by U.S. President Donald Trump’s 2016 election campaign, used profiling techniques to predict and influence voter behaviour. It shut down after the breach was disclosed, and several U.S. and European regulatory probes into Facebook ensued.

Facebook chief executive Mark Zuckerberg told a U.S. Senate panel in April, 2018, that his company discovered the Cambridge Analytica breach in 2015, but neither conducted an audit nor told users and the FTC, Justice Slights wrote.

Justice Slights denied some of the shareholders’ record requests as overly broad.

In a footnote, he said his decision stopped “well short” of concluding that Facebook officers or directors engaged in wrongdoing, and any such determination “awaits another day.”