Clifford Chance

On December 14th, we described the legal issues surrounding data scraping. Since the publishing of that post, Facebook sued two individuals, Gleb Sluchevsky and Andrey Gorbachov (the Defendants), for allegedly engaging in a scheme to scrape data from Facebook users' profiles.

According to Facebook's Complaint, the Defendants operated a scheme whereby they operated four web applications that targeted Facebook users.  These applications offered users a Facebook login feature, and when users logged in to their Facebook accounts, the applications prompted the users to install browser extensions, which Facebook alleges would compromise the users' browsers by scraping users’ public profile information (i.e. name, gender, age range, and profile picture), their non-publicly viewable list of friends, and by injecting unauthorised advertisements when the users visited Facebook.  

Based on this behavior, Facebook asserted the following causes of action against the Defendants: violations of the Computer Fraud and Abuse Act; violations of the California Comprehensive Computer Data Access and Fraud Act Cal. Penal Code § 502; Breach of Contract; and Fraud.

Facebook also claims to have conducted an internal investigation into malicious extensions, contacted law enforcement, and provided users with information on how to uninstall malicious browser extensions.  In light of the increased public scrutiny surrounding Facebook's treatment of its users' private information, this lawsuit may indicate an increased appetite on the part of social media platforms to investigate and pursue legal remedies when violations of their terms of service risk violating not only their own commercial rights, but also impacts access to the data of their users.