Facebook’s Battle with Private Information

By: Ariane Monaco

 

Facebook, Inc (“Facebook”) has taken the spotlight in current news. The social media site was hit with a class action lawsuit filed in the United States District Court of Delaware after discovery that its users’ personal information was exploited in the 2016 United States presidential election.[1]

Facebook is a social media site where its users publish personal information, like their birthday or everyday events, on a personal profile allowing Facebook to analyze and store that information.[2]  Facebook generates revenue, billions of dollars’ worth, by selling advertisements targeting its consumers.[3] The issue that arises in this situation is that Facebook sold advertisements to political campaigns that developed additional advertisements based on Facebook users’ stolen information.[4] Specifically, it came about that Cambridge Analytica, a company that worked for President’s Trump’s campaign in the 2016 election, took this data off Facebook’s platform.[5]

The class action lawsuit is made of over 87 million Facebook users whose personal data was leaked.[6] The complaint alleges that Facebook knowingly built its platform to allow third parties to “steal users’ personal information” and failed to further protect its users’ information.[7] The complaints attack Facebook for not disclosing the leak until it came out in media reports.[8]

Even prior to this scandal, Facebook was also hit with a trade secrets case involving additional confidential information, which was filed in CA federal court[9] and recently resolved by settlement on April 9, 2018.[10]

BladeRoom Group Limited (“BRG”) developed and perfected a method for manufacturing and installing BladeRoom data centers.[11] BladeRoom has taken measures to ensure certain information remains confidential by having potential clients, suppliers, employees and others whom they engage with sign non-disclosure agreements, as well securing their computer systems physically and with password protection.[12] Facebook expressed interest with BladeRooms and, through this interest, received confidential information from BRG representatives and from touring BladeRooms data centers.[13] Through additional meetings and workshops, BRG revealed confidential information at the request and proposals of Facebook.[14] However, Facebook did not end up doing business with BladeRooms, but chose to work with another manufacturer to construct a data center through its Open Compute Project, which ultimately disclosed details of BladeRooms technology.[15] BRG sued alleging that Facebook, as a potential customer and competitor, misappropriated their trade secrets, violated the Lanham Act, engaged in unfair competition, and breached their non-disclosure agreement.[16] The Court granted Facebook’s motion to dismiss the violation of § 43(a) of the Lanham Act claim but allowed all other claims to pursue.[17] The lawsuit was for over $300 million, but BRG ended up settling with Facebook after extensive discovery.[18]

The count regarding 43(a) of the Lanham Act was dismissed because the Complaint alleges that Facebook copied BRG’s ideas and lacked any allegation of commercial use by Facebook.[19]

  • 43(a) of the Lanham makes liable “[a]ny person who, on or in connection with any goods or services … uses in commerce any word, term, name, symbol, or device, or any combination thereof, or any false designation of origin, false or misleading description of fact, or false or misleading representation of fact,” which is likely to confuse or deceive as to the origin of those goods and services.[20] The Court held that 43(a) does not prohibit the copying of ideas.[21] The phrase “origin of goods” found in the Lanham Act, only “refers to the producer of the tangible goods that are offered for sale, and not to the author of any idea, concept, or communication embodied in those goods.”[22]

As to commercial use, there is no allegation that Facebook publicly shared any related services with a motivation to commercial use the information in order to deceive consumers of the origin.[23] The claim is not based on the technology, but instead is based on a misrepresentation regarding the origin of the services needed to create the BladeRoom technology.[24] The Court was not convinced that there was any allegation on how Facebook is offering those services in a commercial transaction, such that there is opportunity for consumers to make “mistaken purchasing decisions” from those services.[25]

BRG was successful on surviving a motion to dismiss for a claim for misappropriation of trade secrets. Trade secrets are information that can include a formula, pattern, compilation, program, device, method, technique, or process, that has potential to provide economic advantage over competitors through its secrecy of data.[26]

BRG alleges that their license of the trade secrets through Bripco satisfies their ownership requirement.[27] They allege they took reasonable efforts to maintain the secrecy of their information. [28] BRG argues that Facebook enticed BRG to disclose confidential information to Facebook and third parties by misrepresenting the purpose of a meeting between the parties.[29] BRG alleged that Facebook communicated a purpose to negotiate a bid for expansion of Facebook’s data center while already having a prior agreement with another contractor.[30] BRG establishes that its efforts at secrecy were reasonable under the circumstances; it was plausible enough to overcome a motion to dismiss.[31]

Under the Uniform Trade Secrets Act, there are two ways a person or company may be found liable in a civil action for misappropriation of trade secrets.[32] The two ways are by acquiring a trade secret knowingly or having reason to know that it was acquired improperly, or by disclosing or using the trade secret without express or implied consent.[33]

When the alleged misappropriation is based on a disclosure, the person who improperly disclosed the information must have: (1) improperly acquired knowledge of the trade secret; (2) acquired the information by accident and had known or had reason to know that the information was a trade secret; or (3) known or had reason to know at the time of disclosure or use that his knowledge of the trade secret was acquired inappropriately.[34]

There are a few ways one can inappropriately acquire a trade secret: if the information was derived from or through a person who had used improper means to acquire it, if the information was acquired under circumstances that would give rise to a duty to maintain its secrecy or limit its use, or if the information was derived from or through a person with a duty to maintain its secrecy or limit its use. [35]

Perseverance of secrecy involving a trade secret is crucial, and assurance of reasonable precautions must be made to protect the secret information.[36] Types of precautions typically used are confidentiality agreements, warnings, and physical limitations to access.[37] Even though there are remedial measures to misappropriating a trade secret such as injunctive relief, damages, and attorney fees,[38] your secret is vulnerable and no longer protected.

Like anything, trade secrets do not provide perfect protection, allowing them to have positive and negative aspects.[39] On the one hand, they do not expire so protection continues until discovery or loss.[40] However, on the other hand, a trade secret holder is only protected from unauthorized disclosure and use which is referred to as misappropriation.[41] If the trade secret information somehow becomes available by the trade secret holder or through and independent discovery, protection as a trade secret is lost.[42]

Trade secrets are similar to patents in their protectability of information.[43] However, unlike trade secrets, patents may protect against independent discovery.[44] Patent protection also eliminates the need to maintain secrecy.”[45] When acquiring a patent, the inventor needs to provide a detailed and enabling disclosure about the invention, which, in turn, provides right to exclusively use the invention for a period of time.[46] The difference with patents is that patents have an expiration date, and when that date comes the information the patent holds becomes unprotected.[47]

So, what does this mean for Facebook? Facebook is in the business of engaging and dealing with secret information whether that information involves users’ personal information or technology to store that information.[48] The lessons that can be learned is that when it comes to Facebook handling this information, there is a prominent responsibility that should involve taking extreme precautions to protect valuable information. However, there is responsibility on the ones who initially have control of this information such as Facebook users’ or companies like BGR. Because there seems to be no guarantee to keep information perfectly protected, cautious control and disclosure of this information should be made with particularity in order to preserve publicity of the information. As it is inferred, once information is made public, it is almost nearly impossible to retrieve it.

 

 

[1] Harper Neidig, Facebook, Cambridge Analytica hit with class-action lawsuit, The Hill (Apr. 10, 2018), http://thehill.com/policy/technology/382462-facebook-cambridge-analytica-hit-with-class-action-lawsuit.

[2] See Brian X. Chen, I Downloaded the Information That Facebook Has on Me. Yikes, The New York Times (Apr. 11, 2018), https://www.nytimes.com/2018/04/11/technology/personaltech/i-downloaded-the-information-that-facebook-has-on-me-yikes.html.

[3] Id.

[4] Id.

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] BladeRoom Group Ltd. v. Facebook, Inc., 219 F. Supp. 3d 984 (N.D. Cal. 2017).

[10] Ian Robertson, Facebook Settles $300+ Million Data Center Trade Secrets Case in the Middle of Trial, Trade Secrets Trends (Apr. 11, 2018), https://www.crowelltradesecretstrends.com/ 2018/04/facebook-settles-300-million-data-center-trade-secrets-case-in-the-middle-of-trial/.

[11] Id. at 986.

[12] Id. at 987.

[13] Id.

[14] Id. at 988.

[15] Id.

[16] Id. at 986.

[17] Id.

[18] See supra note 9.

[19] Id.

[20] Id.; 15 U.S.C. § 1125(a).

[21] Id. at 993.

[22] Id.

[23] Id.

[24] Id. at 994.

[25] Id.

[26] Unif. Trade Secrets Act § 1(4).

[27] See supra note 8, at 991.

[28] Id. at 992.

[29] Id.

[30] Id.

[31] Id.

[32] Michelle L. Evans, J.D., Establishing Liability for Misappropriation of Trade Secrets, Am. Jur. Proof of Facts 3d 95 (2006).

[33] Id.

[34] Id.

[35] Id.

[36] Malla Pollak, J.D., Proof of Reasonable Precautions Taken to Preserve Secrecy of Trade Secrets, 141 Am. Jur. Proof of Facts 3d 1 (2014).

[37] Id.

[38] Id.

[39] Trade Secret Policy, USPTO (Dec. 5, 2017), https://www.uspto.gov/patents-getting-started/international-protection/trade-secret-policy.

[40] Id.

[41] Id.

[42] Id.

[43] Id.

[44] Id.

[45] Id.

[46] Id.

[47] Id.

[48] See generally supra note 1; see generally supra note 8.