Facebook parent Meta has settled a lawsuit in the U.S. against two companies that had engaged in data scraping operations, which had seen them gathering data from Facebook and Instagram users for marketing intelligence purposes, according to the original complaint filed in October 2020. The companies named in the suit, Israeli-based BrandTotal Ltd. and Delaware-incorporated Unimania Inc., agreed to a permanent injunction banning them from scraping Facebook and Instagram data going forward or profiting from the data they collected. They also agreed to pay a “significant financial sum” as part of their settlement, Meta says.
Meta declined to disclose the sum paid, however, and court filings didn’t specify the amount.
According to BrandTotal’s website, its company had offered a real-time competitive intelligence platform designed to give media, insights and analytics teams visibility into their competition’s social media strategy and paid campaigns. These insights would allow its customers to analyze and shift their budget allocation to target new opportunities, monitor trends and threats from emerging brands, optimize their ads and messaging and more.
Meanwhile, Unimania operated apps claiming to offer users the ability to access social networks in different ways. For example, Unimania offered apps that let you view Facebook via a mobile-web interface or alongside other social networks like Twitter. Another app allows you to view Instagram Stories anonymously, it claimed.
Together, the two companies developed and distributed products under the brand names UpVoice, Social One, Phoenix, Anonymous Story Viewer, Story Savebox, Calix and Restricted Panel.
The original complaint had specifically called out two browser extensions offered by the companies: Unimania’s “Ads Feed” and BrandTotal’s “UpVoice.” The former had allowed users to save the ads they saw on Facebook for later reference, but also opted users into a panel that informed the advertising decisions of Unimania’s corporate clients. UpVote had rewarded users with gift cards for sharing their opinions about the online campaigns run by brands.
According to the filing that detailed the proposed settlement, both companies agreed to stop scraping or assisting others in data collection practices, delete their software and code, and agreed to a ban on distributing or selling any data they collected through their operations, among other things. It also notes that they agreed to pay monetary damages in a confidential settlement.
The district court overseeing the case ruled in a summary judgment earlier this year that BrandTotal did “not violate the CFAA,” or the Computer Fraud and Abuse Act, which governs what constitutes computer hacking under U.S. federal law.
This decision came weeks after the U.S. Ninth Circuit Court of Appeals reaffirmed that web scraping is legal under the CFAA after the Supreme Court declined to hear the case, but the Ninth Circuit did not rule on whether scraping could violate a company’s terms of service or other contractual agreements.
But in its summary judgment, the district court found that BrandTotal failed to show that Facebook’s terms of service are unenforceable.
The case is one of several filed by Meta designed to take on data scraping operations, including and following a 2020 settlement with the scraping service Massroot8. This year, the company also filed a lawsuit against a clone site operator and a company called Octopus, a U.S. subsidiary of a Chinese national high-tech enterprise that had offered scraping services.
Meta last year disclosed it has a dedicated team of over 100 people devoted to detecting, blocking and deterring scraping. And, in a year’s time, it said it took over 300 enforcement actions against data scraping and other platform abuse.
The problem can still threaten user privacy, however. An April 2021 report revealed that the personal data from 533 million Facebook users had been leaked online, via web scraping operations; Meta expanded its Bug Bounty program to address scraping. More recently, it changed how uses Facebook Identifiers (FBIDs) to make it more technically challenging for unauthorized scraping to occur in the first place. TechCrunch