Why Facebook’s Data‑Sharing Deals Are Triggering Legal Battles and Privacy Outrage

On December 19, the Washington, D.C. Attorney General filed a lawsuit against Facebook, accusing the company of violating the District’s Consumer Protection Procedures Act by allowing the Cambridge Analytica app to collect users’ private information without consent.

Facebook’s spokesperson said the company is evaluating the lawsuit and hopes to continue discussions with the D.C. Attorney General and other state attorneys general.

This lawsuit marks the first major regulatory condemnation of Facebook in the United States since the Cambridge Analytica scandal broke nine months earlier, reflecting mounting pressure from lawmakers and the public.

In addition to the Cambridge Analytica case, Facebook has faced multiple data‑leak incidents this year: a September breach exposed up to 50 million users’ data, and a later software vulnerability threatened the private photos of 68 million users.

Recent reporting by The New York Times revealed that Facebook has signed data‑sharing agreements with more than 150 companies, allowing firms such as Microsoft’s Bing, Netflix, Spotify, Amazon, Yahoo, and others to access users’ personal information, often without explicit user consent.

Facebook officials, including privacy and public policy head Steve Satterfield, claim that partner contracts require compliance with Facebook policies and that no privacy agreements have been violated.

Critics, including former FTC official David Vladeck, argue that allowing third parties to access data without user knowledge violates FTC policy. Shareholders have called for CEO Mark Zuckerberg’s resignation, and a “DeleteFacebook” movement has emerged.

Facebook maintains that most data‑partner relationships fall under FTC‑approved exemptions and that partners act as service providers under Facebook’s guidance, prohibited from using personal data for other purposes.

Regulatory bodies have been criticized for inaction; the FTC’s 2013 assessment gave Facebook a passing grade for its privacy program, but ongoing monitoring of partner data use remains uncertain.