If you missed it, Facebook (s fb) says it will pay $10 million to compensate users who were turned into product pitchmen as a result of “Sponsored Stories” ads that treat ‘Likes’ as endorsements (see how one user unwittingly endorsed a jumbo tub of lubricant). None of this money, however, will go to Facebook users.
Instead, the payout will perpetuate a symbiotic relationship between tech companies and their critics that works like this:
Step 1) Facebook/Google/etc. break a privacy law. Step 2) Critics blow whistle, lawyers sue for millions. Step 3) Company pays millions to critics and lawyers, nothing to you. Step 4) Wash, rinse, repeat.
This privacy enforcement eco-system has been around for a while but is gaining force. In the last three years, Google (s goog) agreed to pay $8.5 million for the Buzz debacle, Facebook offered $8.5 million for the Beacon incident and Adobe (s adbe) paid more than $3 million over invasive Flash cookies.
So who the heck is getting all this money?
A tiny scrap goes to “named plaintiffs” — people whose names appear at the top of class action lawsuits. These people stand to earn a few thousand dollars and are used as the face of the lawsuit in the media (allowing law firms to appear less cynical in the process).
But these named plaintiffs receive less than one percent of the multi-million dollar payouts (see this helpful chart). Who gets the rest? It will be no surprise to learn that the lawyers normally rake in about 25 percent of the final awards. More interesting is what happens to the rest of the money.
In the Sponsored Stories case, a legal filing shows the jackpot is earmarked for “groups whose charters set out actions and programs relevant to advocacy.” In practice, this is likely to be the usual suspects like the Electronic Frontier Foundation, the Center for Internet and Society at Stanford Law School and the Electronic Privacy Information Center.
These groups, particularly the EFF, have done a fine job of tracking privacy issues. They are courageous, knowledgeable and capable of researching digital privacy issues that often seem over the head of government regulators. For this reason, courts have been willing to sign off on settlements that award them money.
This is all fine except for one fact: this closed loop of tech companies, lawyers and advocacy groups leaves out the very people whose privacy was violated. Even though the cases are brought in the name of you and me, we get to have nothing to do with the millions paid out out in our name. The same thing is sure to happen again when the next company trips over a privacy law. (Keep in mind that there are dozens more cases out there involving issues like Apple’s (s appl) bait apps, Netflix’s (s nflx) use of rental histories and so on.)
Time to give internet users skin in the game
The current system’s shortcomings doesn’t mean that direct cash payouts to users are the answer. Such payouts could easily reach billions of dollars and simply destroy, rather than reform, many promising technology firms. At the same time, some companies’ legal problems are tied to an out-of-date law rather than to a serious privacy violation.
Instead, the solution to the lawsuit merry-go-around lies in giving internet users some skin in the privacy game — perhaps by asking courts to let users vote on how to distribute those multi-million dollar privacy awards or by requiring executives to directly answer consumer questions about privacy. This process could also be a useful opportunity to provide consumers with basic education about topics like cookies and data storage.
Until users are directly engaged in the privacy problem, it will remain an insiders’ game between companies, their critics and lawyers that resolves little.
[Images by Anthony Berenyi and Jamie Duplass via Shutterstock]