Two of the most prominent examples of the rise of privacy-related securities class action lawsuits are the Cambridge Analytica scandal-related suit filed against Facebook in March 2018, and the Earnings Miss/GDPR-readiness and compliance-related securities suit filed against Facebook in July 2018. These two lawsuits were ultimately consolidated. In an interesting and detailed September 25, 2019 order (here), Northern District of California Edward J. Davila granted without prejudice the defendants’ motions to dismiss the consolidated lawsuit, finding that the plaintiffs had failed to adequately plead falsity and scienter. There are a number of interesting features to Judge Davila’s ruling, as discussed below.



As discussed here, in March 2018, Facebook was the subject of extensive adverse publicity after it was revealed that user data for millions of Facebook users had been accessed by the U.K.-based political advisory firm Cambridge Analytica, which in turn used the information to profile users and target them with political advertisements. Among other things following the release of this information, Facebook and certain of its directors and officers were hit with a securities suit alleging that the company had misled investors about the company’s privacy policy and protection of user information.


Several months later, as discussed here, Facebook’s share price took a very substantial hit when, in connection with the company’s second quarter earnings release, the company announced that its growth during the quarter had been adversely affected by the company’s struggles to comply with the newly effective European privacy regulation, the General Data Protection Regulation (GDPR). These revelations and the related stock price drop also resulted in the filing of a securities class action lawsuit against Facebook and certain of its directors and officers.


In an August 2018 order (here), Judge Davila granted the various plaintiffs’ motions to consolidate the previously separate securities suits. The order also resolved pending issues concerning the selection  of lead plaintiffs. The lead plaintiffs then filed a consolidated amended complaint. As the Court subsequently noted, the plaintiffs consolidated amended complaint sought to recover damages in connection with a total of 36 allegedly materially misleading statements. The defendants filed motions to dismiss.


The September 25, 2019 Order

In a September 25, 2019 order, Judge Davila granted the defendants’ motion to dismiss, with leave for the plaintiffs to file an amended complaint.


In reaching these conclusions, Judge Davila painstakingly reviewed each one of the allegedly misleading statements on which plaintiffs sought to rely. With respect to all but one of the allegedly misleading statements, Judge Davila concluded that the statements were not actionable because plaintiffs did not allege sufficient facts to support their allegation that the defendants lied to or misled investors.


Among other things, Judge Davila specifically found that the statements on which the plaintiffs relied in order to argue that the defendants “misleadingly downplayed” the impact of the effect of the looming GDPR on business were inactionable.


The one statement that Judge Davila found actionable was an October 2017 statement by Facebook COO Sheryl Sandberg that “When you share on Facebook, you need to know that no one’s going to steal our data. No one is going to get your data that shouldn’t have it … you are controlling who you share with.” Judge Davila found that the plaintiffs had adequately pleaded that users could not in fact control their data.


However, with respect to this one actionable item, Judge Davila found that the plaintiffs had failed to allege facts sufficient to support a strong inference that at the time Sandberg made these statements that she acted with scienter; Judge Davila said in that regard that “Plaintiffs have provided no particularized facts from which this Court can infer that Sandberg consciously lied.”


While Judge Davila granted the defendants’ motions to dismiss in full, he also noted that “it is possible that Plaintiffs can cure their allegations by alleging, among other things, more particularized facts as to why statements by the Individual Defendants were false when made.” In a footnote, Judge Davila requested further that if the plaintiffs chose to amend their complaint that “they make clear what the alleged misstatement or omission is and why it meets the standards of securities fraud.”



It was clear from the outset of this opinion that the plaintiffs’ various claims in this consolidated action likely were not going to survive the dismissal motion. Judge Davila noted in his opinion’s first footnote that “At points, Plaintiffs’ consolidated class action complaint can be difficult to understand – it is hard to grasp exactly what Plaintiffs allege Defendants’ misstatements and omissions were and how they constitute a securities violation,” adding further that “Often, the Complaint simply reposts entire news articles, multiple times, without explaining to this Court why Defendants’ statements therein constitute actionable fraud.”


The court’s difficulty in discerning why the various privacy-related events on which the plaintiffs sought to rely  in order to support their claim of securities fraud were actionably fraudulent highlights the difficulty for prospective investor claimants seeking to translate news of a privacy-related violation into a securities claim. Indeed, the court’s difficulty underscores the challenge facing any prospective claimant seeking to convert any typee of adverse event into a securities claim.


However, the difficulty of converting privacy-related violations into a securities claim does not mean that plaintiffs’ attorneys will not continue to try to file these kinds of lawsuits. If nothing else, the massive share price declines that accompanied Facebook’s adverse privacy-related news are of a type and magnitude that are always going to attract the attention of the plaintiffs’ lawyers. In other words, even though the plaintiffs’ claims here failed to survive the initial pleading hurdles the adverse outcome here likely will not deter plaintiffs’ lawyers from filing privacy-related securities suits in the future.


Besides, the dismissal here was without prejudice. It remains to be seen if the plaintiffs’ amended complaint will succeed in overcoming the pleading hurdles.


It is not as if Facebook has gotten-off scot-free with respect to the Cambridge Analytica scandal. As readers will recall, in July 2019, Facebook agreed to settle the Federal Trade Commission’s enforcement action against the company in connection with the Cambridge Analytica situation for $5 billion. Facebook also separately reached a separate $100 million settlement with the Securities and Exchange Commission in connection with the company’s disclosures to investors in connection with the Cambridge Analytica situation.


These separate regulatory settlements further reinforce my belief that, notwithstanding the plaintiffs’ failure here to overcome the initial pleading hurdles, privacy –related violations likely will continue to be a source of D&O claims in the months ahead, and in particular that privacy-related issues will be a source of securities class action lawsuits.


Judge Davila’s specific conclusions that the plaintiffs had failed to allege actionable misrepresentations in connection with Facebook’s GDPR readiness is also interesting. At the time the lawsuit about the GDPR statements was filed, I noted the case as the first example of GDPR compliance leading to a D&O claim. Even though these allegations failed to meet the initial pleading hurdles, I continue to believe that GDPR-related developments could prove to be a significant source of privacy-related D&O claims in the future.


Dismissal Granted in #MeToo-Related Securities Suit: Speaking of dismissal motions being granted in pending securities suits that reflect current securities class action lawsuit filing trends, on August 29, 2019 Southern District of Florida Judge K. Michael Moore granted the defendants’ motion to dismiss in the securities class action lawsuit that had been filed against National Beverage Corporation. Readers may recall that among the allegations on which the plaintiffs sought to rely were various supposed misrepresentations and omissions related to alleged sexual misconduct involving the company’s CEO. Judge Moore granted the defendants’ motion to dismiss with respect to all of alleged misrepresentations on which the plaintiffs sought to rely, including the alleged misrepresentations concerning the CEO’s alleged sexual misconduct. Judge Moore granted the motions to dismiss with prejudice. A copy of Judge Moore’s August 29, 2019 order can be found here.