Meta sues ‘data scraping for hire’ service that collected info on 600k users

Neon Meta sign on black jagged fabric wall
(Image credit: Getty Images)

Meta has filed a lawsuit against US company Voyager Labs as the social media giant looks to crack down on 'data scraping for hire'.

In a complaint filed on Thursday, the social media giant requested that California judges impose a permanent ban on Voyager and prevent the firm from accessing its family of sites.

Meta claimed that the firm used “proprietary software to launch scraping campaigns against Facebook and Instagram”, as well as websites such as Twitter, YouTube, LinkedIn, and Telegram.

The social media giant said Voyager used 38,000 fake accounts to collect data on around 600,000 Facebook users, which included posts, comments, friends lists and information pertaining to their involvement in specific groups and pages on the platform.

Meta uncovered Voyager’s data scraping campaign in July 2022 after an investigation into the issue, and claimed that the US-based firm deliberately hid its activities from the social media giant.

The complaint also alleged that Voyager sold data obtained in the data scraping campaign to clients.

“Voyager used a diverse system of computers and networks in different countries to hide its activity, including when Meta subjected the fake accounts to verification or checks,” said Jessica Romero, director of platform enforcement and litigation at Meta.

“Our lawsuit alleges that Voyager has violated our terms of service against fake accounts and unauthorised and automated scraping. We are seeking a permanent injunction against Voyager to protect people against scraping-for-hire services.”

Data profiling

Voyager provides investigative software designed to help law enforcement obtain information on potential suspects. The company currently operates in the US, United Kingdom, Israel, Singapore, and the United Arab Emirates.

An investigation by The Guardian in 2021 revealed that the company previously partnered with the Los Angeles police department, and claimed that its software could be used to identify criminals and predict whether an individual may commit future offences.

Meta said Voyager provides scraping services to “anyone regardless of the users they target and for what purpose, including as a way to profile people for criminal behaviour”.

“This industry covertly collects information that people share with their community, family and friends, without oversight or accountability, and in a way that may implicate people’s civil rights,” Romero added.

Users affected by the data scraping campaign are believed to include employees at non-profit organisations, media companies, academic institutions and government agencies at both the state and federal level.

At present, it is unclear which Voyager clients benefited from the sale of user data.

The Voyager lawsuit follows similar data scraping complaints filed by the social media giant last year.

In July 2022, Meta filed separate actions against Octopus and defendant Ekrem Ateş for scraping data from Facebook and Instagram.

Octopus, which is a US subsidiary of a Chinese enterprise, was accused of building a cloud-based platform to provide customers with on-demand scraping software and services.

Similarly, an investigation revealed that Ekrem Ateş used automated Instagram accounts to scrape data belonging to more than 350,000 users.

Social media firms get tough on data scraping

The issue of data scraping on social media has been a long-running problem and one that recently saw Meta fined for failing to tackle.

Ireland’s Data Protection Commissioner (DPC) imposed a €265 million (£234 million) fine on the tech giant for failing to implement adequate safeguards after it was discovered that data belonging to 560 million users were exposed online.

Meta-owned social media platforms aren’t alone in contending with this issue, however.

In December, LinkedIn settled a lengthy court battle with US startup, hiQ, for conducting similar data scraping activities.

LinkedIn alleged that the firm scraped data from the professional networking site to gather data for its HR software.

'Confusion' over data scraping exacerbating issue

Caroline Carruthers, CEO and Co-Founder of data consultancy, Carruthers and Jackson, told IT Pro that the Meta lawsuit presents challenging regulatory considerations on both sides of the Atlantic.

Differing approaches to data privacy in the EU and United States, she noted, highlight the need for improved regulatory alignment.

RELATED RESOURCE

Understanding the economics of in-cloud data protection

Data protection solutions designed with cost optimisation in mind

FREE DOWNLOAD

"The act of data scraping is legal in the US, however in Europe it falls foul of GDPR," she said. "This is because data scraping involves taking data straight for a third parties' website without asking whether the users wish for their data to be used in that manner."

"Confusion around what is acceptable there and what isn’t acceptable here, further highlights the need for regulatory bodies to take a far more holistic approach to regulation, rather than a more nationalistic approach.

"Currently a business in Europe can pay a company in the US to perform a data scrape of a business in the EU and then buy the dataset, that means user data just isn’t safe, which is why there needs to be a move towards an agreed set of international standards, not the siloed approach we currently have.”

Carruthers noted, however, that the Meta lawsuit could mark a change in how social media companies approach the problem long-term.

“This could show a shift in the tide for social media businesses in their attempt to tackle the problem, however, that doesn’t mean they’re doing it for the right reasons. Businesses like Meta and Twitter operate on a business model of personal data being used to provide a personal experience and selling that data to create more personalised ads."

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.