Six4Three v. Facebook

Plain English (For Everyone)

A lawsuit claimed Facebook violated privacy laws by letting apps access your data without clear consent. However, the court ruled that the privacy law in question, the CCPA, couldn't be used because the alleged actions happened before the law was in effect. Therefore, Facebook was not found liable under that specific law for past data access.

For Legal Practitioners

The appellate court affirmed dismissal, holding that the CCPA, effective January 1, 2020, does not apply retroactively to data scraping practices predating its enactment. The court emphasized the presumption against retroactivity and the impact on substantive rights, affirming the trial court's decision that the plaintiff failed to state a claim under the CCPA for pre-enactment conduct.

For Law Students

This case illustrates the principle of statutory retroactivity. The court held that the CCPA, a new privacy law, could not be applied to Facebook's alleged data scraping activities that occurred before the CCPA's effective date, as statutes are presumed to operate prospectively and applying it retroactively would impact substantive rights.

Newsroom Summary

A lawsuit accusing Facebook of violating California's privacy law (CCPA) over past data access practices was dismissed. The court ruled the law cannot be applied retroactively to actions that occurred before it was enacted, meaning Facebook is not liable under the CCPA for this specific past conduct.

Standard of Review

De novo review. The appellate court reviews questions of law, such as statutory interpretation, independently and without deference to the trial court's decision.

Procedural Posture

The case reached the appellate court after the trial court dismissed Six4Three's complaint. Six4Three appealed this dismissal.

Burden of Proof

The plaintiff, Six4Three, bore the burden of proving that Facebook violated the CCPA. The standard of proof required was likely a preponderance of the evidence, though the court focused on the legal applicability of the statute.

Legal Tests Applied

Statutory References

Key Legal Definitions

Rule Statements

The CCPA does not apply retroactively to conduct that occurred before its effective date.

A statute is presumed to operate prospectively.

Applying the CCPA to past conduct would affect substantive rights and is not permissible without clear legislative intent for retroactivity.

Remedies

Affirmed the trial court's dismissal of the case.

Scenario: You used a third-party app in 2017 that accessed your Facebook profile data, and you later learned that data was shared more widely than you expected. You want to sue Facebook under the CCPA.

Your Rights: You have the right to privacy regarding your data, but under this ruling, you likely cannot use the CCPA to sue Facebook for data access practices that occurred before January 1, 2020.

What To Do: Review the specific dates of the data access and sharing. If the conduct predates January 1, 2020, you may need to explore other legal avenues or laws that were in effect at the time of the conduct, as the CCPA will likely not apply.

Is it legal for a company to access my data from social media if it happened before the CCPA was in effect?

Depends. While the CCPA does not apply retroactively to conduct before January 1, 2020, other laws or terms of service agreements that were in effect at the time might govern the legality of data access.

This ruling is specific to California law (CCPA) and its application to past conduct.

For Consumers whose data was accessed by third-party apps from social media platforms before 2020.

Consumers cannot rely on the CCPA to seek damages or remedies for data access practices that occurred before the law's effective date of January 1, 2020. They may need to look to other legal frameworks or laws applicable at the time of the data access.

For Technology companies and app developers who accessed user data via APIs.

These companies are shielded from CCPA liability for data access practices that occurred before January 1, 2020. However, they remain subject to the CCPA for ongoing or future practices, and potentially other laws applicable to past conduct.

Q: What is Six4Three v. Facebook about?

Six4Three v. Facebook is a case decided by California Court of Appeal on March 12, 2025.

Q: What court decided Six4Three v. Facebook?

Six4Three v. Facebook was decided by the California Court of Appeal, which is part of the CA state court system. This is a state appellate court.

Q: When was Six4Three v. Facebook decided?

Six4Three v. Facebook was decided on March 12, 2025.

Q: What is the citation for Six4Three v. Facebook?

The citation for Six4Three v. Facebook is . Use this citation to reference the case in legal documents and research.

Q: What was the main issue in Six4Three v. Facebook?

The case centered on whether Facebook's past data sharing practices with third-party apps violated California's Consumer Privacy Act (CCPA). The core legal question was whether the CCPA could be applied retroactively to conduct that occurred before its effective date.

Q: When did the CCPA become effective?

The California Consumer Privacy Act (CCPA) became effective on January 1, 2020.

Q: What is 'data scraping' in the context of this case?

Data scraping refers to the practice where third-party applications used tools like Facebook's 'Friends API' to automatically collect large amounts of user data from the platform, often without users fully understanding the extent of the access.

Q: Is Six4Three v. Facebook published?

Six4Three v. Facebook is a published, precedential opinion. Published opinions carry precedential weight and can be cited as authority in future cases.

Q: What was the ruling in Six4Three v. Facebook?

The court ruled in favor of the defendant in Six4Three v. Facebook. Key holdings: The court held that the California Consumer Privacy Act (CCPA) does not apply retroactively to conduct that occurred before its effective date, January 1, 2020.; The court found that Facebook's "Friends API" and "Platform Policy" were not deceptive under the CCPA because the alleged conduct predated the CCPA's effective date.; The court affirmed the dismissal of the plaintiff's claims, agreeing with the lower court that the CCPA could not be applied retroactively to the data scraping practices.; The court determined that the plaintiff failed to state a claim under the CCPA because the alleged violations occurred prior to the statute's enactment.; The court rejected the argument that Facebook's ongoing business practices constituted a continuing violation of the CCPA, emphasizing the temporal limitations of the statute..

Q: Why is Six4Three v. Facebook important?

Six4Three v. Facebook has an impact score of 40/100, indicating moderate legal relevance. This decision clarifies that the CCPA, a landmark privacy law, does not retroactively penalize companies for data practices that predated its enactment. It emphasizes the importance of the timing of alleged violations when applying new privacy regulations and may influence how future privacy laws are interpreted regarding past conduct.

Q: What precedent does Six4Three v. Facebook set?

Six4Three v. Facebook established the following key holdings: (1) The court held that the California Consumer Privacy Act (CCPA) does not apply retroactively to conduct that occurred before its effective date, January 1, 2020. (2) The court found that Facebook's "Friends API" and "Platform Policy" were not deceptive under the CCPA because the alleged conduct predated the CCPA's effective date. (3) The court affirmed the dismissal of the plaintiff's claims, agreeing with the lower court that the CCPA could not be applied retroactively to the data scraping practices. (4) The court determined that the plaintiff failed to state a claim under the CCPA because the alleged violations occurred prior to the statute's enactment. (5) The court rejected the argument that Facebook's ongoing business practices constituted a continuing violation of the CCPA, emphasizing the temporal limitations of the statute.

Q: What are the key holdings in Six4Three v. Facebook?

1. The court held that the California Consumer Privacy Act (CCPA) does not apply retroactively to conduct that occurred before its effective date, January 1, 2020. 2. The court found that Facebook's "Friends API" and "Platform Policy" were not deceptive under the CCPA because the alleged conduct predated the CCPA's effective date. 3. The court affirmed the dismissal of the plaintiff's claims, agreeing with the lower court that the CCPA could not be applied retroactively to the data scraping practices. 4. The court determined that the plaintiff failed to state a claim under the CCPA because the alleged violations occurred prior to the statute's enactment. 5. The court rejected the argument that Facebook's ongoing business practices constituted a continuing violation of the CCPA, emphasizing the temporal limitations of the statute.

Q: What cases are related to Six4Three v. Facebook?

Precedent cases cited or related to Six4Three v. Facebook: No specific precedent cases were cited in the provided opinion snippet, but the analysis relies on general principles of statutory interpretation and retroactivity..

Q: Did Facebook violate the CCPA according to the court?

No, the court found that Facebook did not violate the CCPA in this instance because the alleged data scraping practices occurred before the CCPA's effective date of January 1, 2020, and the law does not apply retroactively.

Q: What does 'retroactive application' mean in this case?

Retroactive application means applying a law to events or actions that happened before the law was officially enacted or took effect. The court ruled the CCPA could not be applied retroactively to Facebook's pre-2020 data practices.

Q: What is the general rule regarding the retroactivity of statutes?

The general legal principle is that statutes are presumed to operate prospectively (only on future events) unless the legislature has clearly indicated that they should apply retroactively.

Q: Why is retroactivity important in privacy law?

Retroactivity is crucial because applying new privacy laws to past conduct could unfairly penalize companies for actions that were legal or less regulated at the time. It also impacts individuals' ability to seek remedies under laws that didn't exist when their data was accessed.

Q: What happens if a law affects 'substantive rights'?

If a law affects substantive rights (like the right to engage in certain business practices or the right to sue under specific conditions), it generally cannot be applied retroactively unless the legislature explicitly mandates it.

Q: What was the 'Friends API'?

The 'Friends API' was a tool provided by Facebook that allowed third-party applications to access data about a user's Facebook friends, which was central to the plaintiff's allegations of improper data access.

Q: Are there any exceptions to the rule against retroactivity?

Yes, if the legislature expressly states in the law's text or legislative history that it should apply retroactively, or if the law is purely procedural or remedial in nature and does not affect substantive rights.

Q: What is the significance of this case for future privacy litigation?

It reinforces the importance of aligning legal claims with the effective dates of statutes. Companies are generally protected from liability under new laws for conduct that predates the law's enactment.

Q: Did the court consider Facebook's 'Platform Policy'?

While the 'Platform Policy' was mentioned as part of the context of how data access was managed, the court's decision primarily focused on the retroactivity of the CCPA statute itself, rather than a detailed analysis of the policy's specific terms.

Q: What does 'de novo' review mean for lawyers?

For lawyers, 'de novo' review means they can argue the legal issues anew before the appellate court, as the appellate judges are not bound by the trial judge's legal conclusions and will review the law from scratch.

Q: How does Six4Three v. Facebook affect me?

This decision clarifies that the CCPA, a landmark privacy law, does not retroactively penalize companies for data practices that predated its enactment. It emphasizes the importance of the timing of alleged violations when applying new privacy regulations and may influence how future privacy laws are interpreted regarding past conduct. As a decision from a state appellate court, its reach is limited to the state jurisdiction. This case is moderate in legal complexity to understand.

Q: Can I sue a company under the CCPA for something that happened in 2018?

Generally, no. This ruling indicates that the CCPA, effective January 1, 2020, cannot be applied retroactively to conduct that occurred before that date, such as in 2018.

Q: What should I do if my data was accessed before 2020?

You would need to investigate if any laws were in effect at the time of the data access that prohibited such actions. The CCPA likely won't be the applicable law for conduct prior to January 1, 2020.

Q: Does this ruling mean data scraping is legal?

No, this ruling only states that the CCPA cannot be applied retroactively. Data scraping practices might still be illegal under other laws or regulations that were in effect at the time of the conduct, or under the CCPA for practices occurring after January 1, 2020.

Q: How does this ruling affect current data privacy practices?

It doesn't directly change current practices, but it highlights that companies must comply with the CCPA (and other applicable laws) for data activities occurring on or after January 1, 2020. Practices before that date are governed by different legal standards.

Q: What is the historical context of the CCPA?

The CCPA was a landmark privacy law in the United States, enacted in 2018 and becoming effective in 2020, granting California consumers significant rights over their personal information collected by businesses.

Q: Were there similar laws before the CCPA?

Yes, various federal and state laws addressed data privacy and security, such as HIPAA for health information and COPPA for children's online privacy. However, the CCPA provided broad, California-specific consumer rights regarding general personal information.

Q: What was the docket number in Six4Three v. Facebook?

The docket number for Six4Three v. Facebook is A166007. This identifier is used to track the case through the court system.

Q: Can Six4Three v. Facebook be appealed?

Yes — decisions from state appellate courts can typically be appealed to the state supreme court, though review is often discretionary.

Q: What is the standard of review used by the appellate court?

The appellate court reviewed the case de novo, meaning they examined the legal issues, such as statutory interpretation, independently without giving deference to the trial court's previous decision.

Q: What was the outcome for the plaintiff, Six4Three?

Six4Three's case was dismissed by the trial court, and the appellate court affirmed that dismissal. They were unable to proceed with their CCPA claim based on the pre-2020 data practices.

Q: What is the role of the appellate court in this type of case?

The appellate court's role was to review the trial court's decision to dismiss the case. They determined if the trial court correctly applied the law, particularly regarding the retroactivity of the CCPA.