Lawson, who is suing the company for retaliation against whistleblowers, alleges he was fired after raising concerns about the legality of the tool about saving Messenger data.
In a filing filed with the California Superior Court in San Mateo County, Lawson said he worked for Meta, Facebook’s parent company, as a senior response and risk escalation specialist.
“The role required him to view extreme content, such as beheadings, child rapes, and other brutal and ruthless displays of violence or obscenity,” the submission reads.
Lawson alleges that Meta, founded by Mark Zuckerberg, failed to adequately protect his mental health, which was affected by his exposure to this content. He is seeking $3 million in compensation along with punitive damages.
Lawson claims to have attended a meeting in late 2018 “where a Facebook manager introduced a new tool to the escalations team”.
The filing claims: “Unlike other meetings, there were no materials distributed beforehand for attendees to review.
“This is because, unlike other meetings, Facebook was teaching employees how to utilise a tool that allowed them to circumvent Facebook’s normal privacy protocols in order to access user-deleted data.
“This back-end protocol allowed [Lawson’s] team to retrieve data in Messenger that users had chosen to delete. Facebook represented to its users that once data was deleted, it was not stored locally and could not be accessed. Not so.”
This tool was used by Facebook to ingratiate itself with law enforcement, according to Lawson’s claims.
“Police would ask questions about the suspect’s use of the platform, such as who the suspect was messaging, when the messages were sent, and even what those messages contained,” the legal filing states.
“To keep Facebook in the good graces of the government, the escalation team would use the back-end protocol to provide responses to law enforcement and then determine how much to share.”
Lawson claims to have spoken during the meeting because he knew it was contrary to Meta’s commitments to US regulators on user privacy and illegal under data protection regulations in the EU and UK.