Governance & Risk Management , Privacy
Meta Seeks $725 Million Settlement Over Cambridge AnalyticaFacebook's Sharing of User Data Is the Focus of Long-Running Class Action Lawsuit
Meta has reached a $725 million agreement to resolve a class action lawsuit filed over Facebook's user data-sharing practices involving Cambridge Analytica's big data research, which was used by Republicans during the 2016 U.S. presidential campaign.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The agreement, which has yet to be approved by a judge, aims to settle multiple lawsuits filed after personal data for 87 million Facebook profiles was transferred to political consultancy Cambridge Analytica in violation of the social network's policies. The information was gathered from Facebook users beginning in 2013 by Aleksandr Kogan, a researcher affiliated with Cambridge University, who ran a purported personality test via a Facebook application called "This Is Your Digital Life."
The class action lawsuit is the result of 42 separate lawsuits that were consolidated in 2018, focusing on 12 prioritized claims. The case against Facebook, which rebranded to Meta last year, was filed in the San Francisco federal district court.
In September 2019, in response to Facebook's motion to dismiss the case, a judge granted some of its motions and dismissed others. A three-year discovery process followed, after which the settlement agreement was reached.
"Litigating these claims presented extraordinary challenges, far beyond those in a normal consumer MDL" - or multidistrict legislation, according to the settlement agreement.
"Because of the asymmetry of information regarding Facebook's actual data-sharing practices, plaintiffs were seeking discovery about entirely unknown categories of data and data processing, learning about Facebook's proprietary systems without knowing the language Facebook uses to describe them," it says.
"We pursued a settlement as it's in the best interest of our community and shareholders," a Meta spokesman tells Information Security Media Group. "Over the last three years, we revamped our approach to privacy and implemented a comprehensive privacy program. We look forward to continuing to build services people love and trust with privacy at the forefront."
According to the settlement agreement, Meta has "meaningfully changed the practices that gave rise" to the allegations. "Significantly, since this case started, Facebook has ceased allowing third parties to access data about users through their friends, has meaningfully enhanced its ability to restrict and monitor how third parties acquire and use Facebook users' information, and developed more robust tools to tell users what information Facebook collects and shares about them." The company also must comply with an ongoing Federal Trade Commission enforcement agreement that continues to monitor its security and privacy practices.
According to the settlement agreement, the estimated number of U.S. Facebook users eligible for relief is approximately 250 million. Details of who would be eligible and how and when they could claim the funds have not been determined. Attorneys for the plaintiffs have said they plan to seek fees and costs worth up to 25% of the settlement amount, although that is subject to court approval.
Cambridge Analytica Scandal
The Cambridge Analytica scandal kicked off a number of regulatory probes and lawsuits over Facebook's failure to protect users' data.
Ultimately, in 2019, Meta settled with the FTC for a record-setting $5 billion and agreed to pay 500,000 pounds - then the maximum possible fine - to Britain's privacy watchdog, as well as a $1 million fine to Italy's data protection authority.
In its settlement with Britain's Information Commissioner's Office, Facebook executives acknowledged the company should have done more to investigate how Cambridge Analytica was using its customers' data.
Cambridge Analytica was likewise sanctioned by the FTC for using information scraped from social media profiles for voter-targeting campaigns. It ordered Cambridge Analytica and its then-CEO, Alexander Nix, to desist their deceptive practices and to delete data collected on 87 million Facebook users (see: FTC Sanctions Defunct Cambridge Analytica: So What?).
In 2020, British authorities banned Nix from serving as a company director for seven years as a result of his "potentially unethical" practices.
The $750 million settlement agreement, if approved, may not spell the end of Facebook's Cambridge Analytica legal troubles. In May, based on testimony produced by the class action lawsuit, the office of the attorney general of the District of Columbia filed its own lawsuit against Meta CEO Mark Zuckerberg.
The lawsuit alleges Zuckerberg knowingly violated the District of Columbia's Consumer Protection Procedures Act, which "prohibits unfair and deceptive trade practices in connection with the offer, sale and supply of consumer goods and services" (see: Zuckerberg Sued Over Cambridge Analytica Scandal).