The 2018 Cambridge Analytica scandal was perhaps the biggest single event to move online data privacy into mainstream conversation, and Facebook spent 2019 being fined by various government regulatory bodies over it. There have been some continuing loose ends from the incident, however, and a major one appears to have been tied up as parent company Meta has agreed to pay $725 million to settle a class action suit.
Though the number might look relatively small next to the billions Meta has already paid out in fines over the incident, it is the largest private civil penalty the company has paid in its history and the largest settlement amount ever seen in a data privacy class action case. Up to 87 million Facebook accounts had user data inappropriately accessed as the research firm leveraged a weakness in the platform’s API to harvest information that was not meant to be available to the general public.
Cambridge Analytica scandal settlement terms finally reached after August agreement
Meta reportedly agreed to settle the suit in August, but terms have only recently been made available to the public. The case was first brought in 2018 shortly after the Cambridge Analytica scandal broke in the media; it now moves to federal court in San Francisco for final approval. Had Meta opted to continue fighting the case, a decision against it could have cost the company well over $1 billion in the long run. The company admits no wrongdoing and issued a statement indicating the decision was reached “in the best interest of our community and shareholders.”
As to what Facebook users can expect to receive if the settlement is approved, after attorney fees (expected to be about 25%) the remaining amount is set to be divvied up between an estimated 250 to 280 million eligible platform users. The actual amount will depend on how many of those users file claims, which could lead to each user receiving as little as a few dollars in compensation.
The Cambridge Analytica scandal centered on the firm’s work for the 2016 presidential campaign of Donald Trump. The company identified a loophole in the Facebook API that allowed it to access profile information and the “likes” of mass quantities of platform users that it otherwise would not have had access to. A psychological profile test created by the company was taken by about 300,000 people, but those who took it were unwittingly granting the company access to the profile information and activity of their full network of platform friends as well.
The Cambridge Analytica scandal saw Meta CEO Mark Zuckerberg brought before Congress for an intense questioning session, which culminated in a string of fines from federal agencies (and regulatory bodies in other countries). The largest individual payment was $5 billion to settle an FTC probe, a massive overpayment based on the initial proposed fine amount but one that guaranteed Zuckerberg and other executives would not face personal liability.
Meta privacy expectation arguments shot down, cases still pending in individual states
Facebook’s argument in court has been that its users have no expectation of privacy when they share information with platform friends, something roundly rejected by judges in this case. The argument has always been seen as legally shaky given that one of the platform’s central features is the ability to restrict information shared outside of one’s friend network. Meta has also changed its information sharing policies due to the Cambridge Analytica scandal, putting added restrictions on third-party access to user data. Cambridge Analytica and parent company SCL have also been banned from the platform.
The Cambridge Analytica scandal will still have some small amount of life to it even if the settlement terms are approved, as a number of investigations by state attorneys general are ongoing (and a lawsuit has already been brought in Washington DC). But the incident’s greatest ongoing impact has become its legacy at this point, as it amplified the issue of data privacy in the mainstream news and directly prompted some states to adopt stronger regulatory measures for big tech platforms (which in turn has put increasing pressure on the development of a federal digital privacy law). The incident has also prompted some general tightening up and improvement at Facebook, as the platform has since rolled out end-to-end encryption for its messaging services and made a number of policy changes.