Meta, Facebook’s parent company, has agreed to settle for an undisclosed sum in a data breach lawsuit, which saw the company accused of illegally sharing user data with the disgraced analysis firm Cambridge Analytica.
The Californian class action lawsuit was brought against the company by a group of Facebook users who believe it violated consumer privacy laws when it shared user’s data with Cambridge Analytica. The firm was deeply involved in the 2016 US presidential election and the Brexit campaign, using Facebook data from the United States and Britain to sway votes.
Without a settlement, Mark Zuckerberg, Meta CEO, and Sheryl Sandberg, outgoing chief operating officer, were expected to testify for up to eleven hours of questioning later this month. The timing conveniently spares the pair hours of grilling, provided the settlement goes through.
Cambridge Analytica used data harvested from Facebook without user permission to create a “psychological warfare tool,” designed to predict and influence who you vote for at the polling station. Experts estimated the firm gained access to information regarding 87 million Facebook users.
According to British data protection law, it is illegal for personal data to be sold to a third party without the owner’s consent – something Facebook failed to prevent.
Undoubtedly one of the biggest data breaches to date, its effects are still visible today despite the scandal breaking back in 2018. Facebook remains embroiled in multiple data breach lawsuits – and they don’t look likely to wrap up soon. Zuckerberg is on the receiving end of a lawsuit all his own, as the District of Colombia seeks to hold him personally responsible. It’s the latest in a long line of legal blows the company has suffered over the past four years – one of which saw Meta fined five billion dollars by the Federal Trade Commission.
Facebook’s reputation nosedived, and consumer trust has struggled to recover. As Julia Carrie Wong put it eloquently for The Guardian:
“Almost every company has suffered a big data breach at this point; only Facebook has endured such an existential reckoning.”
The data breach lawsuit: A timeline of events
The Facebook-Cambridge Analytica scandal is littered with famous faces and important figures as it infiltrated the political sphere and left its mark. Both in Britain and America, the data analytics firm changed society’s trajectory.
2013: The beginning of the data breach
Aleksandr Kogan, an academic from Cambridge University, developed an app named “ThisIsYourDigitalLife” for the private firm Global Science Research. In collaboration with Cambridge Analytica, the companies paid approximately 300,000 people to take a personality test on the app. They also agreed to the app harvesting their Facebook data – provided it was for research.
However, the app collected data from the participant’s Facebook friends – opening the data pool to become hundreds of millions of people’s data strong. By the end of the saga, experts estimated that 87 million people had their data taken without their permission by Cambridge Analytica.
2015: Facebook becomes aware of Cambridge Analytica
In September 2015, Facebook employees finally noticed Cambridge Analytica’s activity on their site and described the firm as “sketchy (to say the least),” and were concerned they had “penetrated our market deeply.” The company dismissed their employee’s concerns.
Three months later, the Guardian published an article on Ted Cruz’s 2016 presidential campaign working with Cambridge Analytica to harvest data from “tens of millions of Facebook users.” They go on to note that the users aren’t aware of their data being taken and used in this way – highlighting a potential data breach. At this time, the news doesn’t gain a great deal of traction, and Facebook declines to act in light of the allegations.
2016: Voters become data breach victims and are unfairly targetted at home and abroad
A new year dawns, and it is undoubtedly one of the busiest in recent political history. A presidential election is underway in America, and Britain’s vote on leaving the EU looms.
In London, the headquarters of the Vote Leave campaign is busily working alongside AggregateIQ, a firm with such strong ties to Cambridge Analytica employees referred to it as a “department” within the company. Crucially, they share the same technology and provide the same function – creating psychological voter profiles and using them to target and influence voters.
The Vote Leave campaign was supported by Boris Johnson, at the time the foreign secretary, and Michael Gove, formerly the environment secretary. Dominic Cummings, the former government advisor currently on less than agreeable terms with members of the government, including Johnson and Gove, hired the firm but later denied any knowledge of the connection to Cambridge Analytica – a claim rejected by Aggregate IQ members.
After months of campaigning, on June 23rd, the Leave campaign claimed 52% of the votes in a shock win. In a quote featured prominently on AggregateIQ’s website, Cummings is credited with saying:
Without a doubt, the vote leave campaign owes a great deal of its success to the work of AggregateIQ. We couldn’t have done it without them.
Across the pond, Donald Trump’s presidential campaign is gaining traction thanks to Cambridge Analytica’s work. Using the data harvested from Facebook, it’s bombarding votes with personalised political adverts in an attempt to sway their voting inclinations. Trump’s chief executive campaign officer was Steve Bannon, a board member of Cambridge Analytica.
On November 8th, Trump is named the 45th president of the United States of America.
2018: A year of reckoning and the data breach lawsuit begins
Up until now, the actions of Cambridge Analytica have remained secret from the world. However, in March 2018, Cambridge Analytica whistleblower Christopher Wylie came forward and broke the news. Working with the Observer, he exposed how the firm had illegally used Facebook data to exert influence on the highest corners of politics. Wylie explained in his own words how the company worked:
“We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”
The media went into a frenzy with the news, and Facebook received international condemnation for allowing this to happen. However, Zuckerberg said nothing for days on end. Meanwhile, Facebook’s market capitalisation dramatically fell by over $100 billion.
Five long days later, he finally posted to Facebook and acknowledged there had been “a breach of trust between Facebook and the people who share their data with us and expect us to protect it.” Subsequently, he finally removed Cambridge Analytica and its software from Facebook.
Zuckerberg’s worries didn’t end there. One month later, he testified to US Congress. He received rigorous questioning regarding the data breach and Facebook’s role in privacy and storing personal data.
That same month, a class action lawsuit was filed against Facebook for sharing user data with third parties, including Cambridge Analytica.
After five years of subversive behaviour and top-secret operations, and two long months of intense scrutiny, Cambridge Analytica shut down in May.
2019: More legal action costs Facebook billions of dollars
Heading into 2019, Facebook was undoubtedly hoping the worst was behind them – and they were sorrily mistaken. In July, the US Federal Trade Commission (FTC) completed a year-long investigation into the company and fined Facebook $5 billion in a record-breaking settlement deal. The penalty is almost twenty times bigger than any fine imposed for a data breach before, and brings with it sweeping restrictions on Facebook operations to improve security.
In the same manner, the British government is conducting their own investigation. In October, the Information Commissioner’s Office (ICO) fined Facebook £500,000 – the maximum penalty they can award under UK data protection law. It’s worth noting at no point during ICO’s investigation did Facebook admit to any wrongdoing – seeming to imply the company’s infrastructure worked as designed.
ICO performed a full audit of Cambridge Analytica’s actions on Facebook to determine the extent of the reach of the data breach. Unfortunately, the fine print of the settlement tied up the details in secrecy and ICO passed the information onto Facebook to aid them in their internal investigation. Unsurprisingly, Facebook has never released any of the data to the public.
2022: Meta reaches a settlement – but its legal woes aren’t over yet
Three years and a rebrand later that saw Facebook renamed to Meta, a settlement has finally been reached in the class action lawsuit brought against the company in 2018 for an undisclosed sum. Despite agreeing to settle, Facebook has yet again made no admission of guilt and instead said that its privacy practices were in line with the law and they “do not support any legal claims.”
The lawsuit is on hold for sixty days while lawyers and plaintiffs on both sides of the case finalise the settlement.
Even if the settlement is accepted, it won’t mark the end of Meta’s legal woes. In May this year, Zuckerberg had a data breach lawsuit brought against him personally by the Attorney General of Washington DC, Karl Racine. Racine commented:
“This unprecedented security breach exposed tens of millions of Americans’ personal information, and Mr Zuckerberg’s policies enabled a multi-year effort to mislead users about the extent of Facebook’s wrongful conduct.”
What happens next?
The Facebook-Cambridge Analytica scandal is undeniably the most high-profile data breach in history. With 87 million user profiles implicated in the data breach, it’s incredibly difficult to decide on the correct course of action to rectify the wrong – if that’s possible. No amount of money can change the fact that millions of people had their private information taken and used against them to manipulate their voting intentions.
Despite the controversy surrounding the case, Facebook still boasts over two billion active users, makes approximately $319 million a day and is worth over $430 billion. It appears that no matter how they behave, the most popular social media platforms are too big to fail and here to stay. New regulations are intended to make sure nothing similar can ever happen again – but with so much data up for grabs, it’s unclear whether they will be enough to deter those with ill intent and the means to harvest data on an astronomical scale.
If you have been the victim of a data breach, HNK Solicitors can help you
Data breaches are often very complex and carry wide-reaching implications. If your data was lost or taken in a breach get in touch with us today, and we can work together to build your case. Our no-obligation consultation will assess whether your claim is likely to be successful. Our no-win, no-fee service means you can move ahead with the case without any personal risk.
Our expert team of data breach solicitors are ready to get started on your case today. Get in touch via our online form or give us a call on 0151 668 0813, and we can get you the justice you deserve.