According to a court filing from last Friday, Facebook parent company Meta Platforms Inc. has agreed to settle a lawsuit that the social networking site granted access to confidential user data to other organizations, including Cambridge Analytica.
The lawsuit was filed due to the alleged role of Cambridge Analytica, a now-defunct British consulting firm that assisted US President Donald Trump’s 2016 campaign and during the UK’s Brexit referendum campaign, had inappropriately accessed and exploited Facebook user data. Though Facebook agreed to pay penalties in the US and UK and modify its privacy policies, both the social networking giant and Cambridge Analytica initially denied any wrongdoing.
The preliminary agreement, which was made public in a court filing late on Friday, comes after it was made public last month that Meta Chief Executive Officer Mark Zuckerberg will be forced to undergo questioning by plaintiffs’ attorneys. Former COO Sheryl Sandberg, who resigned from Meta in June, and current COO Javier Olivan are also expected to be presented in the lawsuit sometime this month, in the final phase of pre-trial evidence gathering. According to a document filed in San Francisco federal court, Zuckerberg has consented to undergo a deposition that may last up to six hours, while Sandberg might face questions for up to five hours. Olivan, who has long overseen the company’s expansion activities, will be questioned in detail throughout the deposition for up to three hours.
Although the settlement’s contents were not made public, it is believed that additional information may become available in late October. This is because this Class-Action civil suit which is being handled by the U.S. District Court for the Northern District of California, has been postponed for 60 days while the plaintiffs’ and Facebook’s legal teams work out a formal settlement. Reuters said that Facebook and its attorneys from Gibson, Dunn & Crutcher did not immediately comment on requests for further information on the settlement. Neither Keller Rohrback nor Bleichmar Fonti & Auld, the two legal firms representing the plaintiffs, made any comments.
After four years in court, 87 million present and former Facebook users will receive compensation for using their personal information without their consent. As some of the users may have independently filed a lawsuit, the amount depends on how many people are in the class. Depending on the settlement amount, the attorneys will retain 25% to 33% of the total sum.
Facebook used to offer full access to app developers so that they would be equipped with data to develop games, dating apps, and other socially-friendly software using user data. Soon, marketers and academics started carrying out independent studies based on user data. Researcher Jonathan Bright explained in a blog post from 2018 how Facebook’s Graph API was able to acquire user data for years. The information that Facebook applications could take was extensive, including about me, actions, activities, birthday, check-ins, education, events, games, groups, hometown, interests, likes, location, notes, online status, tags, photographs, questions, relationships, religion/politics, status, subscriptions, website, employment record.
Things turned ugly when Facebook stated that in 2014 Aleksandr Kogan, a psychology professor at the University of Cambridge, violated its privacy standards by sharing Facebook user data collected from his personality-prediction app thisisyourdigitallife (also known as GSRApp), with third parties, including Cambridge Analytica. The app queried its users about their personalities and other aspects of their lives, and it also gathered data from them and their friends in their social networks. The data had a rather wide scope and comprised roughly 30 distinct data points about the people who downloaded the app in addition to information on those users’ Facebook friends.
In order to build a system that could profile specific US voters in order to target them with tailored political advertisements, Cambridge Analytica, a political consultancy owned by hedge fund billionaire Robert Mercer and led at the time by Trump’s chief advisor Steve Bannon, used personal information taken without authorization in early 2014.
To provide personality assessments for GSRApp users and their Facebook friends, Kogan and Cambridge Analytica created, utilized, and analyzed data from the app in 2014. The company used these personality scores for voter profiling and targeted advertising by comparing them to data on American voters. Kogan was able to repurpose an app he already had on the Facebook network for this endeavor, giving it the ability to gather Facebook data from app users and their Facebook friends.
The world was hit by a massive curveball when a whistleblower revealed widespread data exploitation to the Observer in 2018. The Observer is the oldest Sunday newspaper in the world, published by the Guardian group. The Guardian Media Group purchased it in 1993 to serve as a sister publication for the Guardian.
A dossier of information regarding the data misuse was presented to the Observer by whistleblower Christopher Wylie, a Canadian data analytics expert who collaborated with Cambridge Analytica and Kogan to develop and manage the program. According to the Information Commissioner’s Office (ICO) and the National Crime Agency’s cybercrime unit, this comprised emails, contracts, bills, and financial transactions confirming one of the worst Facebook data breaches in history. This data breach resulted in the theft of more than 50 million profiles, most of which belonged to US citizens registered to vote. Additionally, it was charged with using strategies to suppress Black voters, according to Wylie.
Concerns regarding Facebook’s participation in selecting voters for the US presidential election have become even more pressing in light of the revelation of the enormous amount of data collected and the purposes for which it was used. This revelation compelled Zuckerberg to testify before Congress and resulted in the social media company being fined a multibillion-pound penalty. This is because, as per Facebook’s platform policy, data from users could only be collected to improve the user experience in the app and could not be sold or used for advertising – implying that the social networking company was lying about using user data for unethical purposes. Days after the article was released, Facebook’s stock price plummeted by an amount greater than $100 billion.
Facebook first refuted that Cambridge Analytica had violated data security and that Kogan’s company GSR had harvested information. In a statement, the company said that Kogan acquired access to this information in a lawful manner and through the appropriate procedures, but did not afterward adhere to company policies because he disclosed the data to outside parties. Later Facebook claimed to have withdrawn the app in 2015 and requested proof from anybody who had copies that the data had been destroyed.
In August 2016, a letter from Facebook’s attorneys ordering him to delete any data he had that had been obtained by GSR was included in the proof Wylie provided to the UK and US authorities.
Since the Cambridge Analytica scandal surfaced, Facebook has reduced the amount of information available to developers, blocked access to its data from hundreds of applications suspected of misusing it, and made it easier for users to set limits on the sharing of personal information. Just two months after the revelation that the political consulting firm had gathered the personal information of 87 million users, the company filed for bankruptcy. What’s scary is we only know about how Facebook gave Cambridge Analytica access to user personal data. There is a possibility that the company is still keeping other instances of data leaks under wraps.
The British Information Commissioner’s Office swiftly turned its attention to Cambridge Analytica and Facebook in its investigation into data and politics. In a separate investigation, the Electoral Commission also looked into Cambridge Analytica’s involvement in the EU referendum. Due to the data sharing incident, Facebook was fined £500,000 (maximum possible fine) in the UK by the Information Commissioner’s Office. In October 2019, the company decided not to appeal the ICO penalty.
In the meanwhile, the US Federal Trade Commission slapped Facebook with a record-breaking $5 billion in July 2019 for its participation in the incident. In order to improve its monitoring of privacy policies, the agreement called for the company’s board of directors to be restructured. The FTC also looked into whether this breach was in violation of a consent agreement signed in 2012 between Facebook and the agency, which required Facebook to improve user privacy protection. A separate lawsuit from last year said Facebook paid the FTC $4.9 billion more than required as part of a settlement to shield Zuckerberg.
While Facebook tried to allegedly shift attention from its role in the Cambridge Analytica breach by renaming itself Meta, both Meta and the social networking site Facebook are still drowning themselves in lawsuits.
After almost a million Britons signed up for a lawsuit organized by an organization called “You owe Us,” which has the claimed purpose of illustrating that the world’s biggest firms are not above the law, the social networking giant was slammed with a mass action lawsuit in the UK in October 2020.
In March 2020, Australian Information Commissioner and Privacy Commissioner Angelene Falk filed a lawsuit in the Federal Court against Facebook Inc. and Facebook Ireland. She claimed at the time that Facebook had violated Australian privacy legislation by engaging in significant and/or persistent invasions of privacy. Earlier in February, the Federal Court granted the Commissioner permission to sue Facebook. Attorney General Karl Racine of Washington, DC, filed the most recent complaint against Meta in May this year.
While Meta and Facebook are desperately grasping straws since the Cambridge Analytica scandal took the world by storm, one wonders if the current settlement can reverse the damage inflicted. At the same time, a detailed and transparent probe is required to investigate the possible hidden data breaches in the past by Facebook. The company has been under heat for racist mislabeling facial recognition AI before.