Facebook owner, Meta, has agreed to settle the longstanding Cambridge Analytica scandal for $725 million. This makes it the largest US data privacy class-action lawsuit ever. The scandal involving the social media platform and the political consultancy firm — colluding on voter profiling and targeting — first came to light in 2018. Facebook allowed Cambridge Analytica to illegitimately gain access to 87 million user profiles on its platform. The settlement still requires the approval of a federal judge.
The social media platform admitted to no wrongdoing in the settlement and said it has agreed to the settlement “in the best interest of its community.” Cambridge Analytica specialized in using data science methodologies to influence election campaigns, and by accessing Facebook data, the consultancy firm profiled users and possibly influenced election outcomes. In 2018, the firm went belly up from the fallout.
Meta and its subsidiaries continue to commit violations despite repeated warnings and fines. In 2019, Facebook was charged $5 billion by the FTC for various privacy breaches and willfully misleading users.
The Latest Fine for Facebook
Lawyers for the plaintiffs in the case allege that Facebook kept users in the dark about their information privacy. At the same time, it allowed preferred third parties to gain access to sensitive user data. Previously, Facebook argued that any information on the platform was already non-private. In 2019, US District Judge Vince Chhabria responded to that view, calling it “so wrong” and allowed the case to proceed.
While the legal team on the plaintiff’s side is demanding a 25% cut or $181 million of the settlement amount in the form of fees, each user will have to submit valid claims for any share of the settlement. Though Facebook may be a few degrees removed from actual involvement, it did provide harvested data without user consent to a political third party, Cambridge Analytica.
While fines continue to pile up against Meta, the tech giant shows few signs of changing its ways. Concerning the same scandal, Facebook incurred a $100 million fine from the Securities and Exchange Commission. Although the largest ever fine of $5 billion levied by the FTC could crush most companies, the amount didn’t even equal 10% of Meta’s annual revenue in 2019.
Breaking Down Cambridge Analytica
Founded in 2013, Cambridge Analytica was SCL Group’s US subsidiary. Cambridge Analytica purchased a dataset from Global Science Research (GSR). This firm developed and deployed the personality-quiz application “This Is Your Digital Life,” which Facebook allowed on its platform.
Around 270,000 users used the application, though the application didn’t just harvest these direct users’ data. Through this initial pool, it accessed the friends of these users for a total dataset of 87 million people. Facebook banned the application in 2015 and sent both GSR and Cambridge Analytica requests for the removal of all collected information.
Yet, these entities ignored Facebook’s requests. Based on the harvested datasets, Cambridge Analytica created personality profiles of users, which then helped the firm tailor its campaigns.
Subsequent investigations into the Cambridge Analytica scandal revealed that it had a bearing on Donald Trump’s presidential win in 2016 and influenced the Brexit outcome. In a video, Cambridge Analytica CEO Alexander Nix boasted of his firm’s data research, mining, and analytics work for Donald Trump’s presidential campaign, admitting to deliberately influencing the elections.
A Broader View of Big Tech Fines
Data privacy legislations are failing to curtail these violations. Legislation such as the GDPR provides enforcers with powers to investigate data breaches and reign in compliance offenders. But Big Tech seems to grow in influence with each passing year.
On the other hand, the fines levied against Meta and its subsidiaries are a drop in the ocean compared to its annual revenue. It’s a repeat offender convicted in multiple courts for intentional non-compliance. Its negligent data processing in the EU and repeated violations of GDPR might lead it to get banned from the continent.
From a cybersecurity standpoint, an obvious conclusion to draw from all this is that any information on any social media platform can be harvested or compromised. Investigations and fines against other social media platforms prove this point. For example, Ireland’s DPC currently launched an investigation into a Twitter privacy breach that might have affected 5.4 million users. From that data breach, it has become evident that even when users make their phone and email information private, it’s still vulnerable to a breach. This renders such privacy protocols largely null and void.
Commercial entities need to ensure that employees use encrypted internal messaging applications. Further, they also need to protect the network layers from threats. Moreover, it’s pertinent for business owners to comply with their jurisdictions’ data handling rules. Any third-party access should be denied by taking the right steps.
Protecting Online Information
Though it might seem impractical, the best way to protect sensitive information is not to upload it online in the first place. Users can limit their exposure on social media accounts, especially since Big Tech has a history of negligence when it comes to user privacy. When using public accounts, it’s always better to use multi-factor authentication (MFA) and strong passwords to keep profiles safe. Yet, these aren’t foolproof ways of avoiding a network compromise.
Meta, which also owns WhatsApp and Instagram, remains the worst offender regarding data privacy, leaving many heinous violations in its wake. While going “off the grid” is impossible in today’s digital age, some platforms are more secure and responsible than others. Users can still choose what platforms to use, basing their decisions on the platform’s previous track record.