Meta Platforms, the parent company of Facebook, Instagram, and WhatsApp, has agreed to pay $725 million to settle a long-running class-action lawsuit filed in 2018.
The legal dispute sprang up in response to revelations that the social media giant allowed third-party apps such as those used by Cambridge Analytica to access users' personal information without their consent for political advertising.
The proposed settlement, first reported by Reuters last week, is the latest penalty paid by the company in the wake of a number of privacy mishaps through the years. It still requires the approval of a federal judge in the San Francisco division of the U.S. District Court.
It's worth noting that Facebook previously sought to dismiss the lawsuit in September 2019, claiming users have no legitimate privacy interest in any information they make available to their friends on social media.
The data harvesting scandal, which came to light in March 2018, involved a personality quiz app called "thisisyourdigitallife" that allowed users' public profiles, page likes, dates of birth, genders, locations, and even messages (in some cases) to be collected for building psychographic profiles.
Created by a Cambridge University lecturer named Aleksandr Kogan in 2013, the app claimed to reveal users' personality traits based on what they had liked on Facebook by scraping their profile information in exchange for a small payment.
Through Global Science Research (GSR), a company Kogan founded in 2014, the data was then passed on to Cambridge Analytica, a British political consultancy firm owned by SCL Group, as part of a research project.
While around 300,000 users are said to have taken the psychological test, the app collected the private data of those who installed the app as well as their Facebook friends without seeking explicit permission, leading to a dataset spanning 87 million profiles.
thisisyourdigitallife was subsequently banned by Facebook in 2015 for contravention of its platform policy, with the company also sending a legal request to GSR and Cambridge Analytica to delete the improperly acquired data.
Only it turned out later that the unauthorized data was never purged to begin with and that the consulting firm, now defunct, used the personal information from millions of Facebook accounts for purposes of voter profiling and targeting ahead of the 2016 U.S. presidential election.
"This was a breach of trust between Kogan, Cambridge Analytica, and Facebook," CEO Mark Zuckerberg said at the time. "But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it."
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The bombshell expose fueled government scrutiny on both sides of the Atlantic, prompting the company to settle with the U.S. Securities and Exchange Commission (SEC) and the U.K. Information Commissioner's Office (ICO) in 2019.
The same year, Meta was also slapped with a record-breaking $5 billion fine following a probe initiated by the U.S. Federal Trade Commission (FTC) into its privacy practices and to settle charges that the firm undermined users' choice to control the privacy of their personal information.
Meta – which has not admitted to any wrongdoing in relation to the problematic data-sharing practice – has since taken steps to curtail third-party access to user information.
The tech giant further rolled out a tool called Off-Facebook Activity for users to "see a summary of the apps and websites that send us information about your activity, and clear this information from your account if you want to."