Meta, owner of Facebook, has agreed to pay $725 million to settle a class action lawsuit alleging that the company permitted third parties, including Cambridge Analytica, to obtain unauthorized access to users’ personal information.
The proposed settlement, which was announced in a US court filing on Thursday, will end a long-running dispute that arose from revelations in 2018 that Facebook had allowed Cambridge Analytica to access the data of as many as 87 million users.
“This historic settlement will provide meaningful relief to the class in this complex and novel privacy case,” the lead lawyers for the plaintiffs, Derek Loeser and Lesley Weaver, said in a joint statement.
The settlement ““would be the largest data privacy or data breach class action settlement ever achieved in the United States”, they added.
Meta did not admit any wrongdoing as part of the settlement, which requires the approval of a federal judge in San Francisco.
The company said in a statement: “We pursued a settlement as it’s in the best interest of our community and shareholders. Over the last three years we revamped our approach to privacy and implemented a comprehensive privacy programme. We look forward to continuing to build services people love and trust with privacy at the forefront.”
The case centred on the actions of the now-defunct UK political consulting firm Cambridge Analytica, which harvested the data of as many as 87 million Facebook users through a survey app called MyDigital Life for the purposes of voter profiling and targeting.
While Facebook became aware of this in 2015, it was not made public until March 2018, when an investigation by The Observer revealed Cambridge Analytica’s role in the US election.
In 2019, Facebook reached a settlement with the US Federal Trade Commission in which it agreed to pay $5 billion over the privacy breach.
The company also entered into a settlement with the US Securities and Exchange Commission, agreeing to pay $100 million in connection with allegations that it had misled investors about the potential risks of misuse of user data.