Facebook has been ordered to pay an astonishing $725 million in a settlement resulting from a series of privacy lawsuits. These legal actions accused the company of breaching users' privacy rights. In addition to this substantial sum, Facebook is also confronted with a class action lawsuit of $650 million for unlawfully collecting and storing the biometric data of approximately 1.3 million Illinois residents without their informed consent.
The lawsuits assert that Facebook not only shared users' personal information and that of their friends with third parties without obtaining proper consent, but also neglected to supervise or regulate how these external entities accessed, managed, distributed, and utilized the data. The reality is that your information was sent out to third parties without fiscal responsibility or regard of what others would do with it.
News in 2018 that the data-mining firm Cambridge Analytica had taken data from up to 87 million Facebook users through a personality quiz app sparked the lawsuit. It grew to encompass several cases — which were consolidated in the U.S. District Court for the Northern District of California in 2018 — and address broader concerns about the company’s data privacy practices. Plaintiffs alleged that Facebook granted third parties access to users’ content and information without their consent and failed to monitor how it was used. Meta has denied any wrongdoing but agreed to the settlement in December to avoid the costs and risks of continuing the case.
The legal team representing the plaintiffs estimates that up to 280 million individuals may be eligible for compensation as part of this lawsuit. However, it is important to note that to qualify, individuals must have resided in the United States during the relevant period covered by the lawsuit. Unfortunately, non-U.S. residents, including us Canadians, are ineligible unless they lived in the United States during the time of May 2007 and Dec 2022.
The amount of compensation awarded to each person will be determined by the duration of their Facebook account's existence and the number of valid claims submitted. "Points" will be allocated for each month an account was active between May 24, 2007, and December 22, 2022. After deducting attorneys' fees, the funds will be distributed proportionally based on these calculations. However, it is essential to manage expectations, as this settlement will not result in a financial impact that changes one’s lifestyle. How much could your share be? No one knows at this point but it could be from a few dollars up to a few thousand dollars or more.
If an individual held a Facebook account during the aforementioned period, they are automatically included in the settlement. However, to receive compensation, they must submit a claim through the class action website by August 25 of 2023. Failure to do so will forfeit any entitlement to financial redress and waive the right to sue Facebook or participate in any related lawsuit pertaining to these allegations.
The link to register your claim is: https://www.facebookuserprivacysettlement.com
Protecting Our Identities & Personal Information.
While it is encouraging to witness major technology companies being held accountable for unauthorized access, sale, and sharing of our data, it is crucial to recognize that relying solely on legal recourse and governmental intervention is inadequate for protecting our identities and personal information. Entities like Meta (formerly known as Facebook) generate enormous profits from the monetization and utilization of our data. For instance, Meta accumulated over $116 billion in revenue last year from an ostensibly "free" application, with the majority of this revenue derived from data sales and access.
Consequently, the $725 million settlement, although significant, amounts to about half a percent of the company's total annual revenue—an essentially insignificant sum. (The 12 months ending March 31, 2023, Meta generated $117.346 Billion dollars - $725M is exactly 0.00618% of the annual revenues, hardly a rounding error for the giant. On scale, it is like going out for dinner with the kids at the Keg one time for most people). The legal team that led the class action suit are asking for 25% of the settlement (approximately $181M) which leaves over half a billion dollars up for grabs.
The pervasive presence of the dark web and the growing prevalence of hacking demonstrate the considerable value associated with personally identifiable information. Therefore, it is imperative to exercise caution and vigilance to avoid falling victim to data breaches, unauthorized sharing, and illicit sales.
One effective measure to prevent data sharing involves adjusting the privacy settings within the Facebook platform. Meta now includes the ability to manage both Facebook and Instagram with ease.
- Facebook: https://www.facebook.com/settings/?tab=privacy
- Instagram: https://www.instagram.com/accounts/privacy_and_security/
Another recommended step is to review the privacy settings on mobile devices, ensuring that applications do not possess unrestricted access to the device's camera and microphone without explicit user permission. Many applications are initially installed with these access features enabled, requiring users to manually opt out.
For business owners, it is crucial to contemplate how client data is stored and handled.
This lawsuit serves as a reminder that governments increasingly prioritize data privacy and protection, resulting in stricter regulatory compliance requirements across all industries with regards to data security and privacy. Privacy laws are only getting tougher on companies and will likely become incredibly complex to navigate and manage in the near future.
Now is the time for your company to get ahead of the pending legal changes and ensure your company is protected from privacy breaches and threats. Infinite IT has earned two ISO certifications around Information Security and Privacy Management. We also have our iComply offering that can enable your company to be better protected and mitigate risk.
With PIPEDA being retired soon, Canadian companies owe it to themselves (and to their customers) to get ahead of the risk and act before it is too late. There is a saying in the cyber security world these days… “It is not a matter of if you will be breached, but when!”
What is your company doing to mitigate these risks?
Safeguard Your Client & Employee Data
To ensure the inadvertent exposure of client data is avoided and compliance with data protection laws is maintained, we encourage you to schedule a brief call with us, during which we can address any concerns you may have and explore potential strategies to safeguard client and employee data.
(Also, always make sure to validate news as real. We did just that for you and can say this is actually legitimate.)
Here are some of the news sources we used to validate the story: