Australian Facebook users impacted by the Cambridge Analytica privacy breach will receive part of a $50 million settlement, marking the end of years-long legal proceedings.
The Australian Information Commissioner and Facebook parent company Meta, agreed to the multi-million-dollar deal today following court-ordered mediation, which began in February 2024.
“Today’s settlement represents the largest ever payment dedicated to addressing concerns about the privacy of individuals in Australia,” Australian Information Commissioner Elizabeth Tydd said.
“It represents a substantive resolution of privacy concerns raised by the Cambridge Analytica matter, gives potentially affected Australians an opportunity to seek redress through Meta’s payment program, and brings to an end a lengthy court process.”
The Commissioner lodged proceedings against the tech behemoth in the Federal Court in 2020 after Facebook users’ data was accessed and shared without their permission by consultancy firm Cambridge Analytica.
It’s understood the personal information of some Australian Facebook users was disclosed to the “This is Your Digital Life” app, and risked being used for political profiling purposes.
The app, that appeared as a “personality test”, collected data on tens of millions of people and their Facebook friends, as well as those who did not download the app themselves.
As part of today’s resolution, the Commissioner has withdrawn the civil penalty proceedings in the Federal Court.
Meta is now required to appoint a third party to administer the $50 million payment, which will be delivered in two tiers.
The first payout will apply to individuals who believe they experienced generalised concern or embarrassment as a result of the breach.
The second payout will apply to those who can demonstrate they have suffered loss or damage.
“The payment scheme is a significant amount that demonstrates that all entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law, and give users reasonable choice and control about how their personal information is used,” Tydd said.
“This also applies to global corporations that operate here.
“Australians need assurance that whenever they provide their personal information to an organisation, they are protected by the Privacy Act wherever that information goes.”
