• Newsletters

Site search

  • Israel-Hamas war
  • Home Planet
  • 2024 election
  • Supreme Court
  • TikTok’s fate
  • All explainers
  • Future Perfect

Filed under:

The Facebook and Cambridge Analytica scandal, explained with a simple diagram

A visual of how it all fits together. They’re now shutting down.

Share this story

  • Share this on Facebook
  • Share this on Twitter
  • Share this on Reddit
  • Share All sharing options

Share All sharing options for: The Facebook and Cambridge Analytica scandal, explained with a simple diagram

Cambridge Analytica, the political consulting firm that did work for the Trump campaign and harvested raw data from up to 87 million Facebook profiles, is shutting down .

There is a complicated web of relationships that explains how the Trump campaign, Cambridge Analytica, and Facebook are tied together, as my colleague Andrew Prokop explains in this excellent piece .

But if you need a refresher on how all the pieces fit together, this diagram helps make sense of it all.

1) Here’s the very simple version of the story

Facebook exposed data on up to 87 million Facebook users to a researcher who worked at Cambridge Analytica, which worked for the Trump campaign.

facebook cambridge analytica case study

2) But how is the Trump campaign connected to Cambridge Analytica?

Cambridge Analytica was created when Steve Bannon approached conservative megadonors Rebekah and Robert Mercer to fund a political consulting firm. Bannon became vice president of Cambridge Analytica, and during the 2016 election, he reached out to the Trump campaign to introduce the two sides.

Bannon, of course, eventually became a senior adviser to Trump before he was fired in August 2017.

facebook cambridge analytica case study

So what is the SCL Group, which does the work for Cambridge Analytica? It’s a public relations and messaging firm that has clients all around the world, and as Vox’s Andrew Prokop writes :

SCL tends to describe its capabilities in grandiose and somewhat unsettling language — the company has touted its expertise at ”psychological warfare” and “influence operations.” It’s long claimed that its sophisticated understanding of human psychology helps it target and persuade people of its clients’ preferred message.

This means, as the New York Times writes, Cambridge Analytica is basically a shell for the SCL Group.

3) How did Cambridge Analytica get its data?

Cambridge Analytica CEO Alexander Nix actually reached out to WikiLeaks founder Julian Assange about the emails that were hacked from the Democratic National Committee’s servers, according to the Wall Street Journal .

But the more important part of this story is how Cambridge Analytica got its data from Facebook. And according to a former Cambridge Analytica employee , the firm got it through researcher Aleksandr Kogan, a Russian American who worked at the University of Cambridge.

facebook cambridge analytica case study

4) How did Kogan use Facebook to harvest up to 87 million user profiles?

Kogan built a Facebook app that was a quiz.

It not only collected data from people who took the quiz, but as my colleague Aja Romano writes, it exposed a loophole in Facebook API that allowed it to collect data from the Facebook friends of the quiz takers as well.

As Romano points out, Facebook prohibited the selling of data collected with this method, but Cambridge Analytica sold the data anyway.

facebook cambridge analytica case study

Why this is a Facebook scandal more than a Cambridge Analytica one

Facebook founder and CEO Mark Zuckerberg wrote in a response to this scandal , “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there’s more to do, and we need to step up and do it.”

But former Facebook employees have said that there’s a tension between the security team and the legal/policy team in terms of how they prioritize user protection in their decision-making.

“The people whose job is to protect the user always are fighting an uphill battle against the people whose job is to make money for the company,” Sandy Parakilas, who worked on the privacy side at Facebook, told the New York Times .

Now, there is a decent chance Cambridge Analytica’s work didn’t actually do much to elect Trump; the firm’s reputation in the political consulting community is less than stellar .

But this highlights a larger debate over how much users can trust Facebook with their data. Facebook allowed a third-party developer to engineer an application for the sole purpose of gathering data. And the developer was able to exploit a loophole to gather information on not only people who used the app but all their friends — without them knowing .

Still, it’s Cambridge Analytica paying the price today after losing multiple clients after the last several months of unflattering publicity.

Will you support Vox today?

We believe that everyone deserves to understand the world that they live in. That kind of knowledge helps create better citizens, neighbors, friends, parents, and stewards of this planet. Producing deeply researched, explanatory journalism takes resources. You can support this mission by making a financial gift to Vox today. Will you join us?

We accept credit card, Apple Pay, and Google Pay. You can also contribute via

facebook cambridge analytica case study

The Cambridge Analytica Facebook scandal

  • The Facebook data breach wasn’t a hack. It was a wake-up call.
  • Why investigators think Cambridge Analytica might have helped Russia spread fake news
  • 9 questions about Facebook and data sharing you were too embarrassed to ask
  • The case against Facebook
  • “Psychographic microtargeting”: what’s bullshit and what’s legit 
  • Mark Zuckerberg on Facebook’s hardest year, and what comes next
  • Mark Zuckerberg runs a nation-state, and he’s the king
  • Read Mark Zuckerberg’s prepared statement for congressional testimony
  • Mark Zuckerberg has been apologizing for reckless privacy violations since he was a freshman
  • I was Zuckerberg’s speechwriter. “Companies over countries” was his early motto.
  • What the government could actually do about Facebook
  • Why we can’t trust Facebook to police itself
  • Lawmakers seem confused about what Facebook does — and how to fix it
  • Banks have to know their customers. Shouldn’t Facebook and Twitter?

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.

Thanks for signing up!

Check your inbox for a welcome email.

Oops. Something went wrong. Please enter a valid email and try again.

  • Skip to main content
  • Keyboard shortcuts for audio player

Facebook parent Meta will pay $725M to settle a privacy suit over Cambridge Analytica

facebook cambridge analytica case study

Facebook CEO Mark Zuckerberg walks at the company's headquarters in Menlo Park, Calif., on April 4, 2013. Facebook parent company Meta has agreed to pay $725 million to settle a class-action privacy lawsuit. Marcio Jose Sanchez/AP hide caption

Facebook CEO Mark Zuckerberg walks at the company's headquarters in Menlo Park, Calif., on April 4, 2013. Facebook parent company Meta has agreed to pay $725 million to settle a class-action privacy lawsuit.

Facebook parent company Meta has agreed to pay $725 million to settle a class-action lawsuit claiming it improperly shared users' information with Cambridge Analytica, a data analytics firm used by the Trump campaign.

The proposed settlement is a result of revelations in 2018 that information of up to 87 million people may have been improperly accessed by the third-party firm, which filed for bankruptcy in 2018. This is the largest recovery ever in a data privacy class action and the most Facebook has paid to settle a private class action, the plaintiffs' lawyers said in a court filing Thursday.

Meta did not admit wrongdoing and maintains that its users consented to the practices and suffered no actual damages. Meta spokesperson Dina El-Kassaby Luce said in a statement that the settlement was "in the best interest of its community and shareholders" and that the company has revamped its approach to privacy.

Plaintiffs' lawyers said about 250 million to 280 million people may be eligible for payments as part of the class action settlement. The amount of the individual payments will depend on the number of people who come forward with valid claims.

"The amount of the recovery is particularly striking given that Facebook argued that its users consented to the practices at issue, and that the class suffered no actual damages," the plaintiffs' lawyers said in the court filing.

4 Key Takeaways From Washington's Big Tech Hearing On 'Monopoly Power'

4 Key Takeaways From Washington's Big Tech Hearing On 'Monopoly Power'

FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations

FTC To Hold Facebook CEO Mark Zuckerberg Liable For Any Future Privacy Violations

Facebook's data leak to Cambridge Analytica sparked global backlash and government investigations into the company's privacy practices the past several years.

Facebook CEO Mark Zuckerberg gave high-profile testimonies in 2020 before Congress and as part of the Federal Trade Commission's privacy case for which Facebook also agreed to a $5 billion fine. The tech giant also agreed to pay $100 million to resolve U.S. Securities and Exchange Commission claims that Facebook misled investors about the risks of user data misuse.

Facebook first learned of the leak in 2015, tracing the violation back to a Cambridge University psychology professor who harvested data of Facebook users through an app to create a personality test and passed it on to Cambridge Analytica.

Facebook Pays $643,000 Fine For Role In Cambridge Analytica Scandal

Facebook Pays $643,000 Fine For Role In Cambridge Analytica Scandal

Cambridge Analytica was in the business to create psychological profiles of American voters so that campaigns could tailor their pitches to different people. The firm was used by Texas Sen. Ted Cruz's 2016 presidential campaign and then later by former President Donald Trump's campaign after he secured the Republican nomination.

According to a source close to the Trump campaign's data operations, Cambridge Analytica staffers did not use psychological profiling for his campaign but rather focused on more basic goals, like increasing online fundraising and reaching out to undecided voters.

Whistleblower Christopher Wylie then exposed the firm for its role in Brexit in 2019. He said Cambridge Analytica used Facebook user data to target people susceptible to conspiracy theories and convince British voters to support exiting the European Union. Former Trump adviser Steve Bannon was the vice president and U.S. hedge-fund billionaire Robert Mercer owned much of the firm at the time.

The court has set a hearing for March 2, 2023, when a federal judge is expected to give the settlement final approval.

NPR's Bobby Allyn contributed reporting.

  • cambridge analytica
  • Share full article

Advertisement

Supported by

Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens

By Kevin Granville

  • March 19, 2018

facebook cambridge analytica case study

Our report that a political firm hired by the Trump campaign acquired access to private data on millions of Facebook users has sparked new questions about how the social media giant protects user information.

Who collected all that data?

Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gained access to private information on more than 50 million Facebook users. The firm offered tools that could identify the personalities of American voters and influence their behavior.

Cambridge has been largely funded by Robert Mercer, the wealthy Republican donor, and Stephen K. Bannon, a former adviser to the president who became an early board member and gave the firm its name. It has pitched its services to potential clients ranging from Mastercard and the New York Yankees to the Joint Chiefs of Staff.

On Monday, a British TV news report cast it in a harsher light, showing video of Cambridge Analytica executives offering to entrap politicians. A day later, as a furor grew, the company suspended its chief executive, Alexander Nix.

[Read more about how Cambridge Analytica and the Trump campaign became linked]

What kind of information was collected, and how was it acquired?

The data, a portion of which was viewed by The New York Times, included details on users’ identities, friend networks and “likes.” The idea was to map personality traits based on what people had liked on Facebook, and then use that information to target audiences with digital ads.

Researchers in 2014 asked users to take a personality survey and download an app, which scraped some private information from their profiles and those of their friends, activity that Facebook permitted at the time and has since banned.

The technique had been developed at Cambridge University’s Psychometrics Center. The center declined to work with Cambridge Analytica, but Aleksandr Kogan, a Russian-American psychology professor at the university, was willing.

Dr. Kogan built his own app and in June 2014 began harvesting data for Cambridge Analytica.

He ultimately provided over 50 million raw profiles to the firm, said Christopher Wylie, a data expert who oversaw Cambridge Analytica’s data harvesting. Only about 270,000 users — those who participated in the survey — had consented to having their data harvested, though they were all told that it was being used for academic use.

Facebook said no passwords or “sensitive pieces of information” had been taken, though information about a user’s location was available to Cambridge.

[Read more about the internal tension at the top of Facebook over the platform’s political exploitation]

So was Facebook hacked?

Facebook in recent days has insisted that what Cambridge did was not a data breach , because it routinely allows researchers to have access to user data for academic purposes — and users consent to this access when they create a Facebook account.

But Facebook prohibits this kind of data to be sold or transferred “to any ad network, data broker or other advertising or monetization-related service.” It says that was exactly what Dr. Kogan did, in providing the information to a political consulting firm.

Dr. Kogan declined to provide The Times with details of what had happened, citing nondisclosure agreements with Facebook and Cambridge Analytica.

Cambridge Analytica officials, after denying that they had obtained or used Facebook data, changed their story last week. In a statement to The Times, the company acknowledged that it had acquired the data, though it blamed Dr. Kogan for violating Facebook’s rules and said it had deleted the information as soon as it learned of the problem two years ago.

But the data, or at least copies, may still exist. The Times was recently able to view a set of raw data from the profiles Cambridge Analytica obtained.

What is Facebook doing in response?

The company issued a statement on Friday saying that in 2015, when it learned that Dr. Kogan’s research had been turned over to Cambridge Analytica, violating its terms of service, it removed Dr. Kogan’s app from the site. It said it had demanded and received certification that the data had been destroyed.

Facebook also said: “Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted. We are moving aggressively to determine the accuracy of these claims. If true, this is another unacceptable violation of trust and the commitments they made. We are suspending SCL/Cambridge Analytica, Wylie and Kogan from Facebook, pending further information.”

In a further step, Facebook said Monday that it had hired a digital forensics firm “to determine the accuracy of the claims that the Facebook data in question still exists.” It said that Cambridge Analytica had agreed to the review and that Dr. Kogan had given a verbal commitment, while Mr. Wylie “thus far has declined.”

[Read more about how to protect your data on Facebook]

What are others saying?

Facebook, already facing deep questions over the use of its platform by those seeking to spread Russian propaganda and fake news, is facing a renewed backlash after the news about Cambridge Analytica. Investors have not been pleased, sending shares of the company down more than 8 percent since Friday.

■The Federal Trade Commission said Tuesday it is investigating whether Facebook violated a 2011 consent agreement to keep users’ data private.

■ In Congress, Senators Amy Klobuchar, a Democrat from Minnesota, and John Kennedy, a Republican from Louisiana, have asked to hold a hearing on Facebook’s links to Cambridge Analytica. Republican leaders of the Senate Commerce Committee, led by John Thune of South Dakota, wrote a letter on Monday to Mark Zuckerberg, Facebook’s chief executive, demanding answers to questions about how the data was collected.

■ A British Parliament committee sent a letter to Mr. Zuckerberg asking him to appear before the panel to answer questions on Facebook’s ties to Cambridge Analytica.

■ The attorney general of Massachusetts, Maura Healey, announced on Saturday that her office was opening an investigation. “Massachusetts residents deserve answers immediately from Facebook and Cambridge Analytica,” she said in a Twitter post . Facebook’s lack of disclosure on the harvesting of data could violate privacy laws in Britain and several states.

A Guide to Digital Safety

A few simple changes can go a long way toward protecting yourself and your information online..

A data breach into your health information  can leave you feeling helpless. But there are steps you can take to limit the potential harm.

Don’t know where to start? These easy-to-follow tips  and best practices  will keep you safe with minimal effort.

Your email address has become a digital bread crumb that companies can use to link your activity across sites. Here’s how you can limit this .

Protect your most sensitive accounts by creating unique passwords and adding extra layers of verification .

There are stronger methods of two-factor authentication than text messages. Here are the pros and cons of each .

Do you store photos, videos and important documents in the cloud? Make sure you keep a copy of what you hold most dear .

Browser extensions are free add-ons that you can use to slow down or stop data collection. Here are a few to try.

Facebook’s Cambridge Analytica Controversy Could Be Big Trouble for the Social Network. Here’s What to Know

T he fallout from Facebook’s data scandal involving Cambridge Analytica continues this week, as more information came to light confirming that at least 87 million Facebook users were impacted by hidden data harvesting — an update from the “ tens of millions ” figure that Facebook previously said were touched by its ongoing privacy crisis.

Facebook, which is the largest social media company in the world, admitted today that the number was much higher than previously believed at the bottom of a blog post written by Chief Technology Officer Mike Schroepfer.

“In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica,” he wrote.

He laid out nine ways Facebook is now working on to better protect user information , saying that the changes will limit the ways apps are allowed to collect and share people’s information.

Third party apps will now be restricted from accessing certain kinds of user information they could previously collect from Facebook features like Events, Groups and Pages. Other changes include updates to the ways third-party apps can collect data related to logins for things like “check-ins, likes, photos, posts, videos, events and groups,” the company’s statement reads.

It also says that apps will no longer be allowed to collect personal data such as “religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.”

The social media juggernaut also announced that it has disabled certain features in “search and account recovery” to prevent people’s public profiles from being scraped by “malicious actors.” It is also completely shutting down its Partner Categories, which is “a product that lets third-party data providers offer their targeting directly on Facebook,” the statement says.

A new feature is also being added to everyone’s newsfeed — a link at the top of the page that will allow users to see what information apps they use have collected about them, and also allow users to remove those apps if they choose. Facebook pledged to alert those users whose personal data was improperly collected by Cambridge Analytica.

Facebook also posted a link to updated policies for Instagram , which it owns.

While the users affected are mainly in the U.S., the BBC has also reported that about one million of the 87 million users impacted are based in the U.K.

Facebook’s announcement that almost 90 million users were affected comes on the heels of the news that CEO Mark Zuckerberg will testify before Congress on April 11.

The drama began when the $500 billion company admitted earlier in March that data analysis firm Cambridge Analytica, which has close ties to President Trump’s election campaign and right-leaning megadonors, used data that had been collected from millions of users without their consent. Facebook has since suspended Cambridge Analytica’s access to its platform.

Facebook continues to take a beating from commentators and investors alike as its stock keeps plunging — the company’s market cap dropped $50 billion alone during first week that the scandal came to light, becoming its largest ever two-day drop . Meanwhile, lawmakers in the U.S. and the U.K. who demanded Zuckerberg explain his company’s practices may finally get some answers during his testimony next week.

Here’s what to know about Facebook’s latest crisis.

What is Cambridge Analytica?

Cambridge Analytica is a political analysis firm that claims to build psychological profiles of voters to help its clients win elections. The company is accused of buying millions of Americans’ data from a researcher who told Facebook he was collecting it strictly for academic purposes. Facebook allowed Aleksandr Kogan, a psychology professor at the University of Cambridge who owns a company called Global Science Research, to harvest data from users who downloaded his app. The problem was that Facebook users who agreed to give their information to Kogan’s app also gave up permission to harvest data on all their Facebook friends, as well, according to the Guardian.

The breach occurred when Kogan then sold this data to Cambridge Analytica, which is against Facebook’s rules. Facebook says it has since changed the way it allows researchers to collect data from the platform as a result.

Christopher Wylie, a whistleblower who worked at Cambridge Analytica before quitting in 2014, claimed on NBC’s Today Show Monday morning that the firm was “founded on misappropriated data of at least 50 million Facebook users.”

Wylie added that Cambridge Analytica’s goal was to establish profiling algorithms that would “allow us to explore mental vulnerabilities of people, and then map out ways to inject information into different streams or channels of content online so that people started to see things all over the place that may or may not have been true.”

The data firm initially told British Parliament it did not collect people’s information without their content during a hearing in February, but later admitted in a statement to the New York Times that they did in fact obtain the data, though the company claims to have deleted the information as soon as it found out it violated Facebook’s privacy rules.

Cambridge Analytica issued a number of press releases in the days following the explosive media reports, saying that it “strongly denies the claims” it acted improperly.

“In 2014 we received Facebook data and derivatives of Facebook data from another company, GSR, that we engaged in good faith to legally supply data for research,” the statement reads. “After it subsequently became known that GSR had broken its contract with Cambridge Analytica because it had not adhered to data protection regulation, Cambridge Analytica deleted all the Facebook data and derivatives, in cooperation with Facebook… This Facebook data was not used by Cambridge Analytica as part of the services it provided to the Donald Trump presidential campaign.”

Facebook also issued a statement on its website Monday saying that the claim there was a data breach is “completely false” and Facebook users “gave their consent” when they signed up for certain kinds of apps, like the one Kogan exploited for data collection purposes. The social media juggernaut also maintained that “no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”

Who is the Cambridge Analytica whistleblower?

Christopher Wylie, a former employee of Cambridge Analytica, spoke out about the firm’s practices on the Today Show Monday morning after previously giving an interview to the New York Times. Wylie, who quit the company in 2014, said he believes it’s important for Americans to know what companies are doing with their personal information, as well as whether Cambridge Analytica’s practices influenced the democratic process.

“This was a company [Cambridge Analytica] that really took fake news to the next level by powering it with algorithms,” he said in an interview on the Today Show Monday morning.

Watch @savannahguthrie 's full interview with Cambridge Analytica whistleblower Christopher Wylie pic.twitter.com/NMbHoOkDWA — TODAY (@TODAYshow) March 19, 2018

Wylie also claimed that Cambridge Analytica has been in talks with Russian oil companies and employs a psychologist who works on Russia-funded projects. Any ties between Cambridge and Russia could complicate matters for Facebook, which has spent the past several months grappling with accusations that Moscow used it and other social media networks to meddle in the 2016 U.S. elections.

In a statement, Cambridge Analytica said Wylie left the company to found a rival firm.

“Their source is a former contractor for Cambridge Analytica – not a founder as has been claimed – who left in 2014 and is misrepresenting himself and the company throughout his comments,” the company said.

What is Cambridge Analytica’s connection to Steve Bannon?

Onetime Trump campaign advisor and Former White House Chief Strategist Steve Bannon was previously vice president of Cambridge Analytica’s board, according to the New York Times. Wylie told the Guardian that Bannon was his boss at Cambridge Analytica. Bannon has been involved in propping up right-wing political groups for years, having been the executive chairman and co-founder of Breitbart News, a far right-wing digital publication, until he stepped down from the position in January.

Additionally, Republican megadonor and onetime Breitbart News CEO Robert Mercer , who has funded numerous conservative campaigns at every level of government, invested $15 million in Cambridge Analytica. His daughter, Rebekah Mercer was also a board member of the political data firm. The Mercers originally supported Ted Cruz’ presidential campaign, but became patrons of the Trump campaign after Cruz bowed out of the 2016 presidential race.

The Times reported that through their family foundation the Mercer’s have donated more than $100 million to conservative causes — $10 million of which went to Breitbart News, and another $6 million that went to the Government Accountability Institute, a nonprofit founded by Bannon.

What does Mark Zuckerberg say?

Facebook executives responded to the crisis on Wednesday by issuing statements on the social media platform.

Zuckerberg admitted that Facebook made mistakes and acknowledged that his company failed to responsibly protect the data of customers.

He gave a timeline explaining how the improper data harvesting occurred, and said that in 2014 the company changed its practices to limit the ability of “abusive apps” to collect data from users and their other Facebook friends who did not give consent.

“In 2007, we launched the Facebook Platform with the vision that more apps should be social…To do this, we enabled people to log into apps and share who their friends were and some information about them….In 2013, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends’ data. Given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends’ data.”

Zuckerberg also acknowledged that journalists informed Facebook as early as 2015 that Kogan shared this data with Cambridge Analytica, and said the company subsequently banned Kogan’s apps from the social network because they violated Facebook policies.

“This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that,” he wrote on Facebook.

He also said the company will investigate all apps that had “access to large amount of information” before the 2014 policy changes, and that Facebook plans to further restrict developers’ access to Facebook users’ data moving forward. The company will also make it easier for users to deny permission to third party developers that collect their personal information. As part of this effort, the company plans to move its privacy tool to the top of the News Feed.

Facebook’s Chief Operating Officer Sheryl Sandberg shared Zuckerberg’s post on her own Facebook page , saying she “deeply regrets” that the company did not do more to address the problem. Facebook will also start to ban developers who misuse “personally identifiable information” and alert users when Facebook learns their data has been misused, she wrote.

More Must-Reads From TIME

  • The 100 Most Influential People of 2024
  • Coco Gauff Is Playing for Herself Now
  • Scenes From Pro-Palestinian Encampments Across U.S. Universities
  • 6 Compliments That Land Every Time
  • If You're Dating Right Now , You're Brave: Column
  • The AI That Could Heal a Divided Internet
  • Fallout Is a Brilliant Model for the Future of Video Game Adaptations
  • Want Weekly Recs on What to Watch, Read, and More? Sign Up for Worth Your Time

Contact us at [email protected]

  • International edition
  • Australia edition
  • Europe edition

Facebook chairman and CEO Mark Zuckerberg testifies at a financial services committee hearing in Washington in 2019.

Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement

Dramatic move shows Mark Zuckerberg ‘desperate to avoid being questioned over cover-up’, says Observer journalist who exposed scandal

Facebook has dramatically agreed to settle a lawsuit seeking damages for allowing Cambridge Analytica access to the private data of tens of millions of users, four years after the Observer exposed the scandal that mired the tech giant in repeated controversy.

A court filing reveals that Meta, Facebook’s parent company, has in principle settled for an undisclosed sum a long-running lawsuit that claimed Facebook illegally shared user data with the UK analysis firm.

It follows revelations of mass data misuse made by a Cambridge Analytica whistleblower to the Observer in 2018, an exposé that forced chief executive Mark Zuckerberg to testify before Congress and led to the social media firm receiving a multibillion-pound fine. Days after the story was published, Facebook’s share price fell by the equivalent of more than $100bn.

However, some expressed dismay that the timing of the potential settlement would prevent Zuckerberg and Meta’s outgoing chief operating officer, Sheryl Sandberg, being made to testify during up to six hours of questioning by plaintiffs’ lawyers next month.

Carole Cadwalladr, the Observer journalist whose investigations into Facebook and Cambridge Analytica also helped inspire the Netflix film The Great Hack , said: “It is a measure of how desperate Zuckerberg is to avoid answering questions about Facebook’s cover-up of the Cambridge Analytica data breach that Facebook has settled this case just days away from him being cross-examined under oath for six hours.”

Carole Cadwalladr.

It emerged that Zuckerberg and Sandberg, who recently announced she would be stepping down in the autumn , would face questioning, with the depositions scheduled to take place from 20 September.

The latest developments follow a separate lawsuit last year that claimed Facebook paid $4.9bn more than necessary to the US Federal Trade Commission (FTC) in a settlement over the Cambridge Analytica scandal in order to protect Zuckerberg.

The lawsuit alleged that the size of the $5bn settlement was motivated by a desire to prevent Facebook’s founder from being named in the FTC complaint.

Cadwalladr added: “Facebook has proved that they are prepared to pay almost any sum of money to avoid their executives answering these questions. This settlement comes on top of the $5bn they already paid the FTC.

“The truth will come out one day – but today is not that day.”

In the new court filing, disclosed late on Friday, financial terms or details of the preliminary settlement are not given.

The Observer asked Facebook and its lawyers to share more details of the in-principle settlement but it declined to respond.

However, the filing does ask the judge in the San Francisco federal court to put the class action lawsuit on hold for 60 days until the lawyers for both plaintiffs and Facebook finalise a written settlement.

The four-year-old lawsuit, brought by a group of Facebook users, alleged that Facebook violated consumer privacy laws by sharing personal data of users with other firms such as Cambridge Analytica , which declared itself bankrupt two months after the Observer exposé.

Facebook users sued the company in 2018 after it emerged the British analytics firm connected to former US president Donald Trump’s successful 2016 campaign for the White House gained access to the data of as many as 87 million of the social media network’s subscribers.

It was thought that Meta could have been made to pay hundreds of millions of dollars had it lost the case.

Facebook has previously said its privacy practices are consistent with its disclosures and “do not support any legal claims”.

  • The Observer
  • Social networking
  • Cambridge Analytica
  • Mark Zuckerberg

Most viewed

Facebook and Data Privacy in the Age of Cambridge Analytica

April 30, 2018

Iga Kozlowska

Spray_paint_on_sidewalk_of_Facebook_like_thumbs_up_and_Instagram_logo

In recent weeks, the world has been intently following the Cambridge Analytica revelations: millions of Facebook users’ personal data was used, without their knowledge, to aide the political campaigns of conservative candidates in the 2016 election, including Donald Trump. While not exactly a data breach, from the public response to this incident, it is clear that the vast majority of Facebook users did not knowingly consent to have their personal information used in this way.

What is certain is that Facebook, the world’s largest social network platform, serving over two billion customers globally, is facing public scrutiny like never before. With data breaches, ransomware attacks, and identity theft a regular occurrence in this digitally driven economy, this event is different. For the first time, we see the mishandling of social data for political purposes on a mass scale. [1] It remains to be seen whether this will be a watershed moment for rethinking how we use personal data in the modern age. It is also unclear whether this experience will change companies’ and consumers’ privacy practices forever. For now, however, Facebook users and investors, American and foreign governments, and numerous regulatory bodies are paying attention.

Cambridge Analytica and Facebook

In 2013, University of Cambridge psychology professor Dr. Aleksandr Kogan created an application called “thisisyourdigitallife.” This app, offered on Facebook, provided users with a personality quiz. After a Facebook user downloads the app, it would start collecting that person’s personal information such as profile information and Facebook activity (e.g., what content was “liked”). Around 300,000 people downloaded the app. But the data collection didn’t stop there. Because the app also collected information about those users’ friends, who had their privacy settings set to allow it, the app collected data from about 87 million people. [2]

Next, Dr. Kogan passed this data on to Strategic Communication Laboratories (SCL), which owns Cambridge Analytica (CA), a political consulting firm that uses data to determine voter personality traits and behavior. [3] It then uses this data to help conservative campaigns target online advertisements and messaging. It is precisely at this point of data transfer from Dr. Kogan to other third parties like CA that Dr. Kogan violated Facebook’s terms of service, which prohibit the transfer or sale of data “to any ad network, data broker or other advertising or monetization-related service.” [4]

When Facebook learned about this in 2015, it removed Kogan’s app and demanded certifications from Kogan, and CA that they had deleted the data. Kogan and CA all certified to Facebook that they destroyed the data. However, copies of the data remained beyond Facebook’s control. While Alexander Nix, the CEO of CA, has told lawmakers that the company does not have Facebook data, “a former employee said that he had recently seen hundreds of gigabytes on CA servers, and that the files were not encrypted” reports the New York Times. [5]

In 2015, Facebook did not make any public statements regarding the incident, nor did it inform those users whose data was shared with CA. [6] Neither did Facebook report the incident to Federal Trade Commission, the US agency that oversees privacy-related issues. As Mark Zuckerberg, Facebook CEO, said during his two-day Congressional hearing on April 9 and April 10, 2018, once they received CA’s attestation that the data has been deleted and is no longer being used, Facebook considered the “case closed.” [7]

With the breaking of the story on March 17, 2018 in The Guardian [8] and the New York Times [9] , Facebook was made aware that the data in fact have not been purged to this day. The fallout from this incident has been unprecedented. Facebook is facing numerous lawsuits, US, UK, and EU governmental inquiries, a #DeleteFacebook boycott campaign, and a sharp drop in share price that’s erased nearly $50 billion of the company’s market capitalization in a mere three days of the news breaking [10] .

This is not the first time, however, that Facebook, has faced issues related to its data collection and processing. [11] And, it is not the first time that it has faced regulatory scrutiny. For example, in 2011, the FTC settled a 20-year consent decree with Facebook, having found that Facebook routinely deceived its users by sharing personal data with third parties that users thought was private. [12] It is only now that Facebook’s irresponsible behavior is receiving widespread public scrutiny. Whereas warnings from privacy and security professionals to date have been large falling on deaf ears; why has this event capturing the attention of consumers, companies, and governments the world over?

We have seen international data breach cases at this scale before. Indeed, data breaches, identify theft, ransomware, and other cybersecurity attacks have become ubiquitous in a digital global economy that runs on data. [13] In the last five years, we have witnessed the 2013 Snowden revelations of mass global government surveillance and the 2014 North Korean attack on Sony, a US corporation. [14] The average consumer has been hit hard as well. The 2013 Target data breach resulted in 40 million compromised payment cards. [15] The 2016 Yahoo attack compromised 500 million accounts [16] and the 2017 Equifax hack compromised 143 million. [17] It doesn’t help that, at the same time as the Cambridge Analytica incident, Facebook discovered a vulnerability in its search and account recovery features that may have allowed bad actors to harvest the public profile information of most of its two billion users . [18] It seems that the public feels that enough is enough.

Beyond the scale of the event, the Cambridge Analytica incident involves arguably the most serious misuse and mishandling of consumer data we’ve yet seen. The purpose for which the data was illegally harvested is new and it hits a nerve with an American society that is already politically divided and where political emotions run high. Funded by Robert Mercer, a prominent Republican donor, and Stephen Bannon, Trump’s former political adviser, CA was using the data for explicit political purposes – to help conservative campaigns in the 2016 election, including Donald Trump’s campaign. [19] Neither the 3000,000 Facebook users who downloaded the app nor their 87 million friends anticipated that their personal data could be used for these political purposes. It’s one thing if customer data is used to serve bothersome ads, or a hacker steals credit card information for economic gain, but it’s another if the world’s largest social network was taken advantage of to help elect the president of the United States. So what exactly is Facebook’s accountability in all this?

From Data Breach to Breach of Trust

Was this incident a data breach? Facebook first responded on March 17, 2018 in a Facebook post by Paul Grewal, VP & Deputy General Counsel, who wrote that, “The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.” [20] That same day, Alex Stamos, Facebook’s Chief Security Officer, tweeted (and later deleted the tweet) that, “Kogan did not break into any systems, bypass any technical controls, our use a flaw in our software to gather more data than allowed. He did, however, misuse that data after he gathered it, but that does not retroactively make it a ‘breach.'” [21]

This is true. According to the International Organization for Standardization and the International Electrotechnical Commission – two bodies that govern global security best practices – the definition of data breach is as follows: “a compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected data transmitted, stored or otherwise processed.” [22] Because Facebook’s systems were not penetrated and the data was mishandled by a third-party in explicit violation of Facebook’s terms of service, the incident does not qualify as a data breach as understood by the global cybersecurity community. But what about everyone else?

Facebook quickly understood, however, that to millions of users whose data was mishandled, this incident felt like a data breach. [23] Despite the fact that technically all 87 million Facebook users consented to Kogan’s app collecting their personal data by not changing their privacy settings accordingly, the public outcry reveals that they do not feel that they authorized the app to access their data, let alone share it with a third party like CA. Facebook’s defense that it does provide users with controls to determine what types of data they want to share with which apps and what can be shared with apps that their friends use felt empty to customers who are largely unaware of these controls because Facebook does not make it easy to access them. Moreover, Facebook’s privacy settings are by default not set for privacy. This is, at least in part, because, as was made clear in the Congressional hearings this month, Facebook’s business model relies on app developers’ access to their users’ data for targeted advertising, which makes up over 90% of Facebook’s revenue. In other words, Facebook’s business model conflicts with privacy-friendly policies. [24]

Quickly recognizing this, Facebook pivoted, took some responsibility, and rather than argue the fine points of data breach definitions, apologized for what was experienced by customers as a breach of trust. Only five days after the story broke, Zuckerberg wrote in a Facebook post, “This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.” [25] That week Facebook took out full-page ads in nine major US and international newspapers with the message: “This was a breach of trust and I’m sorry we didn’t do more at the time. I promise to do better for you.” [26] Recognizing the complex digital ecosystem Zuckerberg said in his opening remarks at the Congressional hearing that, “We didn’t take a broad enough view of what our responsibility is. That was a huge mistake, and it was my mistake.” [27]

This “apology tour,” as Senator Blumenthal dubbed it, will be meaningless without concrete policy changes. [28] Facebook has already instituted some changes. For example, they have tightened some of the APIs that allow apps to harvest data like information about which events a user hosts or attends, the groups to which they belong, and page posts and comments. Apps that have not been used in more than three months will no longer be able to collect user data. [29] In addition, Facebook will now be authorizing those who want to place political or issues ads on Facebook’s platform by validating their identity and location. [30] These ads will be marked as ads and will show who has paid for them. In addition, in June, Facebook plans to launch a public and searchable political ads archive. [31] Finally, Facebook has started a partnership with scholars who will work out a new model for academics to gain access to social media data for research purposes. The plan is to “form a commission which, as a trusted third party, receives access to all relevant firm information and systems, and then recruits independent academics to do research in specific areas following standard peer review protocols organized and funded by nonprofit foundations.” [32] This should not only allow scholars greater access to social data but also safeguard against its misuse, as in the case of Dr. Kogan, by clearly distinguishing between data use for scholarly research and data use for advertising and other secondary purposes.

It remains to be seen just how extensive and impactful Facebook’s policy changes will be. Zuckerberg’s performance at the Congressional hearings was reported positively by the media and Facebook’s stock price regained much of the value it lost since the Cambridge Analytica story broke. However, this is in part because the Senators did not ask specific and pointed questions on what compliance policies Facebook will actually implement. [33] For example, the conversation around the balance between short privacy notices that are reader-friendly and longer and more comprehensive notices written in “legalese” resulted in Zuckerberg signaling that he knows that this debate among privacy professionals exists but did not lead to a commitment by Facebook to make their privacy policies more transparent. [34]

When Zuckerberg did mention specific policy changes, not all of them were new changes responding to this incident. For example, Zuckerberg announced Facebook’s application of the European General Data Protection Regulation (GDPR) to all Facebook customers, not just Europeans, as a heroic move of self-regulation. [35] However, it should not have taken Facebook this long to announce this position. Limiting the GDPR to EU citizens only, is not only shortsighted as the GDPR becomes de facto global privacy standard, but also unfair to non-EU citizens who would enjoy less privacy protections. In other words, while the Congressional hearing and Facebook’s initial policy changes are a good start, this should only be the beginning of Facebook’s journey toward improved transparency and data protection.

Lessons Learned

What are the lessons learned from the Cambridge Analytica incident for consumers, for companies, and for governments?

Consumers must recognize that their data has value. Consumers should educate themselves on how companies, especially ones that offer free service like Facebook and Google, use their personal data to drive their businesses. Consumers should read privacy notices and take advantage of the in-product user controls that most tech companies offer. Consumers should take advantage of their rights to request that a company let them view, edit, and delete their personal data because after all, consumers own their data, not companies. When companies engage in fraudulent or deceitful data handling practices, consumers should file complaints with the FTC or other appropriate regulatory bodies. Finally, consumers should advocate for more transparency and controls from companies and demand that their elected officials do more to protect privacy.

Companies that electronically process personal data – which is now practically every company in the world – must learn to better balance privacy risks with privacy controls. The riskier the data use, the more user controls are required. The more sensitive the data, the more protections should be put in place. Controls can include explicit consent, reader-friendly and prominent privacy notices, and privacy-friendly default settings. Company leaders should do more than just follow the letter of the law by putting themselves in their customers’ shoes. How do customers expect their data to be used when they hand it over? Is consent given? And is it truly freely given, specific, informed, and unambiguous? Moreover, as Facebook learned the hard way, there will always be bad actors. When sharing data with third parties, companies would do well to go the extra mile and ensure that those companies are meeting the company’s privacy requirements by investing in independent audits. When receiving data from third parties, companies should confirm that that data was collected in compliant manner, not by taking their vendors’ word for it, but again, by conducting period audits.

And finally, governments, in this digitally connected global marketplace, must reform outdated legislation so that it addresses the modern complexities of international data usage and transfers. The European Union, for example, is setting a global example, through the General Data Protection Regulation that comes into effect May 25, 2018. Seven years in the making, this is a comprehensive piece of legislation that (1) expands data subjects’ rights (2) enforces 72-hour data breach notifications (3) expands accountability measures and (4) improves enforcement capabilities through levying fines of up to 4% of global revenue. Although applicable only to European residents and citizens, most multi-national tech companies like Facebook, Google, and Microsoft are implementing these standards for all of their customers. However, it is high-time, that the US Congress find the political will to pass similar privacy protections for US consumers so that everyone can take advantage of the opportunities that come with the 21 st century digital economy.

[1] For an account of Facebook’s role in undermining democracy see: Vaidhyanathan, Siva. 2018. Antisocial Media : How Facebook Disconnects Us And Undermines Democracy . Oxford University Press. See also Heilbing, Dirk et al . 2017. “Will Democracy Survive Big Data and Artificial Intelligence?” Scientific American . https://www.scientificamerican.com/article/will-democracy-survive-big-data-and-artificial-intelligence/ Accessed 4/22/2018.

[2] Kang, Cecilia and Sheera Frenkel. “Facebook Says Cambridge Analytica Harvested Data of Up to 87 Million Users.” The New York Times . April 4, 2018. https://www.nytimes.com/2018/04/04/technology/mark-zuckerberg-testify-congress.html Accessed 4/26/18.

[3] Rosenberg, Matthew et al . “How Trump Consultants Exploited the Facebook Data of Millions.” The New York Times . March 17, 2018. https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html Accessed 4/26/18.

[4] Granville, Kevin. “Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens.” The New York Times . March 19, 2018. https://www.nytimes.com/2018/03/19/technology/facebook-cambridge-analytica-explained.html Accessed 4/15/18.

[5] Rosenberg, 2018.

[6] Rosenberg, 2018.

[7] “Facebook CEO Mark Zuckerberg Hearing on Data Privacy and Protection.” C-SPAN. April 10, 2018. https://www.c-span.org/video/?443543-1/facebook-ceo-mark-zuckerberg-testifies-data-protection%20Accessed%204/15/18 Accessed 4/26/18.

[8] Cadwalladr, Carole and Emma Graham-Harrison. “Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach.” The Guardian . March 17, 2018. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election Accessed 4/26/18.

[9] Rosenberg, 2018.

[10]  Mola, Rani. “Facebook has lost nearly $50 billion in market cap since the data scandal.” Recode. March 20, 2018. https://www.recode.net/2018/3/20/17144130/facebook-stock-wall-street-billion-market-cap Accessed 4/26/18

[11] For one of the earliest analyses of Facebook’s privacy policies see Jones, Harvey and Jose Hiram Soltren. 2005. Facebook: Threats to Privacy . http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall05-papers/facebook.pdf Accessed 4/22/18. See also Fuchs, Christian. 2014. “Facebook: A Surveillance Threat to Privacy?” in Social Media: A Critical Introduction . London: Sage.

[12] “FTC Approves Final Settlement With Facebook.” Federal Trade Commission. August, 10, 2012. https://www.ftc.gov/news-events/press-releases/2012/08/ftc-approves-final-settlement-facebook Accessed 4/15/18.

[13] For more on security and privacy see Schneier, Bruce. 2016. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World . New York. W. W. Norton & Company.

[14] “The Interview: A guide to the cyber attack on Hollywood.” BBC. December 29, 2014. http://www.bbc.com/news/entertainment-arts-30512032 Accessed 4/27/18.

[15] “Target cyberattack by overseas hackers may have compromised up to 40 million cards.” The Washington Post . December 20, 2013. https://www.washingtonpost.com/business/economy/target-cyberattack-by-overseas-hackers-may-have-compromised-up-to-40-million-cards/2013/12/20/2c2943cc-69b5-11e3-a0b9-249bbb34602c_story.html?noredirect=on&utm_term=.2d3d9c763c06 Accessed 4/27/18.

[16] Fiegerman, Seth. “Yahoo says 500 million accounts stolen.” CNN. September 23, 2016.   http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/index.html Accessed 4/27/18.

[17] Siegel Bernard, Tara et al . “Equifax Says Cyberattack May Have Affected 143 Million Users in the U.S.” The New York Times. September 7, 2017. https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html Accessed 4/27/18.

[18] Kang and Frenkel, 2018.

[19] Rosenberg, 2018.

[20] Grewal, Paul. “Suspending Cambridge Analytica and SCL Group from Facebook.” March 16, 2018. Facebook Newsroom. https://newsroom.fb.com/news/2018/03/suspending-cambridge-analytica/ Accessed 4/15/18.

[21] Wagner, Kurt. “How Did Facebook Let Cambridge Analytica Get 50M Users’ Data?” Newsfactor. March 21, 2018. https://newsfactor.com/story.xhtml?story_id=113000078MBA Accessed 4/15/18.

[22] ISO/IEC 27040: 2015. International Organization for Standardization. https://www.iso.org/obp/ui/#iso:std:iso-iec:27040:ed-1:v1:en Accessed 4/12/18.

[23] On the ethics of social media data collection see Richterich, Annika. 2018. The Big Data Agenda: Data Ethics and Critical Data Studies (Critical Digital and Social Media Studies Series). University of Westminster Press.

[24] “Facebook CEO Mark Zuckerberg Hearing on Data Privacy and Protection.” C-SPAN. April 10, 2018. https://www.c-span.org/video/?443543-1/facebook-ceo-mark-zuckerberg-testifies-data-protection%20Accessed%204/15/18 Accessed 4/26/18.

[25] Zuckerberg, Mark. Facebook Post. March 21, 2018. https://www.facebook.com/zuck/posts/10104712037900071 Accessed 4/15/18.

[26] “Facebook Apologizes for Cambridge Analytica Scandal in Newspaper Ads.” March 25, 2018. TIME . time.com/5214935/facebook-cambridge-analytica-apology-ads/ Accessed 4/15/18.

[27] “Facebook CEO Mark Zuckerberg Hearing on Data Privacy and Protection.” C-SPAN. April 10, 2018.  https://www.c-span.org/video/?443543-1/facebook-ceo-mark-zuckerberg-testifies-data-protection Accessed 4/15/18 .

[28] Dennis, Steven T. and Sarah Frier. “Zuckerberg Defends Facebook’s Value While Senators Question Apology.” Bloomberg. April 10, 2018. https://www.bloomberg.com/news/articles/2018-04-10/facebook-s-zuckerberg-warned-by-senators-of-privacy-nightmare Accessed 4/27/18 .

[29] Schroepfer, Mike. “An Update on Our Plans to Restrict Data Access on Facebook.” Facebook Newsroom. April 4, 2018. https://newsroom.fb.com/news/2018/04/restricting-data-access/ Accessed 4/22/2018.

[30] For a broader discussion of social media and political advertising see Napoli, Philip M. and Caplan, Robyn. 2016. “When Media Companies Insist They’re Not Media Companies and Why It Matters for Communications Policy” https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2750148 Accessed 4/22/18.

[31] Goldman, Rob and Alex Himel. “Making Ads and Pages More Transparent.” Facebook Newsroom. April 6, 2018. https://newsroom.fb.com/news/2018/04/transparent-ads-and-pages/ Accessed 4/22/2018.

[32] King, Gary and Nathaniel Persily. Working Paper. “A New Model for Industry-Academic Partnerships.” April 9, 2018. https://gking.harvard.edu/partnerships Accessed 4/22/2018.

[33] Member of the House of Representatives took a more aggressive line of questioning with Mark Zuckerberg. For example, Representative Joe Kennedy III poked holes in Facebook’s persistent claim that Facebook users “own” their data by pointing to the massive amount of metadata that Facebook generates (beyond what the user directly generates) and then sells to advertisers. See Madrigal, Alexis C. “The Most Important Exchange of the Zuckerberg Hearing.” The Atlantic . April 11, 2018. https://www.theatlantic.com/technology/archive/2018/04/the-most-important-exchange-of-the-zuckerberg-hearing/557795/ Accessed 4/27/18.

[34] For the evolution of Facebook’s privacy policy see Shore, Jennifer and Jill Steinman. 2015. “Did You Really Agree to That? The Evolution of Facebook’s Privacy Policy” Technology Science. https://techscience.org/a/2015081102/ Accessed 4/22/18. For a broader conversation around privacy and human behavior see Acquisti, Alessandro. 2015. “Privacy and Human Behavior in the Age of Information” Science . Vol. 347. Pp. 509-514.

[35] For more on European privacy law see Voss, W. Gregory. 2017. “European Union Data Privacy Law Reform: General Data Protection Regulation, Privacy Shield, and the Right to Delisting” Business Lawyer , Vol. 72. Pp. 221-233.

This publication was made possible in part by a grant from Carnegie Corporation of New York. The statements made and views expressed are solely the responsibility of the author.

About the Author

Dr. Iga Kozlowska is a sociologist and a privacy professional currently working in the technology industry. Iga's expertise in international technology issues is grounded in the unique perspective of a scholar and practitioner. Fascinated by the global digital economy and information governance, Iga is also interested in cybersecurity and is an Associate of the International Information System Security Certification Consortium, the world's leading cybersecurity and IT security professional organization. Iga completed her PhD in sociology at Northwestern University in 2017. Her dissertation research focused on the transnational diffusion of historical memories as it has impacted European integration since 2000. Iga received the US Fulbright Award (Poland 2015-2016) in recognition of the contributions of her research to the burgeoning field of transnationalism studies and to policymakers interested in fostering international cooperation and mutual understanding. Her prior research at the intersections of public policy and nationalism has been published in Nations and Nationalism.

  • Center for Global Studies
  • Cybersecurity
  • Disinformation
  • International Policy Institute
  • Social media
  • North America
  • Research Themes
  • Technology, Security, and Diplomacy

Related Articles

Twitter black and white

JSIS Cybersecurity Report: How Should the Tech Industry Address Terrorist Use of Its Products?

facebook cambridge analytica case study

Contextualizing the iPhone Encryption Debate

Row_of_Ukrainian_flags

Countering Disinformation: Russia’s Infowar in Ukraine

Latest news.

  • Task Force Student Q&A: Jennifer Swisher
  • Reşat Kasaba receives award for contributions to Turkish scholarship
  • Modern Abortion Around the World panel
  • Job Opportunity: Centralized Services Associate Director

Related Centers

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

  • We're Hiring!
  • Help Center

paper cover thumbnail

Framework for Transparency: A case study of Cambridge Analytica and Facebook

Profile image of Atandra Ray

If there is one singular take away from analysing the Facebook-Cambridge Analytica data scandal is that these sorts of technologies can make a huge difference and will continue to do so for many years to come. It’s incorrect to call Cambridge Analytica a pure data science-oriented algorithm company rather than a full-blown propaganda machine that benefits in winning polls and influencing people. Every time we click a certain advertisement or a pop-up on Facebook whether it’s a game or a quiz, we unknowingly give away a major chunk of our data through the means of cookies which has complete access to various segments of our proprietary data. To the genesis of democracy, it is perhaps really challenging that the idea of a company conducting large scale analysis of a population triggers that people have in terms of what’s going to move them from one state to another state, that in itself feels a violation of an individual’s sense of democracy and autonomy. In recent times the value of data has transcended that of oil. The primary cause of concern over here is the fact that internet companies’ control of data gives them enormous power. The idea of a data centre where all of the information is stored in general seems to 1 stretch to infinity. With the rise of cognitive services, commonly known as artificial intelligence however in recent years assessing someone’s personality by sifting through their writings—all of which can be sold to other firms to use in their own products seems to be a real possibility. 2 The objective of this paper is to understand the importance of the lack of transparency by big data firms, and primarily explore Facebook’s relationship with Cambridge Analytica. And how there were sweeping changes that were brought forth by this particular partnership in the democratic world of elections. The two case studies that this paper will outline belongs to those of the United States of America and the United Kingdom respectively. To be more specific the 2016 US Presidential Elections and the Brexit referendum

Related Papers

Sachin Nikarge

facebook cambridge analytica case study

Mikołaj Solik

The article seeks to explore the innovative forms of application of data retrieved from social media in political and social contexts. Digital use of online communications creates large amounts of traceable data – the so called ‘big data’ – which is selected and categorised by algorithmic programmes. Such tech-solutions seem to raise new ethical dilemmas, as online data can be used in profiling of internet users and their indetities. The essay is concerned with how algorithmes on social media shift the pluralistic democratic debates and possible political deliberations towards self-fulfilling prohpecy of echo-chambers. Moreover, the second part of the paper explores the ongoing investigation into manipulatitive usage of big data in swinging the results of last US presidential elections and the Brexit referendum in favour of politically engaged tech companies and their affluent plutocrats. As the latter is based on an ongoing debate sparked by British invesitgative jounralists, the case is likely to unfold. In light of this process, it is not my intent to present this issue from the academic perspective but rather as a pertinent illustration of how technology may intefere with fundamental institutions of modern democracies, such as the electoral cycles and election procedures. Therefore, the paper analyses how social media, once hailed to be the equalising force of democratic pluralism and freedom of expression, solidify the power of already established elites and perform the role of arbitrary gate-keepers.

simone pitto

Jennifer Pybus

This chapter considers how advertising platforms like Facebook or companies like Cambridge Analytica leveraged vast amounts of data to produce granulated, psychographic profiles that matched American voters with targeted political messages in the recent Trump elections. In so doing, it examines the relationship between current political practices and the technological changes that have rapidly transformed advertising and marketing industries. It goes on to discuss how processes of datafication should no longer be uniquely understood as economic but also as political to garner influence, raising important questions around the myriad ways in which political parties are now using algorithmic processes to reach potential voters. The chapter concludes by considering the relevance of datafied tactics of persuasion or ‘nudge politics’, given the small margins and means by which Trump won.

Public Anthropologist

Vito Laterza

I first provide some context about Cambridge Analytica’s (CA) activities, linking them to CA parent company, SCL Group, which specialised in “public relations” campaigns around the world across multiple sectors (from politics to defence and development), with the explicit aim of behavioural change. I then analyse in more detail the claims made by mathematician and machine learning scholar David Sumpter, who dismisses the possibility that CA might have successfully deployed internet psychographics (e.g. online personality profiling) in the winning 2016 Trump presidential campaign in the US. I critique his arguments, pointing at the need to focus on the bigger picture and on the totality of CA methods, rather than analysing psychographics in isolation. This is followed by a section where I use CA whistleblower Christopher Wylie’s 2019 memoir to show the important role that in-depth qualitative research and methods akin ethnographic immersion might have played in building CA big data capabilities. I provide an angle on big data that sees it as complementary, rather than in opposition to, human insight that comes from qualitative immersion in the social realities targeted by CA. The concluding section discusses additional questions that should be explored to gain a deeper understanding of how big data is changing political campaigning, with an emphasis on the important contribution that anthropology can make to these crucial debates.

Philosophy & Social Criticism

Anna-Verena Nosthoff , Felix Maschewski

From a socio-theoretical and media-theoretical perspective, this article analyses exemplary practices and structural characteristics of contemporary digital political campaigning to illustrate a transformation of the public sphere through the platform economy. The article first examines Cambridge Analytica and reconstructs its operational procedure, which, far from involving exceptionally new digital campaign practices, turns out to be quite standard. It then evaluates the role of Facebook as an enabling 'affective infrastructure', technologically orchestrating processes of political opinion-formation. Of special concern are various tactics of 'feedback propaganda' and algorithmic-based user engagement that reflect, at a more theoretical level, the merging of surveillance-capitalist commercialization with a cybernetic logic of communication. The article proposes that this techno-economic dynamic reflects a continuation of the structural transformation of the public sphere. What Jürgen Habermas had analysed in terms of an economic fabrication of the public sphere in the 1960s is now advancing in a more radical form, and on a more programmatic basis, through the algorithmic architecture of social media. As the authors argue, this process will eventually lead to a new form of 'infrastructural power'.

Fifth international conference on Cultural Attitudes …

Wolter Pieters

Democratic Situations

David Moats

James Arvanitakis

We can confidently say we are living in the age of the algorithm. Some of the most influential organisations of our day use secret algorithms that steer us towards what we should read and watch, recommend restaurants and holiday destinations, as well as provide relationship guidance. But what about how we vote? The innovation of algorithms means even our political leanings are being analysed and potentially also manipulated.

Quaderns del CAC

Sara Suárez-Gonzalo

The newspapers Observer and The New York Times have revealed an alleged massive-scale scandal of data corruption involving Facebook and Cambridge Analytica that could have benefited the electoral victory of Donald Trump. This paper explains that the Cambridge Analytica case is the probable consequence of a given scientific-technological structure, a business model and a legal framework that make it possible and necessary. Cite this text: Suárez-Gonzalo, S. (2018). 'Your likes, your vote? Big personal data exploitation and media manipulation in the US presidential election campaign of Donald Trump in 2016', Quaderns del CAC, XXI(44): 25-33. Available from: https://www.cac.cat/sites/default/files/2019-01/Q44_Suarez_EN_1.pdf.

RELATED PAPERS

Meilisa Dewi Putri,S.kom

Apresentações Trabalhos Científicos

Angela Rolla

Yolima Lezcano Pajón

International Journal of Immunopharmacology

Gilles Alberici

The Astrophysical Journal

Doug Roberts

Joice Melo Vieira

Unpopular Culture

Dietmar Meinel

Journal of Clinical Investigation

Mark Brantly

Simon Clematide

Nuclear Medicine and Biology

Giuseppina Ortu

Cortland Eble

Eurasian Geography and Economics

Steffi Marung

Fatıma Zehra Öğütcü , Mahmut Yazici

Spinal Cord

Alejandro González-Ojeda

Vincent Tukei

Tomáš Hoření Samec

Sustainability

nitin sharma

ACS Medicinal Chemistry Letters

John Giraldes

Springer eBooks

Sebastian Widz

Mağallaẗ ʿulūm Zawī Al-Īḥtīyāgāt Al-H̲āṣah (Print)

محمد طارق احمد شوقي

Proceedings of the World Conference on Media and Mass Communication

Lakhdar Chadli

RELATED TOPICS

  •   We're Hiring!
  •   Help Center
  • Find new research papers in:
  • Health Sciences
  • Earth Sciences
  • Cognitive Science
  • Mathematics
  • Computer Science
  • Academia ©2024

The Case Centre logo

Award winner: Facebook-Cambridge Analytica Data Scandal

facebook cambridge analytica case study

This case won the Ethics and Social Responsibility  category at The Case Centre Awards and Competitions 2024 . #CaseAwards2024

Author perspective

Instructor viewpoint, who – the protagonist.

Mark Zuckerberg, founder and CEO of social networking giant Facebook.

This case follows the public anger that erupted when news broke in March 2018 that the personal information of 87 million Facebook users had been accessed inappropriately by a British consulting firm, Cambridge Analytica, to create targeted political advertising during the election campaign of US president, Donald Trump.  

The scandal was the latest in a long line of data related incidents and public trust in Facebook and CEO Zuckerberg was at an all-time low. The #DeleteFacebook movement was sweeping the internet and the company’s share value declined sharply, falling 17% in two days which amounted to approximately US$90 billion in market value. The company was also facing multiple lawsuits filed against it by users and shareholders and much criticism among analysts that it could have acted sooner and more pro-actively in protecting users’ privacy. 

Facebook, now known as Meta , is headquartered in California, United States but has users across the world.

The case is set in the wake of the Cambridge Analytica scandal in March 2018, and follows the history of Facebook from its inception in 2004 to becoming one of the world’s most popular social networking sites.

Mark Zuckerberg

Facebook needed to regain the trust of its users and redeem its reputation going forward. Although Zuckerberg apologised for the ‘major breach of trust’ the question remained, was that enough to reassure users and shareholders?

AUTHOR PERSPECTIVE 

This is the third award win for Syeda, who has previously won Outstanding Case Writer in 2019 and the Knowledge, Information and Communication Systems Management award in 2021, and the first win for Geeta. ICFAI Business School have now won 19 awards and this is the second time they have won the Ethics and Social Responsibility.

Winning the award

Geeta and Syeda said: “It is always an honour to win a prestigious award from The Case Centre!  We are glad that our case was adopted by many business schools worldwide. The impact of the Ethics and Social Responsibility category is far-reaching as it shapes the values, decision-making abilities, and leadership qualities of future business professionals.”

Case popularity

They explained: “The case deals with the highly topical issue of customer data privacy and protection and ethical business practices. Broadly, it allows instructors to bring ethical issues related to data breaches to the classroom and prepares students to speak up when confronted with such dilemmas. 

“We think this case has been so popular because it stimulates rich classroom discussions, triggers students’ analytical and problem-solving capabilities, and makes them apply their theoretical expertise in practice by presenting a real public relations crisis scenario.” 

trust crack

Writing the case

Geeta and Syeda reflected: “One of the challenges was describing how the scandal was perpetrated without becoming too biased towards any entity. Writing this case required meticulous planning where we had to keep an open mind, conduct thorough research and present the ethical issues arising out of the data breach scandal clearly.” 

Case writing advice

They commented: “To begin with, a case has to have a hook, an overriding managerial issue or decision that requires immediate attention. It should create a strong and interesting learning experience for students by including contentious issues and multiple perspectives. This can be challenging as the writer needs to explore various theoretical sources and integrate his/her ideas well.  

“End the case with a decision-making scenario where students could use their analytical skills to conclude their recommendations.”

Teaching the case

Geeta and Syeda reflected: “The case works well in the classroom as it explores the causes of organisational misconduct, ethical business practices and cyber security issues. The case resonates well with students as Facebook is the most popular social media platform worldwide. 

“We observed great interest among students to learn and explore the ethical issues arising out of the data breach scandal.” 

They added: “If you are looking for a follow-up case on data breaches, check out the Data Security Breach at Virgin Media case which helps students understand the importance of information security systems in organisations and the issues arising out of a data security breach.”

INSTRUCTOR VIEWPOINT 

Discover how this case works in the classroom.

martin butler

The authors

Geeta Singh

The protagonist

Educators can login to view a free educator preview copy of this case.

View all the 2024 winners

Don't miss a thing - join our case community today.

Benefits include: lower prices for teaching materials, a 50% discount on Learning with Cases: An Interactive Study Guide , royalties on case sales, free attendance at the annual Members' Case Forum, discounted case workshop places and much more!

Picture representing 'Become a member organisation'

Discover more

facebook cambridge analytica case study

  • Study Guides
  • Homework Questions

CASE STUDY (ANALYSIS + CRITICAL ESSAY)

IMAGES

  1. Cambridge Analytica, Facebook y la privacidad de los usuarios

    facebook cambridge analytica case study

  2. The Facebook and Cambridge Analytica scandal, explained with a simple

    facebook cambridge analytica case study

  3. Case Study on Cambridge Analytica embezzling on Facebook users data

    facebook cambridge analytica case study

  4. Facebook's Cambridge Analytica data scandal explained

    facebook cambridge analytica case study

  5. The Facebook/Cambridge Analytica Data Scandal, Visually Explained

    facebook cambridge analytica case study

  6. The Facebook/Cambridge Analytica Data Scandal, Visually Explained

    facebook cambridge analytica case study

COMMENTS

  1. Facebook-Cambridge Analytica data scandal

    The Facebook-Cambridge Analytica data scandal also received media coverage in the form of a 2019 Netflix documentary, The Great Hack. ... In August 2022, Facebook agreed to settle a lawsuit seeking damages in the case for an undisclosed sum. In December 2022, Meta Platforms agreed to pay $725 million to settle a private class-action lawsuit ...

  2. The Cambridge Analytica scandal changed the world

    On 19 March 2018, Facebook said it was pursuing a forensic audit of Cambridge Analytica and other parties involved in the data misuse, but it stood down after the UK's Information Commissioner ...

  3. The Facebook and Cambridge Analytica scandal, explained with a ...

    Part of The Cambridge Analytica Facebook scandal. Cambridge Analytica, the political consulting firm that did work for the Trump campaign and harvested raw data from up to 87 million Facebook ...

  4. Facebook parent Meta agrees to pay $725 million to settle privacy

    Marcio Jose Sanchez/AP. Facebook parent company Meta has agreed to pay $725 million to settle a class-action lawsuit claiming it improperly shared users' information with Cambridge Analytica, a ...

  5. Cambridge Analytica and Facebook: The Scandal and the Fallout So Far

    New Trump adviser, old Cambridge connection. As Facebook reeled, The Times delved into the relationship between Cambridge Analytica and John Bolton, the conservative hawk named national security ...

  6. Cambridge Analytica's black box

    The Cambridge Analytica-Facebook scandal led to widespread concern over the methods deployed by Cambridge Analytica to target voters through psychographic profiling algorithms, built upon Facebook user data. The scandal ultimately led to a record-breaking $5 billion penalty imposed upon Facebook by the Federal Trade Commission (FTC) in July 2019.

  7. Facebook, Cambridge Analytica scandal: Everything you need to know

    Alongside social media giant Facebook, Cambridge Analytica is at the center of an ongoing dispute over the alleged harvesting and use of personal data. Both companies deny any wrongdoing. Britain ...

  8. Facebook and Cambridge Analytica: What You Need to Know as Fallout

    Cambridge Analytica, a political data firm hired by President Trump's 2016 election campaign, gained access to private information on more than 50 million Facebook users. The firm offered tools ...

  9. What to Know About Facebook's Cambridge Analytica Problem

    Cambridge Analytica is a political analysis firm that claims to build psychological profiles of voters to help its clients win elections. The company is accused of buying millions of Americans ...

  10. Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour

    Facebook has dramatically agreed to settle a lawsuit seeking damages for allowing Cambridge Analytica access to the private data of tens of millions of users, four years after the Observer exposed ...

  11. How Cambridge Analytica Exploited the Facebook Data of Millions

    Tens of millions of American Facebook users had their data harvested by Cambridge Analytica and a British-based researcher. Here's how it happened. More from...

  12. Facebook and Data Privacy in the Age of Cambridge Analytica

    This should not only allow scholars greater access to social data but also safeguard against its misuse, as in the case of Dr. Kogan, ... Kang, Cecilia and Sheera Frenkel. "Facebook Says Cambridge Analytica Harvested Data of Up to 87 Million Users." The New York Times. April 4, 2018.

  13. (PDF) Framework for Transparency: A case study of Cambridge Analytica

    This paper explains that the Cambridge Analytica case is the probable consequence of a given scientific-technological structure, a business model and a legal framework that make it possible and necessary. ... Framework for Transparency: A case study of Cambridge Analytica and Facebook 10th June, 2020 Word count: 3100 Atandra Ray (99831698 ...

  14. Award winner: Facebook-Cambridge Analytica Data Scandal

    Facebook-Cambridge Analytica Data Scandal won the Ethics and Social Responsibility category at The Case Centre Awards and Competitions 2024. ... a 50% discount on Learning with Cases: An Interactive Study Guide, royalties on case sales, free attendance at the annual Members' Case Forum, discounted case workshop places and much more! Find out ...

  15. (PDF) Case on Cambridge Analytics vs Facebook.

    I NTRODUCTION. The present case study investigated digital. privacy, w ith Facebook and Cambridge Analytica Ltd. data leakage case as the unit of analysis [1]. According to Facebook investors ...

  16. Cambridge Analytica, Facebook, and Influence

    1.Introduction. This analysis is a case study and anticipatory ethical analysis of Facebook, Cambridge Analytica (CA), and influence operations. (For a general background account of the (CA) scandal see: Bloomberg April 10, 2018.) The goal of this case study and research is to provide an example of how non-state actors including corporations ...

  17. Facebook-Cambridge Analytica Data Scandal|Business Ethics|Case Study

    In March 2018, Facebook was caught in a major data breach scandal in which a political consulting firm - Cambridge Analytica - pulled out the personal data of more than 87 million Facebook users without their consent. The data was allegedly used in favor of the US Presidential candidate, Donald Trump, during the 2016 elections.

  18. Data Mart

    TheFacebook-Cambridge Analytica data scandal is the result of allegations that CambridgeAnalytica utilised data gathered from millions of Facebook users without their permission. The scandal raised debate on issues such as data privacy, morality, and the influence of targetedadvertising on democratic processes.

  19. Cambridge Analytica: Ethics And Online Manipulation With Decision

    The investigation with Cambridge Analytica and Facebook caused Facebook loss of more than 10 0 . ... This mixed-method case study combines qualitative interviews of Melbourne-based homebuyer ...

  20. PDF Case Study: Facebook In Face of Crisis.

    The Case Study: Facebook & Cambridge Analytica Data Scandal On February 5, Facebook will turn 16 years old. Born in a young American student's dorm, it is now one of the most important and influential tech firms in history. Nonetheless, a black cloud began to hang over the company in recent years. It was March 16, 2018, and Mark

  21. [PDF] Cambridge Analytica A Case Study

    396. PDF. How Facebook users' data has been harvested is discussed, used to formulate an algorithm to understand users ' personality traits and in-turn use the process to influence the outcome of US Presidential Elections. Objectives: This study discusses how Facebook users' data has been harvested, used to formulate an algorithm to ...

  22. CASE STUDY (ANALYSIS + CRITICAL ESSAY) (docx)

    PART 2: CASE-BASED CRITICAL ESSAY 1. Abstract This case-based research article discusses data-driven project ethics using the Facebook and Cambridge Analytica issue. Data-driven initiatives must address ethical issues including openness, expandability, and prejudice. The essay supports its claims with academic and professional articles. To offer complete perspectives, 7-10 well selected ...

  23. Seismic Resilience in Critical Infrastructures: A Power Station ...

    The role of critical infrastructures in maintaining the functioning of the economy and society and ensuring national security, particularly their durability in delivering essential services during crises, including natural disasters such as earthquakes, is critical. This work introduces an analytical methodology to quantify potential earthquake damage to power stations and evaluate the cost ...