DC attorney general sues Mark Zuckerberg over Cambridge Analytica scandal

Although Facebook has faced many lawsuits over personal data collection in the past, this is the first time Zuckerberg has been sued personally

Image:
Although Facebook has faced many lawsuits over personal data collection in the past, this is the first time Zuckerberg has been sued personally

The lawsuit claims Zuckerberg directly participated in key decisions and was aware of the risks of sharing users' data.

Washington, D.C attorney general Karl Racine has filed a lawsuit against Facebook founder Mark Zuckerberg, claiming that he was personally responsible for the data breach scandal involving the now-defunct political consulting firm Cambridge Analytica.

The lawsuit alleges that Zuckerberg was aware of the potential risks of sharing users' data with third party firms, and that he directly participated in company policies that allowed Cambridge Analytica to collect US voters' personal data without their knowledge.

In 2018, the political consultancy was accused of unlawfully obtaining the personal data of up to 87 million Facebook users without their consent. Their information is said to have been utilised to sway the 2016 presidential election in favour of Donald Trump, and the Brexit referendum vote towards Leave.

The data harvested included Facebook users' ages, geographical locations, hobbies, groups they belong to, pages they've liked, religious affiliation, political affiliation, relationships, and photographs, as well as their complete names, phone numbers, and email addresses.

In other words, the filing claims Cambridge Analytica utilised Facebook to influence and manipulate the result of a US presidential election, in a way that was encouraged by both Facebook and Zuckerberg.

The scandal raised red flags over how technology firms protect users' personal data. It also eventually led to Zuckerberg appearing before Congress.

The suit says Facebook breached the District's Customer Protection Procedures Act by using misleading and fraudulent consumer data-sharing policies.

'Zuckerberg is not just a figurehead at Facebook; he is personally involved in nearly every major decision the company makes, and his level of influence is no secret.

'Within Facebook, Zuckerberg directly oversaw the product development and engineering work that was exposing consumer data to abuse.'

Although Facebook has been sued before, this is the first time the CEO has been sued individually.

"This lawsuit is not only warranted, but necessary, and sends a message that corporate leaders, including chief executives, will be held accountable for their actions," Racine said.

He is seeking damages and penalties that will be determined by the court.

Racine initially filed a lawsuit against Meta (formerly Facebook) in 2018, and the matter is still pending.

Last year, Mr Racine attempted to add Mr Zuckerberg to the action as a defendant. However, in March, a D.C. Superior Court judge blocked the effort, claiming Racine had waited too long to add him.

Racine now claims that hundreds of documents he has obtained in the case prove Zuckerberg's direct involvement in Cambridge Analytica decision-making, and that is why he is suing Zuckerberg directly.

Facebook has nearly 3 billion users worldwide.

Last year, journalist Peter Jukes filed a class action lawsuit against the firm in the UK, seeking damages over the company's failure to comply with the Data Protection Act 1998, and to prevent third parties from accessing the data of about a million users in England and Wales.

Jukes claimed his data was compromised between November 2013 and May 2015, when the social network allowed third-party app 'This Is Your Digital Life' to access millions of users' data without their consent or prior knowledge. It allegedly transferred information on millions of Facebook users to Cambridge Analytica.

Facebook reached a deal with the Information Commissioner's Office in 2019 over the misuse of personal data by Cambridge Analytica.

As part of the deal, Facebook was asked to pay a £500,000 fine - the maximum the ICO could legally charge, pre-GDPR.