Facebook data privacy scandal: A cheat sheet
by James Sanders | Dan Patterson in Security on July 24, 2019, 8:52 AM PST
A decade of apparent indifference for data privacy at Facebook has culminated in revelations that organizations harvested user data for targeted advertising, particularly political advertising, to apparent success. While the most well-known offender is Cambridge Analytica-- the political consulting and strategic communication firm behind the pro-Brexit Leave EU campaign, as well as Donald Trump 's 2016 presidential campaign-- other companies have likely used similar tactics to collect personal data of Facebook users.
What is the Facebook data privacy scandal?
The Facebook data privacy scandal centers around the collection of personally identifiable information of" up to 87 million people'' by the political consulting and strategic communication firm Cambridge Analytica. That company-- and others-- were able to gain access to personal data of Facebook users due to the confluence of a variety of factors, broadly including inadequate safeguards against companies engaging in data harvesting, little to no oversight of developers by Facebook, developer abuse of the Facebook API, and users agreeing to overly broad terms and conditions.
In the case of Cambridge Analytica, the company was able to harvest personally identifiable information through a personality quiz app called thisisyourdigitiallife, based on the OCEAN personality model. Information gathered via this app is useful in building a" psychographic'' profile of users( the OCEAN acronym stands for openness, conscientiousness, , agreeableness, and neuroticism). Adding the app to your Facebook account to take the quiz gives the creator of the app access to profile information and user history for the user taking the quiz, as well as all of the friends that user has on Facebook. This data includes all of the items that users and their friends have liked on Facebook.
Researchers associated with Cambridge University claimed in a paper that it" can be used to automatically and accurately predict a range of highly sensitive personal attributes including: sexual orientation, ethnicity, religious and political views, personality traits, intelligence, happiness, use of addictive substances, parental separation, age, and gender,'' with a model developed by the researchers that uses a combination of dimensionality reduction and logistic/linear regression to infer this information about users.
The model-- according to the researchers-- is effective due to the relationship of likes to a given attribute. However, most likes are not explicitly indicative of their attributes. The researchers note that" less than 5 % of users labeled as gay were connected with explicitly gay groups,'' but that liking" Juicy Couture'' and" Adam Lambert'' are likes indicative of gay men, while" WWE'' and" Being Confused After Waking Up From Naps'' are likes indicative of straight men. Other such connections are peculiarly lateral, with" curly fries'' being an indicator of high IQ," sour candy'' being an indicator of not smoking, and" Gene Wilder'' being an indicator that the user 's parents had not separated by age 21.
What is the timeline of the Facebook data privacy scandal?
Facebook has more than a decade-long track record of incidents highlighting inadequate and insufficient measures to protect data privacy. While the severity of these individual cases varies, the sequence of repeated failures paints a larger picture of systemic problems.
In 2005, researchers at MIT created a script that downloaded publicly posted information of more than 70,000 users from four schools.( Facebook only began to allow search engines to crawl profiles in September 2007.)
In 2007, activities that users engaged in on other websites was automatically added to Facebook user profiles as part of Beacon, one of Facebook 's first attempts to monetize user profiles. As an example, Beacon indicated on the Facebook News Feed the titles of videos that users rented from Blockbuster Video, which was a violation of the Video Privacy Protection Act. A class action suit was filed, for which Facebook paid$ 9.5 million to a fund for privacy and security as part of a settlement agreement.
In 2011, following an FTC investigation, the company entered into a consent decree, promising to address concerns about how user data was tracked and . That investigation was prompted by an incident in December 2009 in which information thought private by users was being publicly, according to contemporaneous reporting by The New York Times.
In 2013, Facebook disclosed details of a bug that exposed the personal details of six million accounts over approximately a year. When users downloaded their own Facebook history, that user would obtain in the same action not just their own address book, but also the email addresses and phone numbers of their friends that other people had stored in their address books. The data that Facebook exposed had not been given to Facebook by users to begin with-- it had been vacuumed from the contact lists of other Facebook users who happen to know that person. This phenomenon has since been described as" shadow profiles.''
The Cambridge Analytica portion of the data privacy scandal starts in February 2014. A spate of reviews on the Turkopticon website-- a third-party review website for users of Amazon 's Mechanical Turk-- detail a task requested by Aleksandr Kogan asking users to complete a survey in exchange for money. The survey required users to add the thisisyourdigitiallife app to their Facebook account, which is in violation of Mechanical Turk 's terms of service. One review quotes the request as requiring users to" provide our app access to your Facebook so we can download some of your data-- some demographic data, your likes, your friends list, whether your friends know one another, and some of your private messages.''
In December 2015, Facebook learned for the first time that the data set Kogan generated with the app was with Cambridge Analytica. Facebook founder and CEO Mark Zuckerberg claims" we immediately banned Kogan 's app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.''
According to Cambridge Analytica, the company took legal action in August 2016 against GSR( Kogan) for licensing" illegally acquired data'' to the company, with a settlement reached that November.
On March 17, 2018, an exposé was published by The Guardian and The New York Times, initially reporting that 50 million Facebook profiles were harvested by Cambridge Analytica; the figure was later revised to" up to 87 million'' profiles. The exposé relies on information provided by Christopher Wylie, a former employee of SCL Elections and Global Science Research, the creator of the thisisyourdigitiallife app. Wylie claimed that the data from that app was sold to Cambridge Analytica, which used the data to develop" psychographic'' profiles of users, and target users with pro-Trump advertising, a claim that Cambridge Analytica denied.
On March 16, 2018, Facebook threatened to sue The Guardian over publication of the story, according to a by Guardian reporter Carole Cadwalladr. Campbell Brown, a former CNN journalist who now works as head of news partnerships at Facebook, said it was" not our wisest move,'' adding" If it were me I would have probably not threatened to sue The Guardian.'' Similarly, Cambridge Analytica threatened to sue The Guardian for defamation.
We have a responsibility to protect your data, and if we ca n't then we do n't deserve to serve you. Mark Zuckerberg
On March 20, 2018, the FTC opened an investigation to determine if Facebook had violated the terms of the settlement from the 2011 investigation.
In April 2018, reports indicated that Facebook granted Zuckerberg and other high ranking executives powers over controlling personal information on a platform that is not available to normal users. Messages from Zuckerberg sent to other users were remotely deleted from users ' inboxes, which the company claimed was part of a corporate security measure following the 2014 Sony Pictures hack. Facebook subsequently announced plans to make available the" unsend'' capability" to all users in several months,'' and that Zuckerberg will be unable to unsend messages until such time that feature rolls out. Facebook added the feature 10 months later, on February 6, 2019. The public feature permits users to delete messages up to 10 minutes after the messages were sent. In the controversy prompting this feature to be added, Zuckerberg deleted messages months after they were sent.
On April 4, 2018, The Washington Post reported that Facebook announced" malicious actors'' abused the search function to gather public profile information of" most of its 2 billion users worldwide.''
In a CBS News/YouGov poll published on April 10, 2018, 61 % of Americans said Congress should do more to regulate social media and tech companies. This sentiment was echoed in a CBS News interview with Box CEO Aaron Levie and YML CEO Ashish Toshniwal who called on Congress to regulate Facebook. According to Levie," There are so many examples where we do n't have modern ways of either regulating, controlling, or putting the right protections in place in the internet age. And this is a fundamental issue that, that we 're gon na have to grapple with as an industry for the next decade.''
On May 2, 2018, SCL Group, which owns Cambridge Analytica, was dissolved. In a press release, the company indicated that" the siege of media coverage has driven away virtually all of the Company 's customers and suppliers.''
On May 15, 2018, The New York Times reported that Cambridge Analytica is being investigated by the FBI and the Justice Department. A source indicated to CBS News that prosecutors are focusing on potential financial crimes.
On May 16, 2018, Christopher Wylie testified before the Senate Judiciary Committee. Among other things, Wylie noted that Cambridge Analytica, under the direction of Steve Bannon, sought to" exploit certain vulnerabilities in certain segments to send them information that will remove them from the public forum, and feed them conspiracies and they 'll never see mainstream media.'' Wylie also noted that the company targeted people with" characteristics that would lead them to vote for the Democratic party, particularly African American voters.''
On June 3, 2018, a report in The New York Times indicated that Facebook had maintained data-sharing partnerships with mobile device manufacturers, specifically naming Apple, Amazon, BlackBerry, Microsoft, and Samsung. Under the terms of this personal information , device manufacturers were able to gather information about users in order to deliver" the Facebook experience,'' the Times quotes a Facebook official as saying. Additionally, the report indicates that this access allowed device manufacturers to obtain data about a user 's Facebook friends, even if those friends had configured their privacy settings to deny information with third parties.
The same day, Facebook issued a rebuttal to the Times report indicating that the partnerships were conceived because" the demand for Facebook outpaced our ability to build versions of the product that worked on every phone or operating system,'' at a time when the smartphone market included BlackBerry 's BB10 and Windows Phone operating systems, among others. Facebook claimed that" contrary to claims by the New York Times, friends ' information, like photos, was only accessible on devices when people made a decision to their information with those friends. We are not aware of any abuse by these companies.'' The distinction being made is partially semantic, as Facebook does not consider these partnerships a third party in this case. Facebook noted that changes to the platform made in April began" winding down'' access to these APIs, and that 22 of the partnerships had already been ended.
On June 5, 2018, the The Washington Post and The New York Times reported that the Chinese device manufacturers Huawei, Lenovo, Oppo, and TCL were granted access to user data under this program. Huawei, along with ZTE, are facing scrutiny from the US government on unsubstantiated accusations that products from these companies pose a national security risk.
On July 2, 2018, The Washington Post reported that the US Securities and Exchange Commission, Federal Trade Commission, and Federal Bureau of Investigation have joined the Department of Justice inquiry into the Facebook/Cambridge Analytica data scandal. In a statement to CNET, Facebook indicated that" We 've provided public testimony, answered questions, and pledged to continue our assistance as their work continues.'' On July 11th, the Wall Street Journal reported that the SEC is separately investigating if Facebook adequately warned investors in a timely manner about the possible misuse and improper collection of user data. The same day, the UK assessed a# 500,000 fine to Facebook, the maximum permitted by law, over its role in the data scandal. The UK 's Information Commissioner 's Office is also preparing to launch a criminal probe into SCL Elections over their involvement in the scandal.
On July 3, 2018, Facebook acknowledged a" bug'' unblocked people that users has blocked between May 29 and June 5.
On July 12, 2018, a CNBC report indicated that a privacy loophole was discovered and closed. A Chrome plug-in intended for marketing research called Grouply.io allowed users to access the list of members for private Facebook groups. Congress sent a letter to Zuckerberg on February 19, 2019 demanding answers about the data leak, stating in part that" labeling these groups as closed or anonymous potentially misled Facebook users into joining these groups and revealing more personal information than they otherwise would have,'' and" Facebook may have failed to properly notify group members that their personal health information may have been accessed by health insurance companies and online bullies, among others.''
Fallout from a confluence of factors in the Facebook data privacy scandal has come to bear in the last week of July 2018. On July 25th, Facebook announced that daily active user counts have fallen in Europe, and growth has stagnated in the US and Canada. The following day, Facebook suffered the worst single-day market value decrease for a public company in the US, dropping$ 120 billion, or 19 %. On the July 28th, Reuters reported that are suing Facebook, Zuckerberg, and CFO David Wehner for" making misleading statements about or failing to disclose slowing revenue growth, falling operating margins, and declines in active users.''
On August 22, 2018, Facebook removed Facebook-owned security app from the App Store, for violating privacy rules. Data collected through the app is with Facebook.
In testimony before the Senate, on September 5, 2018, COO Sheryl Sandberg conceded that the company''[ was] too slow to spot this and too slow to act'' on privacy protections. Sandberg, and Twitter CEO Jack Dorsey faced questions focusing on user privacy, election interference, and political censorship. Senator Mark Warner of Virginia even said that," The era of the wild west in social media is coming to an end,'' which seems to indicate coming legislation.
On September 6, 2018, a spokesperson indicated that Joseph Chancellor was no longer employed by Facebook. Chancellor was a co-director of Global Science Research, the firm which improperly provided user data to Cambridge Analytica. An internal investigation was launched in March in part to determine his involvement. No statement was released indicating the result of that investigation.
On September 7, 2018, Zuckerberg stated in a post that fixing issues such as" defending against election interference by nation states, protecting our from abuse and harm, or making sure people have control of their information and are comfortable with how it 's used,'' is a process which" will extend through 2019.''
On September 26, 2018, WhatsApp co-founder Brian Acton stated in an interview with Forbes that" I sold my users ' privacy'' as a result of the messaging app being sold to Facebook in 2014 for$ 22 billion.
On September 28, 2018, Facebook disclosed details of a security breach which affected 50 million users. The vulnerability originated from the" view as'' feature which can be used to let users see what their profiles look like to other people. Attackers devised a way to export" access tokens,'' which could be used to gain control of other users ' accounts.
A CNET report published on October 5, 2018, details the existence of an" Internet Bill of Rights'' drafted by Rep. Ro Khanna( D-CA). The bill is likely to be introduced in the event the Democrats regain control of the House of Representatives in the 2018 elections. In a statement, Khanna noted that" As our lives and the economy are more tied to the internet, it is essential to provide Americans with basic protections online.''
On October 11, 2018, Facebook deleted over 800 pages and accounts in advance of the 2018 elections for violating rules against spam and" inauthentic behavior.'' The same day, it disabled accounts for a Russian firm called" Social Data Hub,'' which claimed to sell scraped user data. A Reuters report indicates that Facebook will ban false information about voting in the midterm elections.
On October 16, 2018, rules requiring public disclosure of who pays for political advertising on Facebook, as well as identity verification of users paying for political advertising, were extended to the UK. The rules were first rolled out in the US in May.
On October 25, 2018, Facebook was fined# 500,000 by the UK 's Information Commissioner 's Office for their role in the Cambridge Analytica scandal. The fine is the maximum amount permitted by the Data Protection Act 1998. The ICO indicated that the fine was final. A Facebook spokesperson told ZDNet that the company" respectfully disagreed,'' and has filed for appeal.
The same day, Vice published a report indicating that Facebook 's advertiser disclosure policy was trivial to abuse. Reporters from Vice submitted advertisements for approval attributed to Mike Pence, DNC Chairman Tom Perez, and Islamic State, which were approved by Facebook. Further, the contents of the advertisements were copied from Russian advertisements. A spokesperson for Facebook confirmed to Vice that the copied content does not violate rules, though the false attribution does. According to Vice, the only denied submission was attributed to Hillary Clinton.
On October 30, 2018, Vice published a second report in which it claimed that it successfully applied to purchase advertisements attributed to all 100 sitting US Senators, indicating that Facebook had yet to fix the problem reported in the previous week. According to Vice, the only denied submission in this test was attributed to Mark Zuckerberg.
On November 14, 2018, the New York Times published an exposé on the Facebook data privacy scandal, citing interviews of more than 50 people, including current and former Facebook executives and employees. In the exposé, the Times reports:
• In the Spring of 2016, a security expert employed by Facebook informed Chief Security Officer Alex Stamos of Russian hackers" probing Facebook accounts for people connected to the presidential campaigns,'' which Stamos, in turn, informed general counsel Colin Stretch.
• A group called" Project P'' was assembled by Zuckerberg and Sandberg to study false news on Facebook. By January 2017, this group" pressed to issue a public paper'' about their findings, but was stopped by board members and Facebook vice president of global public policy Joel Kaplan, who had formerly worked in former US President George W. Bush 's administration.
• In Spring and Summer of 2017, Facebook was" publicly claiming there had been no Russian effort of any significance on Facebook,'' despite an ongoing investigation into the extent of Russian involvement in the election.
• Sandberg" and deputies'' insisted that the post drafted by Stamos to publicly acknowledge Russian involvement for the first time be made" less specific'' before publication.
• In October 2017, Facebook expanded their engagement with Republican-linked firm Definers Public Affairs to discredit" activist protesters.'' That firm worked to link people critical of Facebook to liberal philanthropist George Soros, and''[ lobbied] a Jewish civil rights group to cast some criticism of the company as anti-Semitic.''
• Following critical of Facebook by Apple CEO Tim Cook, a spate of articles critical of Apple and Google began appearing on NTK Network, an organization which an office and staff with Definers. Other articles appeared on the website downplaying the Russians ' use of Facebook.
On November 15, 2018, Facebook announced it had terminated its relationship with Definers Public Affairs, though it disputed that either Zuckerberg or Sandberg was aware of the" specific work being done.'' Further, a Facebook spokesperson indicated" It is wrong to suggest that we have ever asked Definers to pay for or write articles on Facebook 's behalf, or communicate anything untrue.''
On November 22, 2018, Sandberg acknowledged that work produced by Definers" was incorporated into materials presented to me and I received a small number of emails where Definers was referenced.''
On November 25, 2018, the founder of Six4Three, on a business trip to London, was compelled by Parliament to hand over documents relating to Facebook. Six4Three obtained these documents during the discovery process relating to an app developed by the startup that used image recognition to identify photos of women in bikinis on Facebook users ' friends ' pages. Reports indicate that Parliament sent an official to the founder 's hotel with a warning that noncompliance would result in possible fines or imprisonment. Despite the warning, the founder of the startup remained noncompliant, prompting him to be escorted to Parliament, where he turned over the documents.
A report in the New York Times published on November 29, 2018, indicates that Sheryl Sandberg personally asked Facebook communications staff in January to" research George Soros 's financial interests in the wake of his high-profile attacks on tech companies.''
On December 5, 2018, documents obtained in the probe of Six4Three were released by Parliament. Damian Collins, the MP who issued the order compelling the handover of the documents in November, highlighted six key points from the documents: 1. Facebook entered into whitelisting agreements with Lyft, Airbnb. Bumble, and Netflix, among others, allowing those groups full access to friends data after Graph API v1 was discontinued. Collins indicates" It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.''
2. According to Collins," increasing revenues from major app developers was one of the key drivers behind the Platform 3.0 changes at Facebook. The idea of linking access to friends data to the financial value of the developers ' relationship with Facebook is a recurring feature of the documents.'' 3. Data reciprocity between Facebook and app developers was a central focus for the release of Platform v3, with Zuckerberg discussing charging developers for access to API access for friend lists. 4. Internal discussions of changes to the Facebook Android app acknowledge that requesting permissions to collect calls and texts sent by the user would be controversial, with one project manager stating it was" a pretty high-risk thing to do from a PR perspective.'' 5. Facebook used data collected through , a VPN service the company acquired in 2013, to survey the use of mobile apps on smartphones. According to Collins, this occurred" apparently without[ users '] knowledge,'' and was used by Facebook to determine" which companies to acquire, and which to treat as a threat.''
6. Collins contends that" the files show evidence of Facebook taking aggressive positions against apps, with the consequence that denying them access to data led to the failure of that business.'' Documents disclosed specifically indicate Facebook revoked API access to video service Vine.
In a statement, Facebook claimed," Six4Three... cherrypicked these documents from years ago.'' Zuckerberg responded separately to the public disclosure on Facebook, acknowledging," Like any organization, we had a lot of internal discussion and people raised different ideas.'' He called the Facebook scrutiny" healthy given the vast number of people who use our services,'' but said it should n't" misrepresent our actions or motives.''
On December 14, 2018, a vulnerability was disclosed in the Facebook Photo API that existed between September 13-25, 2018, exposing private photos of 6.8 million users. The Photo API bug affected people who use Facebook to log in to third-party services.
On December 18, 2018, The New York Times reported on special data agreements that''[ exempted] business partners from its usual privacy rules, naming Microsoft 's Bing search engine, Netflix, Spotify, Amazon, and Yahoo as partners in the report. Partners were capable of accessing data including friend lists and private messages," despite public statements it had stopped that type of years earlier.'' Facebook claimed the data was about" helping people,'' and that this was not done without user consent.
On January 17, 2019, Facebook disclosed that it removed hundreds of pages and accounts controlled by Russian propaganda organization Sputnik, including accounts posing as politicians from primarily Eastern European countries.
On January 29, 2019, a TechCrunch report uncovered the" Facebook Research'' program, which paid users aged 13 to 35 to receive up to$ 20 per month to install a VPN application similar to that allowed Facebook to gather practically all information about how phones were used. On iOS, this was distributed using Apple 's Developer Enterprise Program, for which Apple briefly revoked Facebook 's certificate as a result of the controversy.
Facebook initially indicated that" less than 5 % of the people who chose to participate in this market research program were teens,'' and on March 1, 2019 amended the statement to" about 18 percent.''
On February 7, 2019, the German antitrust office ruled that Facebook must obtain consent before collecting data on non-Facebook members, following a three-year investigation.
On February 20, 2019, Facebook added new location controls to its Android app that allows users to limit background data collection when the app is not in use.
The same day, ZDNet reported that Microsoft 's Edge browser contained a secret whitelist allowing Facebook to run Adobe Flash, bypassing the click-to-play policy that other websites are subject to for Flash objects over 398x298 pixels. The whitelist was removed in the February 2019 Patch Tuesday update.
On March 6, 2019, Zuckerberg announced a plan to rebuild services around encryption and privacy," over the next few years.'' As part of these changes, Facebook will make messages between Facebook, Instagram, and WhatsApp interoperable. Former Microsoft executive Steven Sinofsky-- who was fired after the poor reception of Windows 8-- called the move" fantastic,'' comparing it to Microsoft 's Trustworthy Computing initiative in 2002.
CNET and CBS News Senior Producer Dan Patterson noted on CBSN that Facebook can benefit from this consolidation by making the messaging platforms cheaper to operate, as well as profiting from users sending money through the messaging platform, in a business model similar to Venmo.
On March 21, 2019, Facebook disclosed a lapse in security that resulted in hundreds of millions of passwords being stored in plain text, affecting users of Facebook, Facebook Lite, and Instagram. Facebook claimed that" these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them.''
Though Facebook 's post does not provide specifics, a report by veteran security reporter Brian Krebs claimed" between 200 million and 600 million'' users were affected, and that" more than 20,000 Facebook employees'' would have had access.
On March 22, 2019, a court filing by the attorney general of Washington DC alleged that Facebook knew about the Cambridge Analytica scandal months prior to the first public reports in December 2015. Facebook claimed that employees knew of rumors relating to Cambridge Analytica, but the claims relate to a" different incident'' than the main scandal, and insisted that the company did not mislead anyone about the timeline of the scandal.
Facebook is seeking to have the case filed in Washington DC dismissed, as well as to seal a document filed in that case.
On March 31, 2019, The Washington Post published an op-ed by Zuckerberg calling for governments and regulators to take a" more active role'' in regulating the internet. Shortly after, Facebook introduced a feature that explains why content is shown to users on their news feeds.
On April 3, 2019, over 540 million Facebook-related records were found on two improperly protected AWS servers. The data was collected by Cultura Colectiva, a Mexico-based online media platform, using Facebook APIs. Amazon deactivated the associated account at Facebook 's request.
On April 15, 2019, it was discovered that Oculus, a company owned by Facebook, shipped VR headsets with internal etchings including text such as" Big Brother is Watching.''
On April 18, 2019, Facebook disclosed the" unintentional'' harvesting of email contacts belonging to approximately 1.5 million users over the course of three years. Affected users were asked to provide email address credentials to verify their identity.
On April 30, 2019, at Facebook 's F8 developer conference, the company unveiled plans to overhaul Messenger and re-orient Facebook to prioritize Groups instead of the timeline view, with Zuckerberg declaring" The future is private.''
On May 9, 2019, Facebook co-founder Chris Hughes called for Facebook to be broken up by government regulators, in an editorial in The New York Times. Hughes, who left the company in 2007, cited concerns that Zuckerberg has surrounded himself with people who do not challenge him." We are a nation with a tradition of reining in monopolies, no matter how well-intentioned the leaders of these companies may be. Mark 's power is unprecedented and un-American,'' Hughes said.
Proponents of a Facebook breakup typically point to unwinding the social network 's purchase of Instagram and WhatsApp.
Zuckerberg dismissed Hughes ' appeal for a breakup in to France 2, stating in part that" If what you care about is democracy and elections, then you want a company like us to invest billions of dollars a year, like we are, in building up really advanced tools to fight election interference.''
On May 24, 2019, a report from Motherboard claimed" multiple'' staff members of Snapchat used internal tools to spy on users.
On July 8, 2019, Apple co-founder Steve Wozniak warned users to get off of Facebook.
On July 18, 2019, lawmakers in a House Committee on Financial Services hearing expressed mistrust of Facebook 's Libra cryptocurrency plan due to its" pattern of failing to keep consumer data private.'' Lawmakers had previously issued a letter to Facebook requesting the company pause development of the project.
On July 24, 2019, the FTC announced a$ 5 billion settlement with Facebook over user privacy violations. Facebook agreed to conduct an overhaul of its consumer privacy practices as part of the settlement. Access to friend data by Sony and Facebook was" immediately'' restricted as part of this settlement, according to CNET. Separately, the FTC settled with Aleksandr Kogan and former Cambridge Analytica CEO Alexander Nix," restricting how they conduct any business in the future, and requiring them to delete or destroy any personal information they collected.'' The FTC announced a lawsuit against Cambridge Analytica the same day.
Also on July 24, 2019, Netflix released" The Great Hack,'' a documentary about the Cambridge Analytica scandal.