Skip to main content

Mark ZuckerbergFacebook allowed Cambridge Analytica to harvest 87 million users' data without consent; Zuckerberg failed to notify users or FTC after learning of breach in 2015

Cambridge Analytica harvested data from 87 million Facebook users without consent through a third-party app, using it for political targeting in 2016 election. When Facebook learned of the breach in 2015, Zuckerberg took Cambridge Analytica's word they deleted the data without verification and failed to notify the FTC or affected users. In April 2018 Congressional testimony, Zuckerberg admitted personal responsibility for the failures. Facebook received a record $5 billion FTC fine, $100 million SEC fine for misleading investors, and a $725 million class action settlement.

Scoring Impact

TopicDirectionRelevanceContribution
Corporate Transparency-againstsecondary-0.50
Data Security-againstsecondary-0.50
User Autonomy-againstprimary-1.00
User Privacy-againstprimary-1.00
Overall incident score =-0.578

Score = avg(topic contributions) × significance (critical ×2) × confidence (0.77)× agency (negligent ×0.5)

Evidence (3 signals)

Confirms Legal Action Jul 24, 2019 verified

Facebook received record $5 billion FTC fine for privacy violations; Zuckerberg required to personally certify compliance

In July 2019, the FTC imposed a record-breaking $5 billion penalty on Facebook for violating a 2012 FTC order by deceiving users about their ability to control privacy. The settlement required new corporate governance including Zuckerberg personally certifying compliance or facing personal liability. The fine was nearly 30 times the FTC's previous largest penalty.

Federal Trade Commission(opens in new tab),Department of Justice(opens in new tab)
Confirms Legal Action Jul 24, 2019 verified

Facebook paid $100 million SEC fine for misleading investors about data misuse risks

In July 2019, the SEC charged Facebook for making misleading disclosures about the risk of data misuse. Facebook discovered the Cambridge Analytica misuse in 2015 but did not correct its public disclosures for more than two years, continuing to tell investors data 'may be' improperly accessed when Facebook knew it had already occurred.

Securities and Exchange Commission(opens in new tab)
Confirms Statement Apr 10, 2018 verified

Zuckerberg testified before Congress admitting personal responsibility for Cambridge Analytica failures

In April 10, 2018 Congressional testimony, Zuckerberg admitted it was his personal mistake that he did not do enough to prevent Facebook from being used for harm. He acknowledged Facebook took Cambridge Analytica's word that they deleted the data without verification and failed to notify the FTC, calling it 'clearly a mistake.' He said 'I'm responsible for what happens at Facebook.'

Washington Post(opens in new tab),NPR(opens in new tab)

Related: Same Topics

Mira Murati · Gave evasive and contradictory answers about Sora AI video model's training data sources
Koa Health · Koa Health published third-party ethics audit showing 24% improvement and perfect bias reduction scores
Wysa · Wysa found sharing user data with Facebook in 2021 Consumer Reports investigation
Proton AG · Proton restructured ownership under Swiss nonprofit Proton Foundation to protect privacy mission
GitLab · GitLab published comprehensive open source stewardship policy with public handbook and development