August 2022 was an expensive month for tech companies. While the industry as a whole continues to reel from a major tech downturn, Meta, Snap, and TikTok all agreed to pay out settlements to put to rest lingering privacy lawsuits. Combined, those payouts total well over $US100 ($AU139) million dollars.
Meta, the company formerly known as Facebook, just this past week agreed to settle a privacy suit over its disastrous handling of its 2018 Cambridge Analytica scandal nearly four years in the making. All of sudden, in an industry where privacy violations often seem the norm, users are beginning to see a flurry of wins.
We took a step back in time to look over some of the most significant, and expensive, privacy-related settlements in recent years. Surprise surprise, some names appear more than once.
Facebook agreed to pay historic $AU7 billion fine over privacy policies
Meta, the company formerly known as Facebook, holds the undesirable title of undisputed privacy settlement king, and no other company really even comes close.
The Federal Trade Commission, which is currently investigating Meta on antitrust grounds, slapped the company with a $US5 ($AU7) billion penalty in 2019 — the largest of its kind — following a lengthy probe into its privacy practices stemming from the company’s notorious 2018 Cambridge Analytica scandal, where as many as 50 million users reportedly had their personal data improperly obtained by the GOP aligned political analytics firm.
Despite the eye grabbing fine, two of the FTC’s five commissioners at the time fervently opposed the fine claiming it didn’t go far enough. In her dissenting statement, Democratic commissioner Rebecca Slaughter said she did not believe the fine was a sufficient deterrent to stop Facebook from engaging in harmful privacy practices.
“The negotiated civil penalty is insufficient under the applicable statutory factors we are charged with weighing for order violators: injury to the public, ability to pay, eliminating the benefits derived from the violation, and vindicating the authority of the FTC,” Slaughter wrote.
Equifax agreed to pay at least $AU902 million in FTC settlement following massive data breach
What happens when the very company responsible for maintaining credit repositories for millions of people fails to protect that data? That’s exactly what happened back in 2017 when major credit bureau Equifax exposed sensitive information on more than 147 million consumers. That historic data breach led to a hefty fine of at least $US650 ($AU902) million. The fine represented the largest single settlement for a data breach, both in terms of dollar amount and the number of victims impacted, though that wasn’t enough for some lawmakers.
“In a just world, these executives would be going to jail,” Oregon senator Ron Wyden said in a statement at the time. “No one should be able to collect deeply sensitive information on 200 million people without their consent, treat it with reckless disregard and then just pay a fine when a predictable, easily avoidable hack takes place.”
Facebook spent $AU902 million to settle facial recognition lawsuit
Meta’s faced its fair share of criticism over the years for its facial recognition practices, but it’s a 2015 Illinois lawsuit that resulted in some of the longest-lasting monetary damage. That lawsuit alleged the company violated the Illinois Biometric Information Privacy Act (BIPA) when it automatically tagged Facebook users via facial recognition without their prior consent.
Facebook has since disabled its automatic tagging feature but that wasn’t enough to stave off a settlement. Last year, the company agreed to pay up to $US650 ($AU902) million to settle the suit. As part of the settlement, Illinois residents caught up in the company’s automatic tagging feature will reportedly receive at least $US345 ($AU479) each in payouts.
T-Mobile agreed to pay $AU486 million over 2021 data breach
In July mobile carrier T-Mobile agreed to pay $US350 ($AU486) million to settle multiple class action lawsuits concerning a 2021 data breach that allegedly affected the personal information of more than 76 million U.S. residents. T-Mobile went a step further and agreed to spend an additional $US150 ($AU208) million on top of the settlement on bolstering its cybersecurity.
A seller purporting to have access to the stolen data attempted to sell data on 30 million users for around $US270,000 ($AU374,814) on the darknet, according to Motherboard.
Capital One agreed to pay $AU264 million to settle lawsuit over 2019 data breach
Back in 2019 a hacker stole personal data from more than 100 million Capital One customers. The impacted data reportedly included credit card applications on the customers between 2005 and 2019 and reportedly included names, dates of birth, addresses, Social Security numbers, and bank account numbers.
Capital One denied liability but ultimately agreed to the settlement, “in the interest of avoiding the time, expense and uncertainty of continued litigation,” according to The New York Times. That settlement came just a year after the company agreed to spend $US80 ($AU111) million to settle another lawsuit related to its cybersecurity practices.
Twitter agreed to pay $AU208 million to regulators for allegedly misrepresenting security and privacy
2022 can’t end soon enough for Twitter. The beleaguered social media company has spent months trying to keep the world’s richest man from wussing out of buying the company and is currently dealing with the fallout of a whistleblower who’s called its cybersecurity practices into question. On top of all that, the company is still reeling from a recent $US150 ($AU208) million settlement with the DOJ and FTC over allegations it misrepresented how it uses users’ nonpublic contact information.
A lawsuit filed against Twitter by the United States District Court for the Northern District of California accused the company of telling users it was collecting their phone numbers and email addresses for account security purposes when it was actually using that information to send targeted advertisements.
Uber paid $AU205 million to settle alleged data breach cover-up
Sometimes the cover-up is costlier than the crime. That was the case in 2018 when Uber paid state regulators $US148 ($205) million over allegations it attempted to cover up a major 2016 data breach. Rather than disclose that breach, Uber allegedly spent $US100,000 to pay off the hackers involved. The data in question reportedly included drivers’ licenses, email addresses, and phone numbers of 57 million riders and drivers. When the dust settled, the dramatic event cost Uber’s chief security officer and an attorney their jobs.
In addition to the fine, Uber agreed to put in place new data security and breach notification policies. Uber was also forced to put in place a corporate integrity program aimed at aiding employees trying to report ethics concerns.
Yahoo fined $AU163 million for one of the largest data breaches in history
Yahoo, once a tech powerhouse, paid $US117.5 ($AU163) million in 2019 to settle what Reuters then described as, “the largest data breach in history.” The breach reportedly exposed the email addresses and other personal information on around three billion accounts between 2013 and 2016. The settlement meanwhile reportedly covered as many as 194 million people in the U.S. and Israel.
Google will pay Illinois residents $AU139 million to settle a lawsuit accusing the company of violating Illinois’ privacy act
Meta isn’t the only tech giant that’s had to loosen up their wallets because of the Illinois Biometric Privacy Act. Earlier this year Google agreed to pay $US100 ($AU139) million to settle a class action lawsuit that accuses the company of allegedly violating the state’s privacy law by analysing users’ faces in its Google Photos app without proper consent. Illinois residents who appear in those Google Photos between May 1st, 2015, and April 25th, 2022 are eligible to receive somewhere between $US200 ($AU278) and $US400 ($AU555).
TikTok fined $AU128 million for allegedly sharing users’ biometric information
TikTok may be newer to the U.S. social media battleground than some of its competitors, but that hasn’t stopped it from finding itself on the wrong end of privacy regulators. Researchers warn TikTok collects more personal data than any other social network and recent reports suggest some of that data is viewable by moderators in China, something the company had previously denied. It was really only a matter of time before the privacy fines started adding up.
Last week an Illinois judge gave final approval for a $US92 ($AU128) million class action lawsuit settlement involving TikTok and its users. The lawsuit, according to NBC 5 in Chicago, accused the platform of violating state and federal laws when it allegedly collected users’ biometric information and shared it with third parties without their users’ consent.
In general, TikTok collects vast amounts of personal data on its app. Last year, the company altered its privacy policy adding a news section that explicitly says the company, “may collect biometric identifiers and biometric information” from users.
Meta was forced to pay users $AU125 million in decade long lawsuit involving cookies
Meta’s no stranger to privacy settlements. Earlier this year, the company announced it would pay $US90 ($AU125) million to settle a decade-old lawsuit that accused the company of tracking certain users with cookies even after they had left the Facebook site. In addition to the penalty, Meta agreed to delete all of the data it collected during that period between 2010 and 2011, according to The Associated Press. Lawyers speaking with the AP said this marked one of the most expensive privacy violations in U.S. history.
Morgan Stanley announced it would pay $AU83 million to resolve data security lawsuit
Tech companies aren’t the only ones who can find themselves on the wrong end of a privacy suit. In January, Morgan Stanley agreed to pay $US60 ($AU83) million to settle a lawsuit accusing them of exposing customer data through the mishandling of decommissioned data. That lawsuit took issue with the Wall Street giant’s decommissioning of two data centres in 2016 and 2019 which affected an estimated 15 million customers. Morgan Stanley has denied any wrongdoing and told Reuters it has made “substantial” data privacy upgrades.
H&M fined $AU57 million for allegedly spying on employees
Since it first went into effect in May 2018, the European General Data Protection Regulation (GDPR) has been responsible for dishing out some of the largest tech privacy fines in recent memory. While many of those most noteworthy cases involving the likes of Amazon and Google are under appeal, EU regulators have still managed to make other companies pay up.
In one of those cases, fashion behemoth H&M was fined $US41 ($AU57) million for reportedly keeping excessive records on its employees’ families, vacations, illnesses, and religious beliefs. Regulators claim H&M managers collected that information and then used it to evaluate workers’ performances. H&M accepted full responsibility following the fine.
Meta reaches $AU52 million settlement over unwanted location tracking lawsuit
If you thought we were done with Meta settlements, think again. This month, the privacy settlement veteran agreed to pay $US37.5 ($AU52) million to put to rest a lawsuit accusing the company of tracking users’ smartphone location data without their permission. The suit dates four years and represented social media users who alleged Facebook inferred their locations via IP addresses even after they had turned location services off on their phones. That, of course, was allegedly done in the name of serving more ads.
Snapchat agreed to pay $AU49 million to settle lawsuits involving lenses and filters
The Illinois Information Privacy Act added yet another victim to its corporate naughty list last week. Snap, Snapchat’s parent company, agreed to a $US35 ($AU49) million settlement in response to a class action lawsuit alleging Snapchat’s filter and lenses features violated the privacy act by collecting biometric data without users’ consent.
The settlement applies to Illinois residents who use filters or lenses since November 17th, 2022. Those users could receive somewhere between $US58 ($AU81) and $US117 ($AU162) in payments. Snap maintains its features do not collect biometric data that are able to identify individuals.