In March 2018, Facebook was hit with a scandal involving Cambridge Analytica and the unauthorised use of millions of its user data. Facebook appealed to the court to have the case concluded in its favour, however, that appeal was recently rejected. This article will explore what happened and why the court upheld its previous decision.

Overview of The Cambridge Analytica Scandal

The Cambridge Analytica scandal took the world by storm in early 2018, with allegations that the firm had mishandled data belonging to over 87 million Facebook users. Through loose oversight of their API systems, third-party companies were able to gain access to and misuse personal information belonging to millions of people. Cambridge Analytica was a data mining and analysis firm which specialised in creating psychological profiles of people to target them with tailor-made advertising through online and offline marketing campaigns. To create these profiles, the firm gathered the personal details of individuals such as names, ages, locations, interests and even religious beliefs.

This breach highlighted how easily companies can obtain sensitive information without proper authorization or oversight and raised concerns about how increasing availability of technology creates new risks and challenges for protecting user privacy online.

In 2014, Cambridge Analytica sought a different type of data when they contracted with Aleksandr Kogan and his company Global Science Research (GSR). GSR claimed it had legally accessed millions of Facebook users’ data by acquiring it from an application created on the platform by Kogan himself. Kogan’s app supposedly presented questions asking respondents for their consent to share their personal information and the data from their friends who used his app – all without those friends’ knowledge or consent. Cambridge Analytica then used the app to build detailed profiles for targeted political advertising purposes associated with certain candidates in multiple countries around the world including the US presidential election in 2016. This illicit acquisition led Facebook into trouble after it emerged that Cambridge Analytica had not deleted all user information as promised under article 6(1)(b) of GDPR legislation as they were obligated to do so once processing was complete.

This breach highlighted how easily companies can obtain sensitive information without proper authorization or oversight and raised concerns about how increasing availability of technology creates new risks and challenges for protecting user privacy online.

Facebook Appeal Over Cambridge Analytica Data Rejected

The 2018 Facebook-Cambridge Analytica scandal raised questions about the data protections and user privacy measures in place at the social media giant. In addition, the controversy exposed how Cambridge Analytica was able to access and use the personal data of millions of Facebook users without their knowledge or consent. This article will examine Facebook’s data collection practices and why the social media company was held accountable for their actions.

How Facebook Collects Data

Facebook collects data in various ways, most of which can be broken down into two categories: voluntarily shared by the user and collected without the user’s consent.

Voluntary Data Sharing

When users voluntarily share information on Facebook, such as their educational background, job history, friends list and demographic information, Facebook will record it. This information can be changed or removed at any time using Facebook’s Privacy Settings.

Data Collected Without Consent

Besides the data voluntarily shared by users, Facebook also collects certain information from their activities on their platform and connected sites. For example, when a user “likes” a photo or clicks on an article link with a video embedded, this action is logged in the algorithms that make up the Data Profile. This profile also records any advertisements clicked on to tailor future campaigns more efficiently–a practice known as retargeting. Additionally, other software may be used to identify your device with cookies; for example when you log into iCloud from different browsers or devices.

Over time, private data collected without consent accumulates and become inherently valuable to corporations like Cambridge Analytica who then mine this loaded profile for insights into how such a person might respond to targeted campaigns— campaigns crafted specifically around messages thought likely to motivate that person to act or vote a certain way – ultimately leading up to what came evening during the 2016 US presidential election.

cambridge analyticaknaus theguardian

How Cambridge Analytica Used Facebook Data

The Cambridge Analytica scandal showed how a political consulting firm had improperly accessed and harvested data from millions of Facebook users, without their knowledge. Cambridge Analytica nurtured the data known as psychometrics, which are psychological measurements that can be used to analyse a user’s personality and behaviour. The data collected was then used to create targeted campaign messages designed to influence user sentiment around political issues.

To do this, Cambridge Analytica accessed the personal information of people who used an app called ‘this mydigitallife’, created by researcher Aleksandr Kogan in 2014. By consenting to answer survey questions via the app, users unknowingly granted access to their profiles and all of their friends’ data for purchasing through the app’s developer. From this database, Cambridge Analytica could create highly detailed psychometric profiles of individuals and target them with personalised messaging related to politics or current events. Though it is estimated that up to 87 million Facebook users could have been affected by this incident, it has since opened up a much-needed conversation about privacy policies and third-party access on social media platforms like Facebook. However, this story also reminds us that sharing personal information online has risks that may threaten our liberty and security in ways we still have yet to comprehend.

The Impact of the Scandal

The Cambridge Analytica scandal had a huge impact on the way people view Facebook and data privacy. Many people were outraged to learn that their data was being used without their knowledge or consent. As a result, Facebook was subjected to a lot of scrutiny, and its reputation was damaged. The scandal also caused Facebook to change its data-handling policies to protect its users. In this article, we’ll look at the scandal’s impact and how it affected Facebook’s appeal over Cambridge Analytica’s use of its data.

The Fallout of the Scandal

The Cambridge Analytica scandal caused uproar in the media and among Facebook’s user base. Upon hearing the news, many were shocked that a company could scrape over 87 million Facebook users’ personal information without their knowledge or consent.

The reports of this malpractice led to political pressure from politicians and other organisations, leading Facebook to make concessions such as suspending Cambridge Analytica’s access and apologising for not doing enough to protect its users’ data from misuse. Furthermore, Facebook’s stock value plummeted, costing them $37 billion in 2018 alone due to the allegations and public scrutiny it faced over Cambridge Analytica’s data misuse.

Though it is estimated that up to 87 million Facebook users could have been affected by this incident, it has since opened up a much-needed conversation about privacy policies and third-party access on social media platforms like Facebook.

Facebook also faced repercussions in other areas, such as being investigated by the FTC (the U.S Federal Trade Commission) on whether it had breached an agreement made in 2011 over user privacy consent. Through this examination into Facebook’s identity management and relationship with third-party developers, the tech giant faced a significant fine amounting to a hefty $5 billion – but only after it had faced numerous revisions relating to better features implemented for users’ protection against mishandling of data by third-party companies.

Consequently, stricter regulations were imposed on tech companies everywhere to ensure that this kind of scandal doesn’t occur again. The Cambridge Analytica scandal has highlighted how important it is for us all to be aware of our online presence– particularly when dealing with larger entities like big tech companies such as Google and Facebook.

australian cambridge theguardian

Facebook’s Response

In the wake of the scandal, Facebook had to take steps to demonstrate its commitment to users’ privacy and data protection. Initially, CEO Mark Zuckerberg promised stronger restrictions on third-party website integration and longer investigations into companies who were found to be misusing data in any way.

Facebook implemented changes across its platform, such as:

  • Limiting access that outside websites had to user information.
  • Providing users with a clearer understanding of how their data is used.
  • Making it easier for users to control their privacy settings.

Facebook also shifted away from its traditional advertising model by introducing a subscription-based model for businesses, allowing them to access user data in exchange for creating more personalised customer experiences. In March 2018, Facebook unveiled the “Data Abuse Bounty” program which offered rewards up to $40,000 for people who reported misuse of people’s information through the platform. In addition, Facebook announced that it was working on an Artificial Intelligence (AI) program to monitor any potential misuse or abuse of user data in real time. This system is still being developed but has been released on a limited basis in some countries such as Thailand. Since the scandal broke out in March 2018, other tech companies have been working hard to create systems that ensure they too do not face similar consequences as Facebook during their attempts at using big data collection and algorithms safely – many with fewer restrictions on user privacy than before.

The Appeal Rejected by the Supreme Court

In a landmark judgement, the Supreme Court of the United Kingdom on Tuesday rejected the Facebook appeal over Cambridge Analytica data harvesting case. Facebook has now been given an ultimatum to comply with the ruling and allow the full disclosure of what happened between Cambridge Analytica and Facebook and the data that Cambridge Analytica had obtained. This ruling will have a major impact on the way data is used and shared by tech companies. So it’s time to look at the details of this ruling and the implications.

The Arguments Presented by Facebook

Both sides presented arguments during the hearings leading up to the US Supreme Court rejecting Facebook’s appeal. First, Facebook argued that the trial court had wrongly interpreted their interaction with users. Specifically, they took issue with the lower court’s argument that users had a right to privacy regarding their data and that this right was overridden by clicking on any of Facebook’s terms of service boxes. Facebook maintained that users’ privacy rights were created through opt-in statements when they first signed up with the company. Because Cambridge Analytica acted under those terms, it shouldn’t have been held liable for any data activities conducted by those companies using Facebook user information. Furthermore, Facebook stressed that Cambridge Analytica derived full benefit from the access granted by Facebook but still chose not to keep their promises and instead used the data without getting proper user consent as required under their terms of use agreement.

Facebook also put forth its argument that due process was followed before it suspended Cambridge Analytica; before suspending access, Facebook says they had provided extensive research materials and personal interviews while ensuring they allowed time for a meaningful response from Cambridge Analytica; as such it claimed it did not act hastily or take “drastic action” in suspending access as argued by petitioners. While conceding there may have been violations of policy or contractual obligations (for which certain measures were proposed), ultimately these issues were considered a separate matter distinct from the legality of collecting personal information without express permission from individual users — which is what ultimately sparked the Supreme Court’s decision on this matter.

The Supreme Court’s Decision

On May 12th, 2020, the Supreme Court rejected Cambridge Analytica’s appeal to dismiss lawsuits concerning its use of Facebook user data. Instead, the court ruled that Cambridge Analytica had broken the law by accessing and using personal data from millions of Americans’ Facebook accounts without consent. Cambridge Analytica was first accused of improperly obtaining personal data from an estimated 87 million Facebook users without their consent in 2018. This data was allegedly used to target political ads during the 2016 U.S. presidential election and for other purposes such as marketing research. In addition, the company regularly collected detailed information about people’s interests and activities on the social media platform to use for its services and customers.

Although they sold their political data services arm in 2018 following theFacebook scandal, Cambridge Analytica maintained that none of the alleged violations occurred before this sale. The Supreme Court’s decision made it clear that whether or not they were involved in any wrongdoing at that point was irrelevant; companies must be held accountable for stealing data regardless of when it occurred or who used it. The decision also established a precedent for future legal action against tech giants like Facebook and Google regarding user data privacy—companies must protect data collected about their customers, even if it is shared with third parties without authorization or permission from users. Going forward, businesses and consumers must remain vigilant regarding these practices, ensuring that everyone involved understands exactly what information is being exchanged and how it’s being used before any agreement takes place between parties.


The fallout from Cambridge Analytica’s harvesting of Facebook users’ data has been far reaching. In 2020, the Supreme Court of England and Wales ruled that the data harvesting violated English data protection laws, and Facebook had no grounds to appeal the decision. This ruling has important implications for how companies should handle user data. In this final section, we’ll explore the conclusions of the court’s decision.

cambridge analytica metaknaus theguardian

Implications of the Supreme Court’s Decision

The Supreme Court’s decision in the Cambridge Analytica scandal has wide-reaching implications for Facebook and the legal definition of privacy. The case centred on the transfer of user data from Facebook to Cambridge Analytica, and the court ruled that although Cambridge Analytica had violated its contractual obligations with Facebook, their prior violation did not necessarily provide adequate grounds for a lawsuit against them. The court ruled that for a claimant to have standing in a case such as this, they must demonstrate that there was “actual or imminent harm,” meaning that users must be able to prove some sort of substantive injury resulting from the data breach. This standard shifts responsibility away from companies and onto users who can now use legal models such as class-action suits to seek compensation from companies who collect and mishandle user data.

The decision also clarifies what constitutes consumer privacy by setting precedent for statutory interpretation of laws intended to protect consumer privacy rights. This could potentially lead to increased regulation of data sharing practices between companies and new measures intended to protect consumer rights regarding online privacy. By setting a higher standard for consumer rights about their data, the Supreme Court’s decision serves as a signatory document regarding consumer protection moving forward.

What This Means for Data Privacy

The Cambridge Analytica scandal is a timely reminder of how our data can be collected and abused with potentially serious consequences. We must educate ourselves on the dangers of data privacy, especially regarding our online activities. First, users must be aware that they are responsible for safeguarding their private information online. For example, we should never click on links from unknown sources or give out personal information without being sure about its security and legitimacy. Additionally, one should not accept friends from unknown parties, download suspicious files or software updates and take extra caution when using apps with permissions to access personal data.

Second, social media outlets must be more transparent about their privacy policies so that users know how their data will be used to make informed decisions about their digital footprint. Facebook must also increase its security protocols to prevent unauthorised third-party access. Furthermore, governments must regularly review laws regulating the use and storage of personal data to protect consumers’ rights and respond adequately against abuse by such firms as Cambridge Analytica. Ultimately, taking measures at an individual level while advocating best practices amongst organisations can help protect users’ privacy on social media networks and beyond by helping ensure appropriate standards are put in place to maintain user trust.

tags = facebook, meta, facebook vs cambridge analytica, australian federal court, facebook lawsuit, meta lawsuit, social media lawsuit, meta cambridge analyticaknaus theguardian, australian cambridge analyticaknaus theguardian, data breach of australian facebook users, office of australian information commissioner


Steve is a tech guru who loves nothing more than playing and streaming video games. He's always the first to figure out how to solve any problem, and he's got a quick wit that keeps everyone entertained. When he's not gaming, he's busy being a dad and husband. He loves spending time with his family and friends, and he always puts others first.