Privacy Settlements Reveal the Value of User Data

Two recent class action settlements highlighted just how seriously companies should take their duty to protect users’ information. The cost of not doing so is astronomical. These settlements also speak to the rare calculus of the value of a user’s private information.

Meta, the parent of Facebook just agreed to a $725 million settlement while Epic Games, the parent company of the online game Fortnite, found itself settling a class-action suit for $26.5 million settlement. That’s in addition to a separate Federal Trade Commission (FTC) action which had a $275 million penalty and an additional $245 million in refunds to customers.

AWS Builder Community Hub

Let’s look at what these entities did that resulted in their having to pay such hefty settlements.

Epic Games – Fortnite

The FTC alleged that Epic Games violated the Children’s Online Privacy Protection Act (COPPA) and “deployed design tricks, know as dark patterns, to dupe millions of players into making unintentional purchases.”

The FTC characterized the action as involving “record-breaking settlements.”

With respect to violating the COPPA the FTC tells us that “Epic will be required to adopt strong privacy default settings for children and teens, ensuring that voice and text communication are turned off by default.” The $245 million will be used to refund customers for “its dark patterns and billing practices.”

Interestingly, Epic Games admitted no wrongdoing in their class action settlement, yet added another $26.5 million dollar debit to their balance sheet and gave Fortnite players game credits.

“As our complaints noted, Epic used privacy-invasive default settings and deceptive interfaces that tricked Fortnite users, including teenagers and children,” said FTC Chair Lina M. Khan. “Protecting the public, and especially children, from online privacy invasions and dark patterns is a top priority for the Commission, and these enforcement actions make clear to businesses that the FTC is cracking down on these unlawful practices.”

Meta – Facebook

The Meta settlement deals with how Facebook allowed user data to be shared with Cambridge Analytica and that entities use of the data for political advertising. The $725 million is believed to be the largest settlement in a data privacy class action case.

Readers may remember Cambridge Analytica from the quiz app, “This is Your Digital Life,” which harvested personal data from 87 million Facebook users. This action was the impetus behind the original class action, which grew over time to include other instances of Facebook sharing user information with outside entities without obtaining user permission.

Meta told CNBC, “We pursued a settlement as it’s in the best interest of our community and shareholders. Over the last three years, we revamped our approach to privacy and implemented a comprehensive privacy program.”

Equally interesting, Meta/Facebook, also admitted no wrongdoing in their class action settlement yet agreed to pay $725 million. One should recall that the FTC took Meta/Facebook to task in 2019 when they extracted a $5 billion dollar settlement over the company’s privacy policies.

The Value of User Data: How Much is Privacy Worth?

Instead of these hefty settlements after the fact, both entities could have invested a fraction of those costs into systems that protected the consumer and the consumer’s privacy. In both cases, those injured by the actions were users on whom Facebook/Meta and Epic Games rely upon for their existence. It doesn’t seem smart to bite (and rip off) the hand(s) that are feeding you. The takeaway for developers, DevOps teams and CISOs is that user data privacy is priceless. Companies should think ahead to the ramifications of the processes and systems they put in place and make decisions based on what is best for the user in the long term, versus what is best for the corporate till in the short term.

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 185 posts and counting.See all posts by burgesschristopher