Meta Faces Revived D.C. Lawsuit Over Alleged Data Privacy Failures

August 6, 2025

Meta Platforms Inc., the parent company of Facebook, is facing a revived lawsuit from the District of Columbia alleging unlawful data privacy practices, particularly tied to the infamous Cambridge Analytica scandal. On August 4, 2025, the District of Columbia Court of Appeals reinstated the case, overturning a 2023 dismissal by Superior Court Judge Maurice A. Ross. The lawsuit, originally filed in 2018 by then-D.C. Attorney General Karl Racine, accuses Meta of violating the D.C. Consumer Protection Procedures Act by misleading users about how their personal data was shared with third parties. This development marks a significant setback for Meta as it navigates ongoing legal battles over its data privacy practices.

Background of the Lawsuit

The lawsuit stems from revelations in 2018 that Cambridge Analytica, a now-defunct British political consulting firm, accessed data from up to 87 million Facebook users without their consent. The data was collected through a personality quiz app called “thisisyourdigitallife,” developed by professor Aleksandr Kogan, which was downloaded by 270,000 users but harvested information from millions of their friends. The D.C. lawsuit claims Meta misrepresented the extent of user control over their data, creating a “high potential for consumer confusion” by allowing third-party developers like Kogan to access sensitive information, despite public statements emphasizing user privacy.

In 2023, Judge Ross dismissed the case, ruling that Meta’s policies clearly disclosed how third parties could access user data, arguing that a “reasonable consumer could not have been misled.” However, the D.C. Court of Appeals reversed this decision, finding sufficient grounds to reinstate the case. D.C. Attorney General Brian Schwalb hailed the ruling as a “significant victory,” stating, “We look forward to proving the revived claims on remand.” Meta, represented by Gibson, Dunn & Crutcher, has not publicly commented on the appeal but previously argued that its 2014 privacy policy informed users that shared data could be re-shared by friends, negating claims of deception.

Broader Context of Meta’s Privacy Challenges

This revived lawsuit is part of a broader wave of legal scrutiny over Meta’s data practices:

• Cambridge Analytica Fallout: In 2019, the Federal Trade Commission (FTC) fined Meta $5 billion for violating a 2012 consent order requiring user consent for data sharing, one of the largest privacy fines in history. Meta also settled a related class-action lawsuit for $725 million in 2022.
• Shareholder Lawsuit Settlement: In July 2025, Meta and CEO Mark Zuckerberg reached an undisclosed settlement in an $8 billion Delaware shareholder lawsuit alleging executives knowingly violated the FTC order, avoiding a high-profile trial involving Zuckerberg, former COO Sheryl Sandberg, and other board members like Peter Thiel and Reed Hastings.
• European Fines: Meta has faced significant penalties in Europe, including a €1.2 billion ($1.3 billion) fine in 2023 from Ireland’s Data Protection Commission for unlawful data transfers to the U.S., and a €251 million ($263 million) fine in 2024 for a 2018 data breach exposing 29 million users’ information.
• Other D.C. Lawsuits: In February 2025, a nonprofit advocacy group filed a lawsuit accusing Meta of discriminatory advertising practices, alleging it disproportionately targeted Black users with for-profit college ads, violating the D.C. Human Rights Act. Additionally, a 2023 D.C. lawsuit accusing Meta of designing addictive platforms for children survived a dismissal motion in September 2024.

Implications of the Revived Lawsuit

The reinstatement of the D.C. lawsuit signals continued pressure on Meta to address its data privacy practices. The case will now return to the Superior Court, where the District must prove that Meta’s privacy policies were deceptive under the Consumer Protection Procedures Act. Key allegations include:

• Meta’s failure to clearly disclose that third-party apps could access data from users’ friends without their consent.
• Misleading public statements about user control over data, which allegedly created confusion.

Legal experts suggest the case could set a precedent for how consumer protection laws are applied to tech companies. The D.C. Court of Appeals’ decision aligns with a 2019 ruling by U.S. District Judge Vince Chhabria, who rejected Meta’s argument that users have no privacy claim over shared social media data, stating, “Facebook’s argument could not be more wrong.” If successful, the lawsuit could result in significant fines and force Meta to overhaul its privacy disclosures.

Meta’s Response and Investments

Meta has emphasized its efforts to improve privacy since 2019, claiming to have invested billions in reforms. The company shut down its facial recognition system in 2021, deleting faceprints of over 1 billion users, and has updated privacy settings to give users more control. However, critics argue that Meta’s business model, reliant on data-driven advertising, inherently conflicts with robust privacy protections. A 2022 lawsuit in London by activist Tanya O’Carroll, for instance, challenged Meta’s dismissal of user opt-outs for data collection, highlighting ongoing tensions under GDPR and similar laws.

Conclusion

The revival of the D.C. lawsuit underscores Meta’s persistent legal vulnerabilities tied to the Cambridge Analytica scandal and broader data privacy failures. As Attorney General Schwalb prepares to prove Meta’s deceptive practices, the case could amplify calls for stricter tech regulations in the U.S., mirroring Europe’s aggressive enforcement. With multiple lawsuits still pending—including antitrust and child safety cases—Meta faces a challenging legal landscape that could reshape its operations and public trust. The outcome of this case, alongside others, will likely influence how tech giants navigate the balance between innovation, profitability, and user privacy.

Sources: Law.com, MediaPost.com, The New York Times, Reuters, NPR, Forbes, BBC, The Guardian