The attorney general for Washington, D.C. itself announced that the region is suing Facebook for its role in Cambridge Analytica's illicit collection of private data.
Facebook could be asked to pay $5,000 per violation of D.C.'s consumer protection law -- potentially putting the total near $1.7 billion, Reuters reported. The latter figure stems from the accusation that data was collected from 340,000 people in the D.C. area.
Facebook misled its users as it knew about Analytica's data scraping for two years before making it public, charged Attorney General Karl Racine. He added that while the social network promised it was keeping watch on third-party apps, it made relatively few checks, and used deceptive privacy settings.
The company reportedly tried to settle before the lawsuit was launched, and Racine even described its participation as "reasonable." The case was filed anyway to "expedite change" in practices.
Facebook is facing a barrage of legal actions in the U.S., including investigations by six states into privacy practices, and a Federal Trade Commission investigation into whether it broke a 2011 consent decree. The FTC case alone carries the threat of thousands of dollars per day in fines.
Cambridge Analytica and Cambridge University researcher Aleksandr Kogan used a quiz app to collect data on Facebook users and their connected friends, the latter without their consent, enabling Analytica to build voter profiles for some 71 million Americans and a smaller amount of people overseas. The harvesting was discovered in 2015, but only made public by Facebook in March 2018. This drew the scrutiny of governments in both the U.S. and the U.K.
Some clients of Analytica -- now mostly defunct -- included the Presidential campaigns for Donald Trump and Ted Cruz, and the Institutional Revolutionary Party during Mexico's 2018 general election.
Facebook is under intense fire for its privacy practices in general, the latest revelations being that it signed special data-sharing agreements with companies like Microsoft, Netflix, Spotify and Amazon that let them bypass normal privacy policies, and that it allowed Apple devices to obfuscate indicators that it was asking for personal data, even giving access to the contact and calendar entries of users who disabled sharing in Facebook's account settings. Apple claims that it didn't know of this, and that any shared data was kept on-device.