More than 311,000 Australians may be eligible to claim compensation from a $50 million fund after Meta, Facebook’s parent company, reached a settlement over one of the largest data breaches in Australia’s history. The payments follow a long-running investigation into the company’s role in the Cambridge Analytica scandal, which exposed millions of users’ private data to unauthorised access.
The scheme, managed independently by consultancy KPMG, represents the largest privacy-related compensation programme in Australian legal history. The breach involved the misuse of personal information from Facebook accounts, often without the users’ knowledge or consent, through a third-party app. The final deadline for eligible Australians to submit a claim is 31 December 2025.
Who is Eligible for Compensation and How to Apply
According to the Office of the Australian Information Commissioner (OAIC), users can apply for compensation if they held a Facebook account between 2 November 2013 and 17 December 2015, spent more than 30 days in Australia during that time, and either installed the app This Is Your Digital Life or were Facebook friends with someone who did.
The app, which posed as a personality quiz, was downloaded by only 53 Australians, yet data from an additional 311,074 users was also likely accessed due to Facebook’s friend-sharing features at the time. Meta has since acknowledged its past data-sharing practices but denied liability in the settlement.
To apply, users must visit the official website (facebookpaymentprogram.com.au) and provide proof of identity, such as a driver’s licence or passport, along with evidence of their Facebook account during the eligibility period. Applicants are encouraged to remain vigilant for scams, as multiple warnings have been issued by the OAIC about fraudulent messages and impersonators posing as claim facilitators.
Payment Classes and What Claimants Can Expect
The payout system is divided into two classes, with differing levels of compensation and documentation requirements. Class 1 is aimed at those who can demonstrate specific loss or damage, including economic harm, such as medical expenses or emotional distress linked to the breach. These claims require detailed supporting evidence and will be reviewed on an individual basis.
If a Class 1 claim is rejected, the applicant may still qualify for Class 2, which provides a fixed payout based on a statutory declaration of general concern or embarrassment caused by the incident. Class 2 applications are simpler but likely to result in lower payments. According to Meta, there is no pre-set cap on payments, although KPMG may impose one after the registration period ends. Any unused funds will be returned to the Australian Government. Payouts are expected to be distributed starting from August 2026.
