Right now, more than 311,000 Australian Facebook users can apply for a slice of a A$50 million compensation fund from tech giant Meta – the largest ever payment for a breach of Australians’ privacy.

But the clock is ticking. Even if you’re eligible, you only have until December 31 2025 to make your claim. Similar payouts have already begun in the United States.

From who’s eligible, to how to make a claim, to how much the eventual payout might be: here’s what you need to know.

Why so many Australians can apply

The landmark settlement arose from Meta’s involvement in the Cambridge Analytica scandal: a massive data breach in the 2010s, when a British data firm harvested private information from 87 million Facebook profiles worldwide.

It led to a record-breaking US$5 billion penalty (about $A7.7 billion today) in the US against Meta as Facebook’s parent company, and the creation of a US$725 million (A$1.1 billion) compensation scheme for affected Americans.

Here in Australia, an investigation by the national privacy regulator – the Office of the Australian Information Commissioner – found Cambridge Analytica used the This Is Your Digital Life personality quiz app to extract personal information.

That investigation found just 53 Australian Facebook users installed the app. But another 311,074 Australian Facebook users were friends of those 53 people, meaning the app could have requested their information too.

In December 2024, the Information Commissioner announced she had settled a court case with Meta in return for an “enforceable undertaking”, including a record A$50 million payment program.

Claims opened on June 30 this year and close on December 31.

Who can apply?

You can apply if you:

• held a Facebook account between 2 November 2013 and 17 December 2015 (the eligibility period)

• were in Australia for more than 30 days during that period, and

• either installed the Life app or were Facebook friends with someone who did.

How to apply – but watch for scams

The Facebook Payment Program is being administered by consultants KPMG. (Meta has to pay KPMG to run it; that doesn’t come out of the $50 million fund.)

That website is where to go with questions or to lodge a claim.

Meta has sent all Australians it knows may be eligible this “token” notification within Facebook:

You may be entitled to receive payment from litigation recently settled in Australia. Learn more.

Try this link to see if the company has records of you or your friends logging into the Digital Life app. If there are, you should be able to use the “fast track” application.

If you didn’t get that notification but you think you were affected, you can make a claim using the standard process by proving:

• your identity, such as with a passport or driver’s licence
• you held a Facebook account and were located in Australia during the eligibility period.

But watch out for scammers pretending to be from Facebook or to be helping with claims.

Which payout could you be eligible for?

You need to choose to apply for compensation under one of two “classes”, requiring different types of proof.

Class 1: the harder option, expected to get higher payouts

To claim for “specific loss or damage”, you’ll need to provide documented evidence of economic and/or non-economic loss or damages. For example, this could include out-of-pocket medical or counselling costs, or having to move if your personal details were made public.

You’ll also need to show that damage was caused by the Cambridge Analytica data breach. For many people, proving extensive loss or damage may be difficult.

Class 1 claims will be decided first. There are no predetermined payout amounts; each will be decided individually.

If your class 1 claim is unsuccessful, but you’re otherwise eligible for a payout, you will be able to get a class 2 payout instead.

Class 2: the easier option, likely to get smaller payouts

Alternatively, you can choose to claim only for loss or damage based on “a generalised concern or embarrassment” caused by the data breach.

It’s a much easier process – but also likely to be a much smaller payment.

All class 2 claimants will receive the same amount, after the class 1 payouts.

These claimants only need to provide a statutory declaration that they have a genuine belief the breach caused them concern or embarrassment.

In Meta’s enforceable undertaking with the Information Commissioner, it states KPMG is able to apply a cap on payments to claimants. It also says if there is money left after all the payouts, KPMG will pay that amount to the Australian government’s Consolidated Revenue Fund.

Meta told The Conversation:

There is not a pre-determined cap on payments. The appropriate time to determine whether any cap should apply to payments made to claimants is following the end of the registration period [December 31].

So it’s not yet clear how much of the $50 million fund will go to Australian claimants versus how much could end up going to the federal government.

Payments are expected to be made from around August 2026.

How much are payouts likely to be?

Payouts from similar settlements by Meta elsewhere have been very small. For example, US Facebook users eligible for their US$725 million compensation scheme have expressed surprise at the size of their payouts. One report suggests the average US payment is around US$30 (A$45) each.

Here in Australia, a lot will depend on how many people bother to register between now and December 31.