Meta CEO Mark Zuckerberg is once again in hot water over Facebook’s wrongdoings, but this time it’s the social media platform’s previous shady moves that are coming back to haunt him. Attorney General Karl A. Racine of the District of Columbia has filed a lawsuit against Zuckerberg for being a key decision-maker in the massive Cambridge Analytica data breach scandal.

Racine’s latest legal action is his second attempt to name Zuckerberg as a defendant in the case rather than the company itself. The first request, filed in 2018, was denied by DC Superior Judge Maurice Ross, preventing Meta’s CEO from being held personally liable for the data privacy scandal. Racine’s latest lawsuit seeks to place Zuckerberg in the defendant’s seat once more, alleging that he should have been aware of the company’s privacy policies and that he was responsible for implementing deceptive policies that were abused while he was in charge. The lawsuit seeks to compel Zuckerberg to pay restitution to those harmed by the series of events.

According to a press release from the District of Columbia Attorney General’s Office, Zuckerberg has been sued “for directly participating in decision-making that allowed the Cambridge Analytica data breach.” According to the statement, citing an investigation, the Meta chief was involved in Facebook’s lax oversight of user data security and the implementation of a confusing privacy policy and user agreement terms. The data allegations are also supported by evidence.

This bombshell incident centered on Facebook, billed as one of the largest user data breach and harvesting incidents of its kind, really exposed the dark underbelly of the internet’s data economy and how it is used for everything from ad targeting to swaying voter sentiments. The scandal captured global media attention after whistleblower Christopher Wylie revealed that Cambridge Analytica created an app called “thisisyourdigitallife” that paid users to collect their responses in the name of academic research.

However, the app harvested data from the profiles of the test-takers’ friends and acquaintances in the background. The data harvesting included everything from what a user liked and the status updates they posted to where they lived, allowing for the creation of an entire psychological profile of the subjects in order to push content that may be relevant to them. The business model is common in the online advertising industry, but links to the Trump Presidential campaign and how the company helped push targeted political ads using voter data raised red flags.

In terms of the scandal’s political impact, Cambridge Analytica allegedly kept up to 5,000 data points on each potential voting target. Moreover, depending on the source, the number of Facebook profiles whose data was scraped ranges between 50 million and 87 million. However, experts believe the figure could be much higher.

In July 2019, the FTC imposed a record-breaking $5 billion fine on Facebook for deceiving users about the privacy of their personal data, and directed the company to implement reforms that will hold it more accountable for similar incidents in the future. Brazil also fined Facebook nearly $1.64 million for questionable use of nearly half a million users’ data.

Following the controversy, Facebook announced a series of actions, including informing users affected by data harvesting, making it easier for users to access privacy settings, restricting an app’s access to user data, terminating an app’s data access privilege after three months of inactivity, and disabling a search feature that allowed anyone to find a person’s Facebook profile using their phone number or email address. In addition, the company claims to have suspended “tens of thousands” of apps as part of its investigation into malicious apps.