Graham Greenleaf, Macquarie University and Katharine Kemp, UNSW Sydney

Right now, more than 311,000 Australian Facebook users can apply for a slice of a A$50 million compensation fund from tech giant Meta – the largest ever payment for a breach of Australians’ privacy.

But the clock is ticking. Even if you’re eligible, you only have until December 31 2025 to make your claim. Similar payouts have already begun in the United States.

From who’s eligible, to how to make a claim, to how much the eventual payout might be: here’s what you need to know.

Why so many Australians can apply

The landmark settlement arose from Meta’s involvement in the Cambridge Analytica scandal: a massive data breach in the 2010s, when a British data firm harvested private information from 87 million Facebook profiles worldwide.

It led to a record-breaking US$5 billion penalty (about $A7.7 billion today) in the US against Meta as Facebook’s parent company, and the creation of a US$725 million (A$1.1 billion) compensation scheme for affected Americans.

Here in Australia, an investigation by the national privacy regulator – the Office of the Australian Information Commissioner – found Cambridge Analytica used the This Is Your Digital Life personality quiz app to extract personal information.

That investigation found just 53 Australian Facebook users installed the app. But another 311,074 Australian Facebook users were friends of those 53 people, meaning the app could have requested their information too.

In December 2024, the Information Commissioner announced she had settled a court case with Meta in return for an “enforceable undertaking”, including a record A$50 million payment program.

Claims opened on June 30 this year and close on December 31.

Who can apply?

You can apply if you:

• held a Facebook account between 2 November 2013 and 17 December 2015 (the eligibility period)
• were in Australia for more than 30 days during that period, and
• either installed the Life app or were Facebook friends with someone who did.

How to apply – but watch for scams

The Facebook Payment Program is being administered by consultants KPMG. (Meta has to pay KPMG to run it; that doesn’t come out of the $50 million fund.)

That website is where to go with questions or to lodge a claim.

Meta has sent all Australians it knows may be eligible this “token” notification within Facebook:

You may be entitled to receive payment from litigation recently settled in Australia. Learn more.

Try this link to see if the company has records of you or your friends logging into the Digital Life app. If there are, you should be able to use the “fast track” application.

If you didn’t get that notification but you think you were affected, you can make a claim using the standard process by proving:

• your identity, such as with a passport or driver’s licence
• you held a Facebook account and were located in Australia during the eligibility period.

But watch out for scammers pretending to be from Facebook or to be helping with claims.

Which payout could you be eligible for?

You need to choose to apply for compensation under one of two “classes”, requiring different types of proof.

Class 1: the harder option, expected to get higher payouts

To claim for “specific loss or damage”, you’ll need to provide documented evidence of economic and/or non-economic loss or damages. For example, this could include out-of-pocket medical or counselling costs, or having to move if your personal details were made public.

You’ll also need to show that damage was caused by the Cambridge Analytica data breach. For many people, proving extensive loss or damage may be difficult.

Class 1 claims will be decided first. There are no predetermined payout amounts; each will be decided individually.

If your class 1 claim is unsuccessful, but you’re otherwise eligible for a payout, you will be able to get a class 2 payout instead.

Class 2: the easier option, likely to get smaller payouts

Alternatively, you can choose to claim only for loss or damage based on “a generalised concern or embarrassment” caused by the data breach.

It’s a much easier process – but also likely to be a much smaller payment.

All class 2 claimants will receive the same amount, after the class 1 payouts.

These claimants only need to provide a statutory declaration that they have a genuine belief the breach caused them concern or embarrassment.

In Meta’s enforceable undertaking with the Information Commissioner, it states KPMG is able to apply a cap on payments to claimants. It also says if there is money left after all the payouts, KPMG will pay that amount to the Australian government’s Consolidated Revenue Fund.

Meta told The Conversation:

There is not a pre-determined cap on payments. The appropriate time to determine whether any cap should apply to payments made to claimants is following the end of the registration period [December 31].

So it’s not yet clear how much of the $50 million fund will go to Australian claimants versus how much could end up going to the federal government.

Payments are expected to be made from around August 2026.

How much are payouts likely to be?

Payouts from similar settlements by Meta elsewhere have been very small. For example, US Facebook users eligible for their US$725 million compensation scheme have expressed surprise at the size of their payouts. One report suggests the average US payment is around US$30 (A$45) each.

Here in Australia, a lot will depend on how many people bother to register between now and December 31.

Graham Greenleaf, Honorary Professor, Macquarie Law School, Macquarie University and Katharine Kemp, Associate Professor, Faculty of Law & Justice; Lead, UNSW Public Interest Law & Tech Initiative, UNSW Sydney

This article is republished from The Conversation under a Creative Commons license. Read the original article.

The spectacular heist of jewellery from the Louvre museum in Paris has many people wondering how a theft like this could occur in broad daylight and what might happen to the items that were stolen from the museum.

In a matter of minutes, four thieves were able to enter through a first-floor window, break into secure glass displays, and take nine items of jewellery of immeasurable value.

Although an alarm was set off and museum guards were nearby, the thieves were able to escape quickly, using motor bikes to get away. They dropped one stolen item, a diamond and emerald-encrusted royal crown that had belonged to Empress Eugénie, Napoleon III’s wife.

Their loot include jewellery from French imperial times – brooches, necklaces, earrings and a tiara. The French prosecutor’s office said the jewels were worth some 88 million euros (A$157 million), not including their historical value.

The speed and professionalism of the heist shows this was a well-planned crime, carried out by highly skilled perpetrators. That suggests they are linked to organised criminal groups.

Several media outlets reported a number of smaller thefts from French museums in recent weeks, including gold nuggets from the Paris Natural History Museum. There is no suggestion these thefts were linked to the Louvre heist.

What might happen to the loot?

The stolen jewellery includes well-known pieces that are easily recognisable. This will make it difficult, if not impossible, to sell them on the black market, even to well-heeled collectors and buyers.

This problem is well-known from other museum heists – such as the theft of the Canadian “Big Maple Leaf” giant gold coin from Berlin’s Bode Museum in 2017 or the famous heist of 13 masterpieces by Degas, Manet and Rembrandt from the Isabella Stewart Gardner Museum in Boston in 1990. Those paintings have never been recovered.

Instead, most experts believe one of two scenarios are more likely.

In the first, the jewellery would be broken down into smaller pieces. Diamonds and other gemstones may be taken out, altered and then offered for sale. Silver and gold may be used to manufacture other pieces or may be sold separately.

This scenario would make it easy to conceal the origin of the pieces and sell them openly or online. The combined value, however, would be significantly lower compared to leaving the pieces intact. It is thus doubtful the thieves targeted the specific jewellery for this purpose.

Scenario two would involve the thieves, or more likely the masterminds behind them, trying to sell the pieces back to the Louvre or trying to extort money from the French government for their return.

This may be done through brokers or other middlemen and may not happen for a while, until there is less public and media attention and the perpetrators feel sufficiently safe to contact – directly or indirectly – museum or state authorities.

Given the historical significance of the pieces coupled with the embarrassment caused by the heist, the Louvre and the French government would be keen to have the pieces returned as swiftly as possible and might be willing to negotiate, albeit secretively.

Much of this remains, however, speculation. Only a few days have passed since the heist occurred and many questions about the events, perpetrators and their motives remain unanswered. And just who may be behind this spectacular heist from France’s largest museum has everyone guessing.

Similarities with a Dresden museum heist

The Louvre theft brings to mind the jewellery heist at the Green Vault at the Zwinger Palace in Dresden, Germany, in 2019.

In this case, the perpetrators had closely examined the museum’s security system for many days and were able to enter the building without being caught on camera. They entered through a window on the first floor and within minutes stole 21 pieces of jewellery from several displays.

Unlike the Paris heist, the Dresden thieves entered at night and used brute force to damage the displays to take their loot.

Some years after the robbery, German authorities were able to identify and arrest the thieves involved in the heist – all five were members of a notorious Berlin-based crime family.

The perpetrators have since been tried and convicted and are serving long jail times. Most of the jewellery was retrieved and returned – unaltered – to its famous home.

It is hoped the French authorities will soon be similarly successful.

Andreas Schloenhardt, Professor of Criminal Law, The University of Queensland

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Jongkil Jay Jeong, The University of Melbourne

The world’s largest cloud computing platform, Amazon Web Services (AWS), has experienced a major outage that has impacted thousands of organisations, including banks, financial software platforms such as Xero, and social media platforms such as Snapchat.

The outage began at roughly 6pm AEDT on Monday. It was caused by a malfunction at one of AWS’ data centres located in Northern Virginia in the United States. AWS says it has fixed the underlying issue but some internet users are still reporting service disruptions.

This incident highlights the vulnerabilities of relying so much on cloud computing – or “the cloud” as it’s often called. But there are ways to mitigate some of the risks.

Renting IT infrastructure

Cloud computing is the on-demand delivery of diverse IT resources such as computing power, database storage, and applications over the internet. In simple terms, it’s renting (not owning) your own IT infrastructure.

Cloud computing came into prevalence with the dot com boom in the late 1990s, wherein digital tech companies started to deliver software over the internet. As companies such as Amazon matured in their own ability to offer what’s known as “software as a service” over the web, they started to offer others the ability to rent their virtual servers for a cost as well.

This was a lucrative value proposition. Cloud computing enables a pay-as-you-go model similar to a utility bill, rather than the huge upfront investment required to purchase, operate and manage your own data centre.

As a result, the latest statistics suggest more than 94% of all enterprises use cloud-based services in some form.

A market dominated by three companies

The global cloud market is dominated by three companies. AWS holds the largest share (roughly 30%). It’s followed by Microsoft Azure (about 20%) and Google Cloud Platform (about 13%).

All three service providers have had recent outages, significantly impacting digital service platforms. For example, in 2024, an issue with third-party software severely impacted Microsoft Azure, causing extensive operational failures for businesses globally.

Google Cloud Platform also experienced a major outage this year due to an internal misconfiguration.

Profound risks

The heavy reliance of the global internet on just a few major providers — AWS, Azure, and Google Cloud — creates profound risks for both businesses and everyday users.

First, this concentration forms a single point of failure. As seen in the latest AWS event, a simple configuration error in one central system can trigger a domino effect that instantly paralyses vast segments of the internet.

Second, these providers often impose vendor lock-in. Companies find it prohibitively difficult and expensive to switch platforms due to complex data architectures and excessively high fees charged for moving large volumes of data out of the cloud (data egress costs). This effectively traps customers, leaving them hostage to a single vendor’s terms.

Finally, the dominance of US-based cloud service providers introduces geopolitical and regulatory risks. Data stored in these massive systems is subject to US laws and government demands, which can complicate compliance with international data sovereignty regulations such as Australia’s Privacy Act.

Furthermore, these companies hold the power to censor or restrict access to services, giving them control over how firms operate.

The current best practice to mitigate these risks is to adopt a multi-cloud approach that enables you to decentralise. This involves running critical applications across multiple vendors to eliminate the single point of failure.

This approach can be complemented by what’s known as “edge computing”, wherein data storage and processing is moved away from large, central data centres, toward smaller, distributed nodes (such as local servers) that firms can control directly.

The combination of edge computing and a multi-cloud approach enhances resilience, improves speed, and helps companies meet strict data regulatory requirements while avoiding dependence on any single entity.

As the old saying goes, don’t put all of your eggs in one basket.

Jongkil Jay Jeong, Senior Fellow, School of Computing and Information System, The University of Melbourne

This article is republished from The Conversation under a Creative Commons license. Read the original article.