Facebook Allows Cambridge Analytica to Harvest 87 Million Profiles Without User Consent
What happened
Cambridge Analytica acquired detailed psychological profiles on 87 million Facebook users via a quiz app that exploited Facebook's Graph API to harvest friend data without their consent. The data was used in targeted political advertising for Brexit and the 2016 US presidential campaign, triggering regulatory investigations on multiple continents.[1]
What went wrong
Facebook's Graph API allowed third-party apps to collect data on users' friends without those friends' consent. This policy was known to Facebook but not adequately disclosed to users. When Facebook learned of the data misuse, it accepted assurances it had been deleted rather than verifying compliance.[1]
Lesson learned
API data access policies must reflect the consent of those whose data is exposed, not just the consent of the direct user. Platform companies cannot accept unverified compliance assurances for sensitive data — contractual promises require technical enforcement.
Sources
- [1]
External links can go dark — pages move, paywalls appear, domains expire. Every source above includes a Wayback Machine snapshot link as a fallback. All citations are best-effort research; if a source contradicts our summary, the primary source takes precedence.