The situation
In 2014, Facebook allowed third-party app developers broad access to user data — including data on the user's friends, who had not consented. Cambridge Analytica, a UK political-consulting firm, used a personality quiz app to harvest data from approximately 87M Facebook users. The data was reportedly used to develop psychographic profiles for political microtargeting in multiple campaigns including the 2016 US presidential election and Brexit.
What Facebook (Meta) did
In March 2018, the Cambridge Analytica scandal broke through reporting in The Observer and The New York Times. Facebook initially attempted to characterize the issue as a Cambridge Analytica problem rather than a Facebook problem. CEO Mark Zuckerberg's initial silence (5 days) and subsequent congressional testimony were widely criticized. Facebook lost $100B+ in market cap in the following months. The scandal triggered the European Union's GDPR enforcement (May 2018), the California Consumer Privacy Act (2020), and ongoing global privacy regulation. Cambridge Analytica filed for bankruptcy in May 2018.
The mechanics — step by step
- Third-party app data access policies
- 87M users' data harvested
- Used in political microtargeting
- Initial Facebook silence and characterization
- Zuckerberg congressional testimony
- GDPR enforcement begins
- $100B+ market cap loss
- Multi-billion dollar fines globally
Outcome and numbers
Facebook (now Meta) has paid over $5B in FTC fines plus billions in EU penalties. The firm has substantially restructured its data-sharing policies. Trust in the platform measured by global surveys remains depressed. The case has been a turning point in technology regulation and data ethics.
Why this case is on every syllabus
The Facebook-Cambridge Analytica case is taught across business ethics, data privacy, crisis communication, and regulatory compliance courses. It illustrates the consequences of data-permissive business models and the slow recognition of regulatory and ethical risk.
How to cite Facebook (Meta) in a paper
Cite Facebook-Cambridge Analytica when discussing data ethics, regulatory compliance, crisis communication, or platform business risks. Use the 87M users and GDPR enforcement as specific evidence.
Three takeaways students miss
- Data-permissive business models accumulate hidden liability
- Initial silence in crises amplifies damage
- Platform business models face regulatory risk that scales with size
- Data privacy now regulated globally
- Trust takes years to rebuild after data scandals