Here's a great legal primer on the Facebook/Cambridge Analytica debacle by Andrew Keane Woods at Lawfare.
'[Aleksandr] Kogan did not need to get Facebook data through the back door," writes Woods, "He could waltz in through the front door — the door Facebook built for developers."
"This was not a breach of Facebook's network. But it was a breach of users' trust, general expectations and perhaps also Facebook's terms of service."
If you're Kogan, or Cambridge Analytica, expect lawsuits, public hearings and general regulatory hell. Maybe, in the extreme, jail time. If you're Facebook, expect lawsuits, public hearings, and general regulatory hell. Maybe, in the extreme, the end of the firm as we know it.
Facebook is hoping to pin this on two bad apples: Kogan and Cambridge Analytica. And bad apples they were. But this is a dangerous strategy. For Facebook, the claim that it was always upfront about how user data might end up in developer hands is a strategy that wins the battle but loses the war. If users and regulators decide that the firm did not do anything out of the ordinary—that this is just the way Facebook works—they may reasonably conclude that the firm itself is unacceptable. The EU's top privacy regulator, Věra Jourová, announced on Monday that she had reached out to Facebook and that "From a European Union perspective, the misuse for political purposes of personal data belonging to Facebook users — if confirmed — is not acceptable." This does not sound like the kind of small-bore complaint about a one-off problem, but rather the threat of a major reckoning.
It sounds like the kind of thing that should make Facebook want to hire really good antitrust lawyers.