Skip to Content


The impact of the Facebook- Cambridge Analytica scandal on GDPR

The Facebook-Cambridge Analytica data scandal has dominated the news recently, and with nearly 2 billion Facebook users worldwide, the news that data has been used without authorisation has prompted worldwide interest.

What is the Facebook-Cambridge Analytica data scandal?

In 2014, Cambridge Analytica – a political consultancy firm – began gathering users’ personal data via a Facebook-linked app. It is estimated that up to 87 million users have been affected, and whilst these users knowingly downloaded the app ‘thisisyourdigitallife’ via Facebook, and provided their information via a personality test, the premise behind the data collection being for academic purposes was wrong. The data was actually used to profile users and predict their voting patterns.  This information was then sold to Donald Trump ahead of the 2016 election and was used to target people via ads to influence the US election.

Although this is not a data breach (the users had agreed to complete the test and share their information), no systems were hacked or data stolen. The Cambridge Analytica app also pulled data from all of the users’ friends and this is where the issue lies – these users had not given consent for their information to be used.

The scandal has caused huge controversy, with Facebook CEO Mark Zuckerberg publicly apologising for the incident and promising to protect users’ data and make changes to avoid future incidences.

So, how will Facebook handle the upcoming General Data Protection Regulation?

The changes to the way EU data is handled comes into force on 25 May 2018. Up until now companies have been fairly blasé about the change in law, with many believing they can make a half-hearted effort to comply without any penalty.  However, with the recent Facebook scandal and public trust in Facebook being at an all-time low, the world has woken up to data privacy issues and are beginning to realise the right they have to their own data.

Although Facebook has publically said it will comply with the EU GDPR changes, its actions say otherwise. Like many large corporates, Facebook took advantage of the low tax rates in Ireland in 2008 to set up its international headquarters. Having their headquarters within the EU now make them eligible for GDPR. Today, Reuters have exclusively announced that Facebook is planning to reduce the number of users that fall under the EU law by changing the way they process users’ data. Up until now, 1.9 billion Facebook Inc. users would be protected by the changes in European law currently governed under the terms of service in Ireland. Facebook is looking to change this so that only European users will be protected leaving the rest of the world, or 1.5 billion users, to not be protected by the new changes.

Not complying with GDPR can result in hefty fines of 4% of global annual revenue, which for Facebook could run into billions of dollars. The benefits are clear to see for Facebook but the benefit to the individual user is less clear.

People are becoming more aware of the data they are sharing online and are more cautious about how and when this data is used. The upcoming changes to the EU data privacy law will only highlight this and will mean that companies, large or small, will need to comply to not only avoid the penalties of the ICO but also maintain public trust within their organisation.

If you haven’t started your journey to GDPR compliance then now is the time. You have little over a month left. Our recent blog posts and Slideshare deck will help get you up to speed on the changes you need to make by 25th May 2018. Alternatively, you can speak to one of our sales team on 01344 758700 or email us on