The Cambridge Analytica scandal (March 2018) exposed how political consulting firm harvested 87 million Facebook users’ data without consent to build psychological profiles for targeted political ads during 2016 Trump campaign and Brexit. The revelations triggered #DeleteFacebook movement, congressional hearings, and $5B FTC fine—though Facebook recovered.
The Whistleblower (March 17, 2018)
Christopher Wylie, former Cambridge Analytica employee, revealed to The Guardian and New York Times how firm exploited Facebook’s data policies: researcher Aleksandr Kogan created personality quiz app collecting not just quiz-takers’ data but their friends’ data—87M people total.
Cambridge Analytica (funded by Robert Mercer, run by Steve Bannon pre-2016) used this data to create psychographic profiles, targeting “persuadable” voters with tailored ads during Trump campaign and Brexit referendum.
Facebook’s Complicity
Facebook knew about data breach in 2015 but only requested deletion, didn’t verify or inform users. The platform’s lax API policies enabled data harvesting. Zuckerberg later admitted “breach of trust.”
March 21: Zuckerberg issued apology. March 25: #DeleteFacebook trended as celebrities (Cher, Will Ferrell) and WhatsApp co-founder Brian Acton urged users to quit. Facebook lost $100B market value in days.
The Hearings
April 10-11, 2018: Zuckerberg testified before Congress over 10 hours. Senators’ tech illiteracy (“How do you sustain business model where users don’t pay?” / “Senator, we run ads”) went viral as memes. Zuckerberg apologized repeatedly but faced little accountability.
European Parliament, UK Parliament held separate inquiries. Zuckerberg sent deputies or declined to appear, angering MPs.
The Legal Consequences
FTC fined Facebook record $5B (July 2019) for privacy violations and required privacy oversight. But fine was 9% of Facebook’s annual revenue—cost of doing business.
Cambridge Analytica shut down (May 2018) but executives started new firms. Criminal investigations fizzled. Data remained in wild.
The GDPR & Privacy Awakening
EU’s GDPR (General Data Protection Regulation) went into effect May 2018, partly motivated by scandal. US considered federal privacy law but tech lobby blocked it. California passed CCPA (2020).
Long-Term Impact
Facebook survived: users briefly dipped, then resumed growth. The scandal accelerated techlash—bipartisan hostility toward Big Tech. But concrete reforms remained elusive. Surveillance capitalism business model persisted.
Read more: