Facebook–Cambridge Analytica data scandal

In 2010, Facebook redesigned its platform and added open graph tools, including their Graph API v1.0. With this tool, developers could now see social connections between people and see the connections people have based on their interests and likes. The main feature of this Graph API that led to the 2018 Cambridge Analytica scandal was the newfound ability for a developer to have access to each user's friends list and all their friend's data with the consent of just one user.

Facebook's rules in 2010 were too permissive. If you are a user with 500 friends, it would only take 1 of those friends to give access to a third party app their friend list, and have that data stored by that third party app without your direct consent. The data we're referring to is everything that would appear on your about me section of your profile, including actions, activities, birthday, check-ins, history, events, games activity, groups, hometown, interests, likes, location, photo tags, photos, relationship details, religion, politics, and the list goes on. More than enough data for a 3rd party to profile you and target you, based on the actions of a single user. And it's likely that one of your friends did not do anything on the apps permission window but say "yes" so they could take that funny personality quiz.

This allowed applications to scale to millions of users very quickly. They exploited Facebook user data and the Facebook platform to spread virally. It seems clear that Facebook knew this, since it was the reason Facebook shut down Twitter access to Facebook "finding friends", and later to Google, Vine and Yandex.

Cut to 2014, Facebook shuts down their Graph API to everybody, including the ability to look for friend's data. And even though they shut down the Graph API, developers with contracts already signed could still access the API for 1 year to avoid the breakage.

The original intent of the Graph API was to help developers make links between users based on interest, and create new connections. For example, if you have 4 friends that like the same restaurant, why not propose that you all go there together? This was how Cambridge Analytica was able to mine data from 50 million users, stemming from consent from only 1 million users based on a 3rd party app.
— Ronnie Mitra (June 15, 2018) How the facebook API led to the Cambridge Analytica Fiasco apiacademy.co
Pada awal April 2018, Facebook merilis sekitar 87 juta data pengguna media sosial telah dicuri oleh Cambridge Analytica. Indonesia menjadi negara ketiga terbesar korban pencurian data pribadi akun Facebook.

Badan Reserse Kriminal Kepolisian Negara RI akan memeriksa perwakilan Facebook di Indonesia pekan depan. Komisi I DPR juga akan mengundang pihak Facebook untuk meminta penjelasan atas kasus kebocoran data pribadi WNI di platform media sosial tersebut.

Kepala Divisi Humas Polri, Inspektur Jenderal Setyo Wasisto menuturkan, Direktorat Tindak Pidana Siber Bareskrim telah menghubungi perwakilan Facebook di Indonesia untuk hadir dalam pemeriksaan kasus kebocoran data warga Indonesia pekan ini. Namun Facebook meminta penjadwalan ulang karena masih memerlukan waktu untuk menghimpun data akun WNI yang dicuri lembaga konsultan politik yang berpusat di London, Cambridge Analytica. "Mereka meminta waktu untuk mengumpulkan data sehingga agenda pemeriksaan ditunda pekan depan," ujar Setyo, Kamis kemarin. Keterangan perwakilan Facebook di Indonesia diperlukan Bareskrim Polri tengah mengumpulkan saksi dan alat bukti dalam penyelidikan kasus kebocoran data pribadi di Facebook. Penyidik ingin mendengarkan langsung penjelasan Facebook mengenai hal itu.

Hal serupa juga disampaikan Ketua Komisi I DPR dari Fraksi PKS, Abdul Kharis Almasyhar. DPR awalnya telah memanggil Facebook untuk memberi penjelasan pada Rabu, 11 April 2018 lalu. Akan tetapi, agenda itu diundur hingga 17 April mendatang karena Facebook masih fokus memberikan penjelasan di Senat dan DPR Amerika Serikat.

Kharis menambahkan, Komisi I DPR juga telah membentuk Panitia Kerja Perlindungan Data Pribadi. Setelah meminta penjelasan Facebook, perwakilan sejumlah platform media sosial lain, di antaranya Twitter dan Instagram, juga akan dipanggil.
— SAN (13 April 2018) "Polisi Panggil Facebook Soal Bocornya Data" Kompas. hal 2