Updated, 4/10/2018 10:20am PT:
According to a report by Guardian Australia, only 53 Facebook users out of the total of 311,127 Australians impacted by the Cambridge Analytica data leak gave their consent to the quiz app made by the Cambridge Analytica partner, Aleksandr Kogan. This means that all the other Australians who had their data harvested by Cambridge Analytica were either friends of those who used the app or their data was obtained through other means.
In a similar case in New Zealand, 64,000 New Zealanders were affected by the same data leak, but only 10 of those people used the quiz app.
Australian privacy activists are also bringing into the spotlight the many issues surrounding online "consent" right now. These issues include the fact that consent seems to be irrevocable for online services, the contracts to which the users agree are unfair, and that users are overloaded with confusing information and legal concepts. Until these consent issues are fixed, scandals such as this one will likely continue to happen.
Updated, 4/5/2018 10:40am PT: Mark Zuckerberg confirmed that he will be present in both the U.S. Senate hearing on April 10, and the House hearing on April 11.
Meanwhile, the Office of Australian Information Commissioner also announced that it will open its own investigation into Facebook, following information that the data of over 300,000 Australian users has been accessed without authorization. The investigation will consider whether or not Facebook has violated the Australian Privacy Act 1998, but given the global nature of Facebook, it will also collaborate with other international regulatory authorities.
Updated, 3/26/2018, 8:25am PT: The U.S. Federal Trade Commission announced that it has started a "non-public investigation" into Facebook's practices:
The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honor their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act. Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.
Original article, 3/20/2018, 11:30am PT:
Multiple branches of the UK, EU, and U.S. governments announced that they will investigate what happened between Facebook and Cambridge Analytica. Facebook CEO Mark Zuckerberg has also been asked to testify before UK MPs and U.S. Senators.
The UK Information Commissioner’s Office (ICO) issued a Demand for Access to records and data belonging to Cambridge Analytica on March 7. However, ICO said that the company didn’t respond, so it asked a judge to issue a search warrant. After it obtained the warrant, the agency’s investigators found Facebook’s auditors in Cambridge Analytica’s offices. ICO asked the auditors to terminate their audit so it wouldn't interfere with the UK government’s own investigation.
Now, UK MPs are also demanding that Zuckerberg come to testify before a select committee formed recently to deal with the rise of fake news. In a letter sent to Facebook, Damian Collins, the chairman of the committee, accused Zuckerberg of “misleading” his committee at a previous parliamentary hearing. Implying that Facebook is the party most responsible for the recent data leak, Collins added that:
It is now time to hear from a senior Facebook executive with the sufficient authority to give an accurate account of this catastrophic failure of process.
As soon as the news came out about Cambridge Analytica and Facebook, EU Justice Commissioner Věra Jourová said she would look into the situation, because this sort of data leak is not acceptable:
Antonio Tajani, the new European Parliament President, also confirmed that there will be an investigation from the European Parliament, too:
U.S. Senate Investigations
Senator Ron Wyden sent a letter to Facebook blaming the company for making it so easy for third parties to harvest user data:
The troubling reporting on the ease with which Cambridge Analytica was able to exploit Facebook’s default privacy settings for profit and political gain throws into question not only the prudence and desirability of Facebook's business practices and the dangers of monetizing consumers' private information, but also raises serious concerns about the role Facebook played in facilitating and permitting the covert collection and misuse of consumer information.
With little oversight—and no meaningful intervention from Facebook—Cambridge Analytica was able to use Facebook-developed and marketed tools to weaponize detailed psychological profiles against tens of millions of Americans.
Senator Wyden also reminded Facebook that in 2011 it entered into an agreement with the FTC, under which the company was required to maintain "a comprehensive privacy program that is reasonably designed to address privacy risks related to the development and management of new and existing products and services for consumers, and protect the privacy and confidentiality of covered information."
According to Bloomberg, the FTC wouldn’t comment on whether or not it will investigate Facebook over the Cambridge Analytica issue, but the agency said that it takes any violations of the agreement with Facebook seriously.
The Senate Commerce Committee also sent a letter to Facebook in which it asks the company to brief it on how Facebook shares user data with other companies.
The Senate Judiciary Committee is also considering its own hearing, in which it would invite not just Facebook, but also Alphabet (Google’s parent organization), and Twitter to testify on how third-parties can harvest their users’ data without proper consent.
The common thread for most of the investigations seems to be that the authorities believe Facebook is the primary party responsible for the data leak. A former Facebook employee who used to be in charge of dealing with such leaks recently confirmed that Facebook's rules for how it shares data with third parties are still too lax, and it's why companies such as Cambridge Analytics were able to harvest so much data in the first place.