Social media giant Facebook has now admitted that as many as 87 million people – one million of whom are based in the UK – could have had their data improperly shared with Cambridge Analytica. Facebook CEO Mark Zuckerberg has admitted that issues with the sharing of data stored on his site could have affected 37 million more people than was first believed to be the case.

The issue came to light when a young employee of Cambridge Analytica opted to ‘blow the whistle’ regarding the illegal data sharing.

Data analysis company Cambridge Analytica – which worked on the Leave campaign in the Brexit referendum, and for Donald Trump’s successful presidential campaign – was seeking to develop software that would predict the behaviour of voters in elections, and to do this it accessed the Facebook profiles of millions of users. Not only did Facebook incorrectly allow individuals’ data to be accessed in this way, but it compounded its offence by failing to admit that it knew about the improper practices as far back as 2015.

Cambridge Analytica claims to have obtained the personal data from the creator of an app called This Is Your Digital Life, which contains a personality questionnaire. It maintains that it was unaware that the data had been improperly obtained and says that the data was deleted as soon as it became aware of the issues. It should also be noted that Cambridge Analytica disputes Facebook’s 87 million figure and says that it accessed the data of no more than 30 million people.

Facebook has confirmed that any app which requests access to information in the future will be subject to strict new requirements. For example, these apps will no longer be allowed access to sensitive personal information such as religious or political views or a person’s relationship status. Nor will they receive information relating to a user’s education, work history or news consumption habits.

Additionally, it will no longer be possible to access the guest list or event wall of any event listed on Facebook.

Facebook added that the new safeguards iit is introducing in Europe, in order to comply with the European Union’s General Data Protection Regulation, will also be applied to its activities across the globe.

The company has also updated its terms of service document and its data use policy.

From April 9, Facebook users may notice that a new link has appeared at the top of their news feed. This will allow them to see what apps they use and what information has been shared with those apps. This will also allow users to see if their data has been accessed by Cambridge Analytica.

Most data protection breaches are not of the same scale as this story. However, companies across all business sectors, large or small, must take the issue of data protection very seriously. Companies must explain to their customers what data they will be collecting, why this is necessary, and to whom that data might be passed. Companies cannot collect data unless they actually need to know the information contained in it, and once it is no longer required, the data must be destroyed. Privacy notices must clearly explain to customers what a company’s legal basis for processing data is, together with how long they will retain the data for.

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article.