What happened in Cambridge Analytica data leak?

Cambridge Analytica

Brief History of Cambridge Analytica

Cambridge Analytica began with a British PR firm that’s been around for decades. It is, rather was, a data analytics firm which helps political campaigns target voters online.The firm is shutting down. The company and its parent company SCL claims to have built “5,000 data points on over 230 million American voters”allowing political campaigns to target voters susceptible to certain messages with precise accuracy. It was Facebook that really exposed data on up to 87 million Facebook users to a researcher who worked at Cambridge Analytica, which worked for the Trump campaign.

The company used its expertise at ‘psychological warfare’ and ‘influence operations’. It has long claimed that it has sophisticated understanding of human psychology that helps it target and persuade people in a manner that is  preferred by its clients’. Lately, its preferred buzzwords are focused on “big data” and “psychographic profiling.”

Cambridge Analytica’s, parent company is the Strategic Communication Laboratories Group — SCL Group, for short. The latter was founded in 1993 by a Britisher named Nigel Oakes. It is fundamentally a messaging and PR firm that has worked for governments, politicians, and militaries around the world. Its clients included governments and politicians in Indonesia, Thailand, Kenya, the UK, and elsewhere.

After 9/11, Western governments were eager to pay for such work, the firm then started to tout its alleged expertise at anti-terrorism and anti-jihadist messaging. Bannon, the person because of whom the came into existence, eventually became a senior adviser to Donald Trump. He was fired later.

How did Cambridge Analytica take user data?

Aleksandr Kogan, a Russian-American academic working at Cambridge University, made a personality quiz app on Facebook named “thisismydigitallife”. Users had to give consent to the app to give it access into their and their friends’ Facebook profiles. It is believed that more than 270,000 people used the app and took the quiz. Like a chain reaction, 87 million users’ profiles “may have been improperly shared” says Facebook. This is because the users gave consent to give the app access to their friends’ profiles.

It also seems that Bannon gave the new company its name because Kogan worked at Cambridge University. According to Facebook it had not given the firm any permission to collect data for a third party.  It also says that when it learned that Kogan had violated its rules, Facebook intervened got assurances from the perpetrators that they had deleted the data they collected. Now everyone knows it was not true.

Data breach?

Had it collected data just from the respondents of the quiz, it would not have been much of a problem. But the firm not only collected data from people who took the quiz, but it also collected data from the Facebook friends of the respondents of the quiz as well. On its’ defense, Facebook prohibited the intermediary from selling of data collected with this method, but Cambridge Analytica sold the data anyway.

According to Facebook, “The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked.”

Cambridge Analytica, US Presidential elections and Brexit

Cambridge Analytica has clearly denied that it used Facebook data in the Trump presidential campaign. Though no one can deny it was somehow involved in the whole process. A noteworthy fact is that the president’s former chief of staff and one of many campaign managers, Steve Bannon, was a stakeholder in the company, and previously a vice president on the company board.

Even on the other side of the Atlantic Ocean, Cambridge Analytica also found some work. Some reports claim that the Leave campaign in the EU referendum used the firm. On the contrary Arron Banks claims the company only proposed a tender but wasn’t hired.

Facebook faces similar situation

After cleaning its hands off the Cambridge Analytica data leak, Facebook ,ironically, seems to be stuck in a similar situation. Or worse. Some reports reveal that Facebook struck deals to allow over 60 smartphone makers ‘deep access’ to data on users and their friends, sometimes without their consent.

These data deals went even further from just improving convenience. Some device makers were ever allowed to access information on users and their friends’ relationship statuses, political leanings, locations, etc. This was done even when the user’s friends had not given their explicit consent. The deals helped Facebook expand its reach.

Facebook says that it disagrees with these accusations and that all deals were tightly controlled. Facebook’s vice-president for Product Partnerships, wrote, “All these partnerships were built on a common interest — the desire for people to be able to use Facebook whatever their device or operating system… Given that these APIs enabled other companies to recreate the Facebook experience, we controlled them tightly from the get-go. These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences.”

There is not a lot of clarity on what sort of deals were struck with different players. But the API would have given most manufacturers access to some data, thus breaching privacy of many users and putting the collected data into multiple uses.


Cambridge Analytica is shutting down. The revelations of this data leak saw multiple agitations of large multitude.

Facebook co-founder and CEO Mark Zuckerberg had been called to testify before a joint session of the Senate Commerce and Judiciary Committees after the Cambridge Analytica scandal, and he will likely face more questions from Congress on these data sharing deals. The company is also facing questions in the European Union over the same issue. It has already admitted that the data of 87 million users was compromised by the Cambridge Analytica breach.

All this has lead to stricter data privacy laws the world over. For instance the European Union has legislated a new privacy law, GDPR or General Data Protection Regulation. It is said to be  the most important data privacy regulation in the last 20 years. Countries, the world over are following its suit. Countries like India are pushing for localisation of data, something countries like China, Russia, Australia, Canada and several other countries have already implemented.

As a consequence of these data leakage scandals, stricter laws have been legislated that might prevent such privacy breaches in the future.


Image Credits: Shop Catalog

Leave a Reply

Your email address will not be published. Required fields are marked *