Another data-point to flesh out the Facebook data misuse scandal: The company has informed the European Commission that a total of 2.7 million EU citizens had their information improperly shared with the controversial political consultancy, Cambridge Analytica (via Reuters). Facebook had already revealed a breakdown of the top ten markets of affected users. But in the list of countries it published the only EU nation was the UK — which it said could have up to almost 1.08M affected users. So up to a further million EU citizens could also have had their data swiped as a result of the scandal, without their knowledge or consent. Privacy is a fundamental right under the bloc’s legal regime so the improper sharing of millions of EU citizens’ data could have legal consequences for the company. “Facebook confirmed to us that the data of overall up to 2.7 million Europeans or people in the EU to be more precise may have been improperly shared with Cambridge Analytica . The letter also explains the steps Facebook has taken in response since,” an EC spokesman told Reuters. At the time of writing Facebook could not immediately be reached for comment. The company is a signatory to the EU-US Privacy Shield framework; a mechanism which came into force in mid 2016 — replacing the invalidated Safe Harbor arrangement which had stood for 15 years — intended to simplify the process of authorizing transfers of EU citizens’ personal data across the Atlantic. Companies on the Privacy Shield list self-certify to adhere to a set of privacy principles. However they can be removed if they are determined to have violated their obligations — with the US’ FTC acting as the enforcement authority. The same federal watchdog is now investigating Facebook as a result of the Cambridge Analytica data misuse scandal.  Nor is this the first time the FTC has probed Facebook’s actions in relation to user privacy. In 2011 it charged the company over deceptive privacy claims. In the subsequent FTC settlement Facebook committed to giving users “clear and prominent notice” and to obtaining their consent before sharing their information beyond their privacy settings. Facebook will now need to explain to the FTC how its actions in 2013-2015 mesh with that earlier consent agreement. In mid 2015 the company finally tightened app permissions’ settings for all developers on its platform. But prior to that these had been lax enough for vast…

Source: TechCrunch – Social Facebook data scandal also affects 2.7M EU citizens