Facebook has admitted up to 2.7 million people in the EU may have been caught in the Cambridge Analytica scandal, the bloc announced on Friday, saying its top data official will demand more answers from the social media giant next week.
The EU justice commissioner Vera Jourova will hold phone talks with Facebook’s chief operating officer Sheryl Sandberg to discuss what the company is doing to address the breach, which it says may have affected 87 million people around the world.
The EU wrote to Facebook last week to ask how many Europeans were affected by the growing scandal over the harvesting of personal data which was then shared with British political consultancy Cambridge Analytica.
“Facebook confirmed to us that the data of overall up to 2.7 million people in the EU may have been improperly shared with Cambridge Analytica,” spokesman Christian Wigand told reporters.
“We will study the letter (from Facebook) in more detail but it is already clear that this will need further follow-up discussions with Facebook,” Wigand said.
The scandal comes amid growing concern in Europe about the use online companies make of their customers’ personal data and the spread of “fake news” on the web.
There are particular worries about Russian meddling in European elections by spreading disinformation and discord through social media, and Wigand said the EU expected Facebook to address “broader questions on the democratic process”.
Facebook chief Mark Zuckerberg said on Thursday that around the world as many as 87 million people could be affected by the Cambridge Analytica breach, which has sent the company into turmoil and raised questions about data protection for the entire tech sector.
The data at the centre of the controversy was obtained from a personality quiz app downloaded by some 300,000 people. It gathered details about their Facebook friends without their knowledge — permitted by Facebook’s rules at the time.
Reports suggest the data was then used by Cambridge Analytica as part of its work on Donald Trump’s 2016 presidential campaign, though the British firm denies this.
Zuckerberg acknowledged the company had not done enough to protect user data, saying it must take a more serious approach after years of being “idealistic” about how the platform is used.
The Italian competition authority Antitrust said on Friday it had opened an investigation into Facebook for “alleged improper commercial practices” by not adequately informing users about data-gathering.
According to the Italian news agency AGI, just over 214,000 Italians could be affected, based on the 57 Facebook users who installed the personality quiz application.
The EU is preparing to launch tough new data protection rules next month, under which companies could be fined up to four per cent of their global turnover for breaches.
On May 25, the General Data Protection Regulation will come into effect, strengthening the protection of EU citizens’ personal details. It will apply to all companies, including those outside of the EU.
“If a company collects a person’s data for a certain purpose, it has to obtain their consent — and under the new rules it’s explicit and affirmative consent — if it wants to forward it to a third party or use it for a different purpose,” Wigand said.
“The new rules also include the obligation for the data processor to inform the consumer swiftly of a possible data breach — within 72 hours.”
Facebook has said its new terms of service would provide clearer information on how data is collected and shared without giving the social network additional rights.