US regulators concluded Friday that British consultancy Cambridge Analytica — at the center of a massive scandal on hijacking of Facebook data — deceived users of the social network about how it collected and handled their personal information.
The Federal Trade Commission said its investigation launched in March 2018 concluded that the now-defunct political consulting firm “engaged in deceptive practices to harvest personal information from tens of millions of Facebook users for voter profiling and targeting.”
The FTC said the British firm, which worked on Donald Trump’s 2016 presidential campaign, made “false and misleading” claims when it offered Facebook users a “personality quiz” — stating it would not download names or any personally identifiable information.
The case created a firestorm over data protection when it was disclosed that Cambridge Analytica was able to create psychological profiles using data from millions of Facebook users through the harvesting of the data.
The personality prediction app was downloaded by 270,000 people but also scooped up data from their friends, and fed into an effort by the firm to predict the behavior of individual US voters.
It was not immediately clear what impact the FTC findings would have.
The FTC issued an order which prohibits Cambridge Analytica — which closed in 2018 — from making false misrepresentations on how it handles personal data, and requires compliance with a US-EU privacy agreement.
The FTC reached a settlement earlier this year with Cambridge Analytica’s former CEO Alexander Nix and app developer Aleksandr Kogan that requires them to delete or destroy any personal information they collected.
The company claimed in 2018 it had been ruined by “numerous unfounded accusations” that made it impossible to keep the business afloat.
Facebook’s own investigation found that some data from 87 million users in the US and elsewhere had been compromised by the firm, and claimed the practices violated the social network’s terms of service.
Facebook, which did not immediately respond to a query on the FTC decision, paid a record $5 billion penalty early this year in a settlement with the regulator over mishandling users’ private data.
