Information Commissioner’s Office has fined Facebook with the maximum amount allowed prior to GDPR (£500,000), after finding “serious breaches of data protection law” between 2007 and 2014. This is related to the previous business model of Facebook that gave app developers access to the personal data not only of the app users, but also their friends (even if they were not using the app), which allowed for the massive data harvesting that lead to the Cambridge Analytica scandal.
You can read the full press release here.
Some other suggested reading is this article – My Cow Game Extracted Your Facebook Data, as well as this short clip explaining how Facebook uses psychological factors to profile users, and how the Cambridge Analytica data harvesting happened.