📚 Facebook Cambridge Analytica
Core Lesson: Data ethics, platform responsibility
📋 Overview
| Attribute | Detail |
|---|---|
| Subject | Ethics ESG |
| Core Lesson | Data ethics, platform responsibility |
| Source | HBS / Top MBA Case |
🕰️ Background
In 2018, it was revealed that Cambridge Analytica (a political consulting firm) had harvested the personal data of 87M Facebook users without their consent via a third-party quiz app. This data was used to create ‘psychographic profiles’ to target voters in the 2016 US election and Brexit. The scandal wiped $100B off Facebook’s market cap and led to CEO Mark Zuckerberg testifying before Congress.
❓ The Central Problem
Where is the line between ‘targeted advertising’ and ‘psychological manipulation’? The case explores the failure of oversight, the ethics of ‘data harvesting,’ and the responsibility of platforms for third-party developers.
📊 Analysis
Failures: (1) Platform Design: Facebook allowed the app to access data of ‘friends of users,’ meaning one person’s consent exposed 100 others. (2) Lack of Enforcement: Facebook knew about the data leak in 2015 but didn’t verify it was deleted. (3) Business Logic: Facebook’s growth-at-all-costs mindset prioritized developer access over user privacy. Result: The FTC fined Facebook $5B, and the case became the catalyst for GDPR enforcement and broader privacy regulation.
🔑 Key Lessons
- Data is a liability, not just an asset—if you collect it, you are responsible for its misuse
- Privacy is a ‘Systemic Risk’ for platforms—one bad actor can destroy the trust of millions
- Regulations (GDPR, CCPA) are often ‘Lagging Indicators’ of ethical failures in industry
- Board oversight must include technical and ethical risks, not just financial ones
🎓 Discussion Questions
- Was Zuckerberg personally responsible for the leak, or was it a structural failure?
- Can a business model based on ‘data mining’ ever be truly ethical?
- How did the Cambridge Analytica scandal change the definition of ‘informed consent’?
🔗 Connected Concepts
- Corporate Governance — Failure of oversight
- Stakeholder Theory — Users as stakeholders whose trust was violated
- Palantir Government Contracts — Companion data ethics case