The Securities and Exchange Commission is once again investigating Facebook, this time looking into whether the social media giant adequately warned investors that user data might have been illegally obtained.
The inquiry is the result of last year’s scandal, when it was revealed that up to 87 million Facebook users had their data shared with controversial research firm Cambridge Analytica, who then used it to help President Donald Trump get elected in 2016. Many of those approximately 87 million users were located in the United States.
Sources said the SEC has requested information from Facebook to understand how much the company knew about Cambridge Analytica’s use of the data, according to The Wall Street Journal. The agency also wants to know how Facebook analyzed the risk it faced if developers were to share data with others in violation of its policies.
Facebook and the SEC declined to comment.
This probe is in addition to investigations already being conducted by FBI, the Justice Department and Federal Trade Commission. The Justice Department and the Federal Trade Commission are also looking into how Facebook and other parties handled the breach, while the FTC is looking at whether Facebook violated a decree requiring it to get user consent for collecting personal data and sharing it with others.
In April, Facebook’s CEO Mark Zuckerberg faced two days of questioning before Congress about the scandal. Lawmakers repeatedly questioned if Facebook can be trusted to do with the data what it says it does. New Jersey Rep Frank Pallone was one of many legislators that noted the company failed to inform its users of Cambridge Analytica’s data harvesting campaign when they became aware of it — and that they weren’t living up to the responsibility of having so much consumer data on hand.
“For all the good it brings, Facebook can be a weapon for those, like Russia and Cambridge Analytica, that seek to harm us and hack our democracy,” he noted.
The company’s April quarterly investor filing said it could discover “additional incidents of misuse of user data or other undesirable activity by third parties” and said such incidents could “negatively affect user trust and engagement, harm our reputation and brands, and adversely affect our business and financial results.”