Today Facebook reported that information for up to 87 million people may have been improperly obtained by research company GSR. Cambridge Analytica licensed data for no more than 30 million people from GSR, as is clearly stated in our contract with the research company. They claim to have not received more data than this.
They did not use any GSR data in the work they did in the 2016 US presidential election.
Their contract with GSR stated that all data must be obtained legally, and this contract is now a matter of public record. They took legal action against GSR when they found out they had breached this contract.
When Facebook contacted them to let them know the data had been improperly obtained, they immediately deleted the raw data from the file server, and began the process of searching for and removing any of its derivatives in their system.
When Facebook sought further assurances a year ago, Cambridge Analytica carried out an internal audit to make sure that all the data, all derivatives, and all backups had been deleted, and gave Facebook a certificate to this effect.
Cambridge Analytica is now undertaking an independent third-party audit to demonstrate that no GSR data remains in their systems.