Latin America

Facebook: A decade of data scandals and controversies

Gaby Baizas
Facebook: A decade of data scandals and controversies
Facebook faces a number of incidents that compromised users' privacy. Here's how they dealt with the controversies in the last 10 years.

MANILA, Philippines – Social media giant Facebook undoubtedly rose in popularity in the last decade, but not without a few snags in protecting the privacy of its users.

Fifteen years since the platform was released, Facebook now boasts a whopping 2.45 billion monthly active users, and owns the top 4 downloaded mobile apps of the decade. On the flip side, the company also faced several issues in ensuring user information won’t be compromised, even long before the infamous Cambridge Analytica scandal broke.

Here’s a rundown of the notable events that happened to Facebook over the last 10 years:



Facebook launched Open Graph, a platform that allowed external developers to request access to user data. This included the user’s name, gender, location, birthday, and education.


The Wall Street Journal reported that many of the popular apps on Facebook have been transmitting “identifying information” — such as users’ names, as well as the names of their friends — to advertising and internet tracking companies.



Facebook launched Tag Suggestions, its facial recognition feature, which allows users to automatically identify their friends in photos. A group of European Union data-protection regulators announced they would probe into the new feature, to see if it violated any privacy rules.


The Federal Trade Commission announced a broad settlement that required Facebook to “respect the privacy wishes of its users” for the next 20 years, The New York Times reported. The order comes from a December 2009 incident where Facebook made users’ private information public without their consent.


In the company’s IPO prospectus, Facebook stated they expect to run into future issues regarding user privacy. 

The company stated their “efforts to protect [users’] information” may be unsuccessful due to the actions of third parties, software bugs, or other technical malfunctions.



Facebook launched Graph Search, which helps users find people, photos, and places connected to certain keywords or users’ interests. Facebook CEO Mark Zuckerberg claimed it is “privacy-aware,” only giving users access to content already previously shared with them.


A developer tried to report a bug to Facebook’s security team. But when no one responded, he exploited the bug and hacked Zuckerberg’s personal page.


Facebook changed its privacy rules to ensure third-party apps could only access user data after gaining permission.



The Guardian revealed political consulting firm Cambridge Analytica was working for Ted Cruz’s US presidential campaign. Cambridge Analytica researchers gathered “detailed psychological profiles” about the electorate from unwitting Facebook users through a survey.


CAMBRIDGE ANALYTICA. The firm that helped Donald Trump win the US elections also used Filipinos' data to help Rodrigo Duterte win in the Philippines.


Both the Philippines and the United States held their presidential elections in May and November, respectively. Presidents Rodrigo Duterte and Donald Trump were elected by their respective countries, and it is later revealed British political consulting firm Cambridge Analytica had a hand in both presidential races. 

The Philippines becomes “patient zero” in the era of disinformation, and both a target of and testing ground for new tactics in propaganda-spreading information operations. The year is a turning point for the social network, transforming almost overnight from beloved online community “bringing the world closer together” to the world’s most controversial tech company. 



Malacañang defended Duterte for using Facebook to campaign during the 2016 presidential elections, as then-presidential spokesperson Harry Roque said it would be “foolhardy” for any political candidate not to use the social media platform as a campaign tool. 

The statement came after a controversial US interview with Mark Zuckerberg about training politicians on how to maximize Facebook as a campaign tool:




Cambridge Analytica whistleblower Christopher Wylie revealed to The Guardian and The New York Times that the firm harvested personal information from an initial estimated 50 million profiles.

The data was harvested through thisisyourdigitallife, an app created by Aleksandr Kogan where around 270,000 users were paid to answer questions, giving Kogan access to data from millions of profiles.

Cambridge Analytica initially denied they harvested users’ data but suspended CEO Alexander Nix 3 days after the scandal broke.


Facebook later reported that up to 87 million profiles had their data harvested in the scandal. Of the 87 million, 70.6 million users were from the United States, and the Philippines came in second with 1.2 million users.

In a Rappler exclusive, Wylie revealed Cambridge Analytica’s parent company already had its roots in the Philippines before the scandal broke.

The Philippines’ high social media usage and lack of regulation made it lucrative for the firm to test their strategies before implementing them in western countries with stricter restrictions. Later, whistleblower Wylie would call the country the “petri dish” for these disinformation tactics. 


UK watchdogs announced they would charge Facebook a preliminary fine of $664,000 for “serious breaches of data protection law.”


The Guardian reported that Facebook targeted users with location-based advertisements, even if users blocked the company from accessing GPS on their phones, or even if users never used the platform’s check-in feature.



The Wall Street Journal reported Facebook could access users’ sensitive health records and information, such as a person’s menstruation cycles and heart rates.


Facebook acknowledged a bug that caused hundreds of millions of user passwords to be stored as plaintext in an internal platform, which could be accessed by thousands of Facebook employees. The passwords dated back as far as 2012.

Shutterstock photo


Facebook announced the launch of cryptocurrency Libra. Global regulators demanded guarantees on how Facebook would protect users’ financial data.


The Federal Trade Commission approved a $5-billion penalty for Facebook.

ZUCKERBERG. In this file photo taken on September 19, 2019 Facebook CEO Mark Zuckerberg walks to meetings for technology regulations and social media issues on Capitol Hill, in Washington, DC. Photo by Brendan Smialowski/AFP


Zuckerberg testified at the US House of Representatives on his company’s plans for Libra.

He also defended his company’s policy of refraining from fact-checking politicians, saying it’s not the job of tech firms to “censor.”


Amid criticism from lawmakers and employees, as well as Twitter’s outright ban on political advertising, Zuckerberg again defended his company’s decision to allow false political advertisements on Facebook. He said that people in a democracy “should be able to see for themselves what politicians are saying.”  Kaye Cabal/

Add a comment

Sort by

There are no comments yet. Add your comment to start the conversation.

Gaby Baizas

Gaby Baizas is a digital forensics researcher at Rappler. She first joined Rappler straight out of college as a digital communications specialist. She hopes people learn to read past headlines the same way she hopes punk never dies.