>Cambridge Analytica used the Facebook API to ask users to share data about them & their friends. Stupid users agreed to that.
Stupid users aren't allowed to say yes to share personal information on their friends. Only the friends are. That is how it should be. An API should never give access to other users data than the one who agreed. Luckily because of GDPR they now can't, though the same rules were there in most of the EU already so it was always illegal at least some of it. IMO the rules should be even tighter and the punishments harsher.
Stupid users aren't allowed to say yes to share personal information on their friends. Only the friends are. That is how it should be. An API should never give access to other users data than the one who agreed. Luckily because of GDPR they now can't, though the same rules were there in most of the EU already so it was always illegal at least some of it. IMO the rules should be even tighter and the punishments harsher.