Alongside London-based elections consultancy Cambridge Analytica, the social media giant is at the center of an ongoing dispute over the alleged harvesting and use of personal data. The allegations have heightened concerns over whether such data was then used to try and influence the outcome of the 2016 U.S. presidential election and the Brexit vote.
Ahead of Facebook founder and CEO Mark Zuckerberg's appearance on Capitol Hill on Tuesday, CNBC takes a look at exactly how the tech behemoth ended up in the midst of a media firestorm.
In April 2010, Facebook announced the launch of a platform called Open Graph to third-party apps. This update allowed external developers to reach out to Facebook users and request permission to access a large chunk of their personal data — and, crucially, to access their Facebook friends' personal data too.
If accepted, these apps would then have access to a user's name, gender, location, birthday, education, political preferences, relationship status, religious views, online chat status and more. In fact, with additional permissions, external sites could also gain access to a person's private messages.
Less than five weeks after Facebook launched Open Graph API version 1.0 for developers, Zuckerberg wrote an op-ed for The Washington Post in which he vowed to resolve users' concerns about how their personal information was being managed.
He said: "We have also heard that some people don't understand how their personal information is used and worry that it is shared in ways they don't want. I'd like to clear that up now."
Cambridge academic Aleksandr Kogan and his company Global Science Research created an app called "thisisyourdigitallife" in 2013. The app prompted users to answer questions for a psychological profile.
Almost 300,000 users were thought to have been paid to take the psychological test — with the app then harvesting their personal data. It also gathered data from their Facebook friends, which reportedly resulted in Kogan having access to the data of millions of Facebook profiles.
In 2014, Facebook adapted its rules to limit a developer's access to user data. This change was made to ensure a third-party was not able to access a user's friends' data without gaining permission first.
However, the rule changes were not retroactively imposed— and Kogan did not delete the data thought to have been improperly acquired.
In late 2015, The Guardian reported that Cambridge Analytica was helping Ted Cruz's presidential campaign. The report suggested the Republican candidate was using psychological data based on research spanning tens of millions of Facebook users in an attempt to gain an advantage over his political rivals — including Donald Trump.
In response to the story, Facebook said that when it learned about the data leaks, it sought to ban Kogan's app and legally pressured both Kogan and Cambridge Analytica to remove all of the data they had improperly acquired. The social media giant claims both Kogan and the London-based elections consultancy firm certified that the data had been deleted.
Ahead of the U.S. presidential election, Trump's campaign team began investing heavily in Facebook ads. The move involved the help of Cambridge Analytica and — during an undercover sting operation — the company's managing director, Mark Turnbull, told Britain's Channel 4 News that the firm was responsible for the "Defeat Crooked Hilary" video campaign on Facebook.
In an explosive expose published in mid-March, The Guardian and The New York Times initially reported that 50 million Facebook profiles were harvested for Cambridge Analytica in a major data scandal. This number was later revised to as many as 87 million Facebook profiles.
The articles sought to outline how the data of millions of Facebook users ended up being given to Cambridge Analytica.
Christopher Wylie, a co-founder of the political data analytics firm, revealed the alleged practices to both newspapers. Wylie claimed the data sold to Cambridge Analytica was then used to develop "psychographic" profiles of people and deliver pro-Trump material to them online.
Cambridge Analytica has since denied any of Kogan's data was used in connection to the Trump campaign.
The Federal Trade Commission (FTC) opened an investigation into whether Facebook had violated a settlement reached with the U.S. government agency in 2011 over user privacy protections.
Meanwhile, U.S. lawmakers urged Zuckerberg to testify before Congress.
In a Facebook post published several days after the initial reports, Zuckerberg eventually responded to the continued fallout over the data scandal.
He said: "We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again."
Zuckerberg also announced the social media giant would no longer allow app developers to access its users' data after three months of inactivity and it would reduce the amount of information people are required to hand over to third parties. Facebook would also look to audit all apps with access to large amounts of data before 2014, he added.
Around two weeks after the reports were published, Zuckerberg took out full-page ads in a number of British and American newspapers to apologize for a "breach of trust."
"I'm sorry we didn't do more at the time. We're now taking steps to ensure this doesn't happen again," he said in ads appearing in The New York Times, The Washington Post and The Wall Street Journal in the U.S., as well as in the U.K.'s The Observer, The Sunday Times, The Mail on Sunday, Sunday Mirror, Sunday Express and The Sunday Telegraph.
Zuckerberg is scheduled to appear before a joint hearing of the Senate Judiciary and Commerce committees on Tuesday. It is one of two Capitol Hill appearances for the Facebook founder and CEO this week, with Zuckerberg due to appear before the House Energy and Commerce Committee on Wednesday.
In prepared remarks, Zuckerberg said: "Over the past few weeks, we've been working to understand exactly what happened with Cambridge Analytica and taking steps to make sure this doesn't happen again."