Embattled data analytics firm Cambridge Analytica (CA) has shut its doors, just weeks after it was revealed that the firm – which claimed previous involvement in more than 200 elections around the world – had obtained and used the data of more than 80 million Facebook users without their consent.

In announcing its insolvency, CA noted its “unwavering confidence that its employees have acted ethically and lawfully”, said a “siege of media coverage had driven away virtually all of the company’s customers and suppliers”, and argued that the firm – which has mounted an extensive press campaign in its defence – had been “vilified for activities that are not only legal, but also widely accepted as a standard component of online advertising”.

CA’s data collection was facilitated through a Facebook personality-testing app from Global Science Research (GSR) called thisisyourdigitallife, in which around 270,000 Facebook users participated in a survey designed to score them according to the commonly-used OCEAN personality test.

Using a data-mining algorithm designed to extrapolate OCEAN scores for those users’ Facebook friends, GSR developed a database of more than 26 million personality profiles that also integrated personal details of US citizens in 11 states.

These data were sold to SCL Elections Ltd, the 80-employee UK-based affiliate of the US-based CA, which used them to support engagements with a number of political campaigns supporting the likes of Ted Cruz and Donald Trump – whose former advisor Steve Bannon previously ran the company.

There were suggestions Cambridge Analytica and SCL could be acquired by Emerdata Ltd – another UK-based company set up by Cambridge Analytica executives last August – but these were scuttled when SCL founder Nigel Oakes this week confirmed that Emerdata was also closing and that the entire venture had reached “the end of the show”.

We did nothing wrong

To support its claims of no wrongdoing, CA referred to an audit into the company’s activities by Queen’s Council Julian Malins, which was published on 2 May and largely exculpated the firm from wrongful conduct.

That report noted the “truly gigantic” volume of “publicly available” data about individuals from around the world “voluntarily supplied by” those individuals, and noted a contractual agreement that GSR would seek out “informed consent of the seed user”.

GSR’s extrapolation of that consent to tens of millions of other Facebook users has been claimed to have been outside the scope of the GSR-CA contract, which stipulated the provision of data about a maximum of 30 million people and reportedly delivered around 26 million users’ information.

CA whistleblower Christopher Wylie previously said CA had harvested over 50 million Facebook profiles of US voters “to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”

Facebook set the figure at 50 million and subsequently revised it to 87 million.

Malins concluded that “it is simply not known by SCL or CA how many users’ data was actually harvested by GSR from Facebook”.

Cultural change around data

In painting itself as the fall guy for GSR’s data harvesting, CA has become the public face of a scandal that, among other things, saw Facebook founder Mark Zuckerberg apologising to Cruz and other members of a US Congress committee and admitting that he “didn’t do enough to prevent [data] tools from being used for harm”. It also prompted the Office of the Australian Information Commissioner (OAIC) to launch an investigation into the potential breach of more than 300,000 Australian users’ personal data.

The CA scandal has fuelled a horror media year for Facebook, with its role in disseminating ‘fake news’ drawing an ACCC investigation and forcing it to become more proactive in policing its often controversial content. Nonetheless – and somewhat ironically – the company’s financial fortunes have been surging on the back of exploding demand for its data-driven marketing and engagement capabilities.

CA’s travails have become a cautionary tale in a community that has long wrestled with the conflict between marketing and privacy. With the European Union’s general data protection regulation (GDPR) set to tighten user consent practices when it comes into effect later this month, Australian Alliance for Data Leadership acting CEO Steve Sinha says interest in the group’s industry code of practice has surged since the CA scandal broke in March.

“It’s absolutely a much more topical situation,” he explained, “and potential interest in [self-regulation body] Data Governance Australia has certainly gone up with all this happening. In some ways, this is not a bad thing: if what happens puts a public focus on data and engenders a discussion within the community, it’s a good discussion to have.”