15th May 2018. The New York Times, after two months from the launch of the scandal, revealed that Justice Department and FBI started an investigation on Cambridge Analytica data firm (failed on the 1st of  May 2018) . Also many of CA collaborators are inquired or interrogated as witnesses.

https://www.nytimes.com/2018/05/15/us/cambridge-analytica-federal-investigation.html

25th May 2018. European Union, to uniform regulations of each country, promulgated a law about data protection made to defend European citizens privacy: GDPR (General Data Protection Regulation). A processor of personal data must clearly disclose any data collection, declare the lawful basis and purpose for data processing, and state how long data is being retained and if it is being shared with any third parties. Businesses must report any data breaches within 72 hours if they have an adverse effect on user privacy. 

Facebook. In its policy, sharing data with third parties is forbidden. The app thisisyourdigitallife collected FB account data with the consent of the users but later shared their data with Cambridge Analytica, without informing them and violating FB terms and conditions. Later, when The Guardian and the NYT published their inquiries on March 17, 2018, they caused a huge public outcry. More than $100 billion was knocked off Facebook’s share price in days and politicians in the US and UK demanded answers from Facebook CEO Mark Zuckerberg. The question, indeed, is if Facebook has been unable to discover and to stop the leak of data or if Facebook knew everything and it didn’t do anything.