Australia's privacy commissioner has its sights on Facebook after the US social media giant revealed up to one in 50 local users may have had their personal information accessed by Cambridge Analytica.
It's launched an investigation to determine whether the Mark Zuckerberg-led multi-billion dollar behemoth breached the Australian privacy act.
Facebook has admitted 311,127 Australian users are likely among the up to 87 million users worldwide whose data was unknowingly and "improperly" shared with the British political consultancy agency.
"All organisations that are covered by the Privacy Act have obligations in relation to the personal information that they hold," Acting Information and Privacy Commissioner privacy commissioner Angelene Falk said on Thursday.
"This includes taking reasonable steps to ensure that personal information is held securely, and ensuring that customers are adequately notified about the collection and handling of their personal information."
Cambridge Analytica developed controversial tools for use in political campaigns and had sought to assist Donald Trump's 2016 run for US president
Belinda Barnet, a data analytics expert at Swinburne University, says profile data like that collected by the group is just the tip of the iceberg.
Social media companies collect data on every click made on their websites and consider that information their property, leaving users unable to adjust access to it in privacy settings.
"All the data collected while you interact with the platform should be transparent, that should be available to you," Dr Barnet said.
"I'd like to see transparency about which third-party organisations including advertisers have access to your profile data, your data points and the inferences drawn from those data points.
"If things keep happening, governments are going to have to regulate to make (these changes happen)."
Meanwhile, the 87 million figure may not even be correct.
Facebook admitted it was the "best estimate" of the maximum number of accounts that installed CA's app, and the friends of those app users whose data may have also been shared.
"We do not know precisely what data the app shared with Cambridge Analytica or exactly how many people were impacted," Chief Technology Officer Mike Schroepfer said in a statement.
Mr Schroepfer also noted that, up until Thursday, some of the company's software tools had allowed apps to scrape data from private events and private groups.
Among other changes to the platform, Messenger and Facebook Lite users on Android will have less call and SMS metadata uploaded from their phones to Facebook's servers.
While US users made up most of the 87 million people affected, the UK, Philippines and Indonesia each had more than one million accounts affected.
Australians made up one in every 250 accounts accessed. Facebook has about 15 million monthly active Australian users.