Facebook has revealed new details about the scale of its data breach which reveal the UK is the worst affected country in the European Union.
The social media firm has told the European Commission that a total of 2.7 million of its users in EU countries may have had their data improperly shared with Cambridge Analytica.
That comes a day after it was reported that around 1.1 million UK users were affected.
It means more than a third of affected users across the European Union are UK residents.
None of the other 27 EU member states comes close to having the same number of users affected – but their are concerns that could change with next year’s European elections.
Facebook made the admission about the scale of data breach across the EU in a letter sent to the European Commission by the company’s chief operating officer, Sheryl Sandberg, last night.
The contents of the letter were briefed to journalists by the Commission at a press conference in Brussels today.
A Commission spokesman said: “The letter also explains the steps Facebook has taken in response since.
“We will study the letter in more detail, but it is already clear that this will reveal further discussions with Facebook about the implementation of the changes in the context of the new European data protection rules and the broader questions of the democratic process.”
Vera Jourova, the Commissioner for Justice and Consumers, is set to discuss Facebook’s response to the scandal with Mrs Sandberg in a phone call next week.
A Commission spokesman told Yahoo UK that Mrs Jourova was “not entirely happy” with the steps Facebook has proposed and will push for tougher measures to stop another data breach on this scale.
Data obtained by Cambridge Analytica was used by pro-Brexit campaigners and Donald Trump’s campaign team to influence voters in the EU referendum and US presidential elections.
Whistleblower Christopher Wylie revealed the company harvested personal information without the permission of users to build a software programme that allowed campaigners to target voters with specific adverts.
And the Commission is concerned that the outcome of next year’s European elections could be swayed by such practices without tough action.
The UK’s data protection authority – the Information Commissioner’s Office (ICO) – is leading the investigation into the scandal on behalf of the entire EU.
ICO head Elizabeth Denham said she is “conducting a broader investigation into how social media platforms were used in political campaigning.”
The ICO is investigating 30 organisations, including Facebook and Cambridge Analytica, as part of their probe into how personal data has been misused for political purposes.
It comes ahead of the introduction of new EU data protection regulations next month.
The rules, which come into force on May 25, mean companies will need explicit consent from users if they want to pass on personal data to a third party or use it for a different purpose.
Companies falling foul of the new rules could be hit with fines totally 4% of their annual turnover.
They must also inform users within 72 hours if there has been a data breach – a measure specifically targeted at Facebook, who failed to alert users to the data breach despite knowing about it since 2015.