Data is like oil to Facebook - it is what brings advertisers to the platform, who in turn make it money.
And there is no question that Facebook has the ability to build detailed and sophisticated profiles on users' likes, dislikes, lifestyles and political leanings.
The bigger question becomes - what does it share with others and what can users do to regain control of their information?
We've all seen these quizzes - offering to test your IQ, reveal your inner personality, or show you what you'd look like if you were a glamorous actor.
It was information from one such Facebook quiz - This is Your Digital Life - that Cambridge Analytica is alleged to have used to harvest the data of millions of people.
Many such quizzes come with reassurances that your data is safe.
These games and quizzes are designed to tempt users in but they are often just a shop front for mass data collection - and one that Facebook's terms and conditions allow.
Privacy advocates Electronic Frontier Foundation said the way these quizzes collected data reflected "how Facebook's terms of service and API were structured at the time".
Facebook has changed its terms and conditions to cut down on the information that third parties can collect, specifically stopping them from accessing data about users' friends.
It is not yet clear exactly what information the firm got hold of - this is now subject to an investigation.
What can users do to protect their information?
- Log in to Facebook and visit the App settings page
- Click edit button under Apps, Websites and Plugins
- Disable platform
- Log into Facebook's App settings page
- Unclick every category you don't want the app to access, which includes bio, birthday, family, religious views, if you are online, posts on your timeline, activities and interests
How else can you protect your Facebook data?
- From the top right of the blue bar, click the downward arrow
- Select settings
- Click General
- Click Manage Account
- Click Request Deletion
- In the pop-up box, which is aimed at people who want to delete their account in the event of their death, click Learn More
- Scroll down to the section headed Deleting Your Account and click on the link
Facebook advises users who delete their account to download a copy of their information before they delete it. They also warn users that the process can take up to 90 days, during which time the information is inaccessible to others using the platform.
Can you find out what data on you is stored?
Under current data protection rules, users can make a Subject Access Request to individual firms to find out how much information they have on them.
When Austrian privacy advocate Max Schrems made such a request to Facebook in 2011, he was given a CD with 1,200 files stored on it.
He found that the social network kept records of all the IP addresses of machines he used to access the site, a full history of messages and chats, his location and even items that he thought he had deleted, such as messages, status updates and wall posts.
But in a world where Facebook information is shared more widely with third parties, making such a request gets harder.
As Dr Bernal says: "How do you ask for your data when you don't know who to ask?"
That is likely to change this summer with the introduction of the EU's General Data Protection Regulation (GDPR), which aims to make it far easier for users to take back control of their data.
The threat of big fines for firms that do not comply with such requests could make it more likely that they will share this information, which must be given to consumers "in a clear and readable form".
How long is data kept?
Data protection laws in Europe suggest that firms should only keep user data "as long as necessary" but the interpretation of this can be very flexible.
In Facebook's case, this means that as long as the person posting something does not delete it, it will remain online indefinitely.
Can you delete historic data?
Users can delete their accounts, which in theory will "kill" all their past posts but Facebook encourages those who wish to take a break from the social network simply to deactivate them, in case they wish to return.
And it must be remembered that a lot of information about you will remain on the platform, from the posts of your friends.
One of the biggest changes of GDPR will be the right for people to be forgotten and, under these changes it should, in theory, be much easier to wipe your social network or other online history from existence.