There are two answers to that. One is a policy answer, and one is an enforcement answer.
With regard to the policy piece, it was at the time, and continues to be, a violation of our rules for a developer to use information in that way. It would restrict both their use of the information that they directly receive from Facebook, as well as any downstream uses, such as the profiling that you are talking about. Those would both be violations of our rules. We're undertaking to investigate that ourselves.
We understand that the Information commissioner in the U.K., which has jurisdiction over Cambridge Analytica, is undertaking an investigation, and we're co-operating with that. We understand that the Privacy Commissioner in Canada is doing so as well, and we're co-operating there. We need to co-operate with both of those investigations and understand what's happening.
With regard to enforcement, after the regulators who are undertaking the investigations have told us that it is safe for us to do so, one of the things we need to do is to understand whether any of that downstream data exists. If it still does, we would take the position that it's just in the same category as their earlier data and needs to be deleted as well.