I think that's right. Sandy Parakilas gave evidence to our committee a few weeks ago. He used to work at Facebook and had oversight of their relationships with developers and the way they use data. His concern was that abuse of data was widespread; large amounts of data were being taken from the platform by developers; there was no real scrutiny by Facebook of what they did with it and how they did it. My contention with the Aleksandr Kogan data would be that I think Facebook would never have known about it if it hadn't been for a newspaper article in The Guardian in the U.K., which exposed it; and they then followed up on that once they'd been told. I don't think they have any monitoring or auditing of what happens to data acquired by developers.
However, there's another question. Kogan is right to say that, well, the terms and conditions for using the app he created say that he may want to give that data to other people. The question then is why Facebook didn't stop that at the time. Why did they approve it and let him do this? Clearly, Dr. Kogan would have known, and should have known, that to do what he did was a breach of Facebook's rules. I think there's, then, a separate question about the existing U.K. data protection law at the time he did it, which has got quite strong provisions in place to stop people holding political data about people and gathering data to use in political campaigns. I think he should have known that there were certainly serious legal questions about what he was doing.