Facebook is facing a privacy lawsuit from Australia’s information commissioner over the Cambridge Analytica scandal.

More than 300,000 Australians were affected by the when Cambridge Analytica, a data analytics firm used by both the Trump and Brexit Leave campaigns, violated Facebook policies by collecting the personal data from accounts of 87 million Americans and millions of other users worldwide without their permission.

Australian information commissioner Angelene Falk called out the social media giant’s violation of Australian privacy law by sharing user data – including names, birthdates, friends’ lists, email and messages – via a Cambridge Analytica app.

 “We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed,” the Guardian cited Falk as saying.

“The Australian privacy watchdog is well within their rights to take Facebook to court for their negligence, after all, both the U.K. and the U.S. have done so in the past and won quite sizeable settlements in doing so,” said Tom Chivers, data privacy advocate at ProPrivacy.com, who called the scandal “one that shook the world to its core.”

Shortly before the U.K. imposed a $644,000 fine, the U.S. Federal Trade Commission in July levied a $5 billion fine on Facebook as punishment for what it described as deceptive privacy practices, and imposed new restrictions on the social media giant. Facebook agreed to the terms of the deal.

In conjunction, the Department of Justice officially filed a legal complaint against Facebook, accusing the company of misrepresenting to consumers the extent to which they could control the privacy of their data and to which Facebook made their data available to third parties.

“What I find most troubling about this case is that while the Information Commissioner claims that 311,127 Australian Facebook users have had their data leaked from the This Is Your Digital Life app, only 53 Australian’s actually installed it,” said Chivers. “This en masse exposure was therefore facilitated by Facebook, a former practice of theirs allowed users of this app to not only sign away their own data, but the data of their Facebook friends.” 

That’s the “type of shady manipulation” that “was common practice for third party apps, who took advantage of Facebook’s lax attitude to the privacy of their users and hoard a wealth of data from plenty of people who don’t even use their product,” he explained. “The fact this data was then sold to Cambridge Analytica, a firm who become infamous overnight for using people’s data to manipulate their voting patterns, just proves how dangerous this practice can prove to democracy at large.”

App users must know what exactly they’re signing up for beyond just clicking “agree” to terms and conditions, said Chivers.

“The very idea that this kind of manipulation can happen on such a grand scale by exploiting the sensitive data of people is, frankly, frightening,” he said. “Government’s around the world must take a stand to make perfectly clear to social media giants like Facebook that this cannot and must not happen again.”