He also said that "everyone involved gave their consent".

Anna Johnston, director of privacy consultancy Salinger Privacy and a former NSW deputy privacy commissioner, told me she hoped and believed that the Facebook scandal would force technology companies to start putting their users, rather than advertisers and marketers, first.

"I actually think", Johnston said, "that we are about to enter a new age in which consumers, regulators and legislators will start to call out the practices of companies like Facebook which claim to rely on 'consent' … as based on an absurd legal fiction which can no longer stand.

"It is not only utterly ridiculous to suggest that the [Cambridge Analytica] app users' millions of friends consented to any of this; I doubt many of the 270,000 gave a valid consent in the legal sense of it being voluntary, informed, and specific," Ms Johnston continued.

"Having one line in the standard Facebook T&Cs which says that by signing up to Facebook users are 'consenting' to the use and disclosure of their data 'for research' makes a mockery of the law of consent, as well as established ethical rules regarding research activities."

Loading

Ms Johnston added that, on face value, Facebook's business practices did not, in her view, comply with existing Australian or European privacy laws when it came to consent.

Europe's new General Data Protection Regulation was only going to reinforce this point, Ms Johnston said, "and arm regulators with massive fines to finally prove their point".

Liam Pomfret, spokesman for the Australian Privacy Foundation, said the idea of consent was key to social online services, but that it had "been consistently undermined".

"While privacy is often mis-characterised as an individual responsibility, this episode demonstrates how our privacy can be harmed by the behaviours and choices of those around us," he said.

Mr Pomfret added that Australia's privacy legislators were "understaffed and underfunded", with the fines they could levy for privacy harms being "barely a slap on the wrist for multinationals".

"These organisations must be properly supported by government, so they can be effective public interest watchdogs over these data-addicted firms," he said. "Long term, I personally hope that social networking sites will transition to new, more socially and commercially sustainable business models, adopting consumer privacy as a matter of corporate social responsibility."

As Zeynep Tufekc, an associate professor at the School of Information and Library Science at the University of North Carolina, wrote in a New York Times opinion article: "Despite Facebook's claims to the contrary, everyone involved in the Cambridge Analytica data-siphoning incident did not give his or her 'consent' — at least not in any meaningful sense of the word."

While the users involved in the personality quiz did indeed authorise their information to be disclosed, as well as their friends' information, their friends did not explicitly consent to it.

And therein lies the main lesson which can be learned from this whole sorry saga: informed consent is crucial. Pointing to a 100-page long privacy policy is not enough, which is something the now outgoing Australian privacy commissioner, Timothy Pilgrim, has been banging on about for some time now, ever since he analysed mobile apps in 2013 and found they weren't doing enough to get informed consent.

"It's important to get informed consent from people so they can decide whether or not to install an app," Mr Pilgrim said at the time. "Informed consent requires that users be told about the privacy implications of an app in a way they can understand."

Facebook's response to the latest privacy incident seems to be creating yet another privacy dashboard, along with a few tweaks to its platform, such as restricting third-party developers' data access "even further to prevent other kinds of abuse".

"We want to make sure you understand which apps you've allowed to access your data," Facebook chief Mr Zuckerberg said in a statement on Thursday. "In the next month, we will show everyone a tool at the top of your News Feed with the apps you've used and an easy way to revoke those apps' permissions to your data."

Further, he said Facebook would remove third-party developers' access to your data if you hadn't used their app in three months. Facebook would also "reduce" by default the data you give an app when you sign in to only your name, profile photo, and email address.

But, he said Facebook would still allow some developers to get access to users' posts "or other private data", but only if the developers signed a contract with Facebook over its use.

But is this enough?

Yet another dashboard (or an extension of it) featuring Dino the blue Facebook privacy dinosaur, ready to fix all your privacy issues, only after you've realised how much you've disclosed.

As Tufekc points out, a business model based on vast data surveillance and charging clients to "opaquely target users based on this kind of extensive profiling" will inevitably be misused.

"The real problem is that billions of dollars are being made at the expense of the health of our public sphere and our politics, and crucial decisions are being made unilaterally, and without recourse or accountability," Tufekc wrote.

And how do we fix that?

At this point it's only going to be through government-enforced legislation, or behavioural change by users of social media networks saying, "No, I'm not going to sign up to this".