Allegations that research firm Cambridge Analytica misused the data of 50 million Facebook users have reopened the debate about how information on the social network is shared and with whom.
Data is like oil to Facebook - it is what brings advertisers to the platform, who in turn make it money.
And there is no question that Facebook has the ability to build detailed and sophisticated profiles on users' likes, dislikes, lifestyles and political leanings.
The bigger question becomes - what does it share with others and what can users do to regain control of their information?
What can users do to protect their information?
Log in to Facebook and visit the App setting page
Click edit button under Apps, Websites and Plugins
This will mean that you won't be able to use third-party sites on Facebook and if that is is a step too far, there is a way of limiting the personal information accessible by apps while still using them:
Log into Facebook's App settings page
Unclick every category you don't want the app to access, which includes bio, birthday, family, religious views, if you are online, posts on your timeline, activities and interests
There are some others pieces of advice too.
"Never click on a 'like' button on a product service page and if you want to play these games and quizzes, don't log in through Facebook but go directly to the site," said Paul Bernal, a lecturer in Information Technology, Intellectual Property and Media Law in the University of East Anglia School of Law.
"Using Facebook Login is easy but doing so, grants the app's developer access to a range of information from their Facebook profiles," he added.
How else can you protect your Facebook data?
There really is only one way to make sure your data remains entirely private, thinks Dr Bernal. "Leave Facebook."
"The incentive Facebook will have to protect people more will only come if people start leaving. Currently it has very little incentive to change," he told the BBC.
It seems he is not alone in his call - the hashtag #DeleteFacebook is now trending on Twitter in the wake of the Cambridge Analytica scandal.
But Dr Bernal acknowledges that it is unlikely many will quit - especially those who see Facebook as "part of the infrastructure of their lives".
Can you find out what data on you is stored?
Under current data protection rules, users can make a Subject Access Request to individual firms to find out how much information they have on them.
How long is data kept?
Data protection laws in Europe suggest that firms should only keep user data "as long as necessary" but the interpretation of this can be very flexible.
In Facebook's case, this means that as long as the person posting something does not delete it, it will remain online indefinitely.
Can you delete historic data?
Users can delete their accounts, which in theory will "kill" all their past posts but Facebook encourages those who wish to take a break from the social network simply to deactivate them, in case they wish to return.
And it must be remembered that a lot of information about you will remain on the platform, from the posts of your friends.
One of the biggest changes of GDPR will be the right for people to be forgotten and, under these changes it should, in theory, be much easier to wipe your social network or other online history from existence.