Here are the facts as I understand them:
And all of this, at the moment, is "allegedly".
1) CA put a survey onto Facebook which asked lots of questions to find out what sort of X you were (you know - "You're Phoebe Buffay! You're in Gryffindor!").
2) Because the app was built to work on Facebook it also collected your name, and some basic details about you - the sort of stuff you see if you look at a profile of a person you're not "friends" with. It would give them a name, age, things you 'like', and a rough idea of where you live. It may or may not have given them quite an accurate idea of where you lived, no-one can decide about that. It also told them who your friends were - again, the sort of thing you can see when you hit up someone's page that you don't know.
3) They did some wicked-smart stuff with the masses of data they collected, and built a psych profile on folks to find out how they might vote in the upcoming USA election. Then they looked for patterns of people connected to friends that didn't do the survey, and took a guess at how those friends would vote, based on the answers of the connected people, and where they lived.
4) Team Trump used this data to target adverts at the people they thought were most likely to be swayed to vote Republican, in a way that was most likely to sway them. It was super-granular, street-level stuff. People canvassed in those areas, saying things they'd been told to say which would be most likely to sway that particular area's vote. They also did the neighbours, because people living in close proximity are more likely to think in the same way.
5) Trump won, and everyone immediatly started asking "how?".
Now, first off, I think this is genius. Genius. This stuff is fucking hard, and if it was as effective as people are saying it was then it was a fucking work of art.
Second off - everyone does this. I used to work in Market Research, and at least one person there is doing this sort of stuff full time, and that was just a little research shop. The behemoths like Nielsen and Kantar are going to have massive swathes of people doing the same thing (and they'll tie it to a load of other information sources, like websites you visit or things you buy). Fun fact - market research is exempt from the part of the Data Protection Act that says you can't keep data that's not timely or relevant, so over the years they're going to have accumulated buckets of data that they never have to remove.
Third off - I don't think it can have worked as well as people are saying. As I said before, this stuff is hard, not only collecting the psyc profiles but using NLP to sway people. I think it may have worked to an extent, but not to a large extent.
Bottom line - I can't see how anyone did anything illegal. Immoral perhaps (on the part of CA) because they didn't tell people answering the questions what the data was really for. But it's incredibly rare that a market research survey will tell you what it's actually for - for a start, it will skew the results. Sometimes they tell you at the end, but not often.
Now, everyone is losing their tits over this, but all I can see is business as normal. CA did an excellent job, and in their desperate hunt to believe anything except for the fact that people actually wanted Trump to be president, America is jumping up and down and pointing finders.
So... Am I wrong? Tell me!
Interesting side note - almost every US report you see or hear about this describes CA as being 'a British company', which is correct, but it was the New York office that actually did the work.