Australia's privacy regulator is taking Facebook to court over the Cambridge Analytica scandal.
The Office of the Australian Information Commissioner said Facebook had seriously infringed the privacy of more than 300,000 Australians.
The social media giant left personal data "exposed to be sold and used for... political profiling".
The scandal involved harvested Facebook data of 87 million people being used for advertising during elections.
"Facebook failed to take reasonable steps to protect those individuals' personal information from unauthorised disclosure," the Australian commissioner's office said.
Australia's federal court can impose a fine of A$1.7m (£860,000) for every serious or repeated interference with privacy, it added.
A Facebook spokesperson said the company had "actively engaged" with the commissioner since it opened the investigation in 2018.
They said Facebook had "made major changes... to help people protect and manage their data".
"We're unable to comment further as this is now before the Federal Court," the spokesperson said.
How did the Cambridge Analytica scandal happen?
Researcher Dr Aleksandr Kogan and his company GSR used a personality quiz called "This Is Your Digital Life" to harvest the personal information of people who used it.
But because of the way Facebook's rules worked at the time, it could also access the information of a user's friends, even if those people had never authorised the app.
Some of that information was given to Cambridge Analytica, which used it in US political advertising.
Facebook was fined £500,000 by the UK Information Commissioner's Office (ICO) in October 2018 for what it called a "serious breach" of the law. It was the maximum fine available under the law before a new privacy law (GDPR) took effect.
In the United States, regulators levied a record $5bn (£4bn) fine over the same issue.