All of the data was taken without consent. The user might have clicked some 'I agree' checkbox, but they were not in a position to give consent. We could, to compare it to other similar issues involving lack of consent, call it statutory data theft.
Not it wasn't taken. You give over the use of that data to FB when you use their service. Just like you do when you get a loyalty card in Safeway or pay with you credit card.
Calling that stolen is mixing your personal opinions with facts.
