Both campaigns abused Facebook to get the personal information of people who never downloaded the offending app. The Obama campaign collected information on a lot more people than CA did, so many that Facebook said they would have blocked anybody else requesting that much information.
According to the Wikipedia article on the CA scandal :
> Cambridge Analytica in turn arranged an informed consent process for research in which several hundred thousand Facebook users would agree to complete a survey only for academic use. However, Facebook's design allowed this app not only to collect the personal information of people who agreed to take the survey, but also the personal information of all the people in those users' Facebook social network. In this way Cambridge Analytica acquired data from millions of Facebook users
So, both got more information than the sharers intended (namely, information from people in their social graphs), but in the Obama case the root nodes of any such information trees were people who knew they were sharing with the Obama campaign whereas in the CA case the root nodes were people who were told that they were sharing only for academic research.
That seems to me to be a pretty big difference. In the Obama case if I'm a root node, the abuse is that although they used the information for the purposes I intended when I gave it, they got more information than I may have intended to (or had a moral right to) give. In the CA case if I'm a root node the abuse is that plus them lying about why the information was being collected.