The article vaguely links Cambridge Analytics to GDPR. Is there really a connection or is the article merely trying to frame GDPR negatively by comparing?
I don't think so. The APIs that Cambridge Analytica were taking advantage of were available long before GDPR became enforceable and are most likely illegal under GDPR because they allowed third parties access to your personal information without your consent - where it was a friend of yours who consented to revealing their information, Facebook would also reveal some information about you.
Cambridge Analytics is a data portability exploit. It leveraged your friend's ability to send your Facebook data to third party apps. GDPR enforces more data portability, which in some sense allows for a larger attack surface for such exploits. The article mentions one example of hackers extracting all your personal data after a takeover of your account.
Framing a law that forces companies to allow you to export your own personal data in a readable format to reduce vendor lock in as "this will definitely cause the next Cambridge Analytics!" on the basis of "but user authentication might be bad!" is absolutely laughable and the fact that this article got so popular here is pretty discouraging.
