Well, if data on European citizens have been exposed, then ideally Facebook's management would be charged with breaching national European laws on data protection, trialed and sentenced to prison.
The legal base for imprisonment for severe violation on data protection laws is there in many (most?) countries but they are rarely, if ever, used.
The legal base for imprisonment for severe violation on data protection laws is there in many (most?) countries but they are rarely, if ever, used.