The recent Facebook scandal opened a whole can of data-ridden worms, and brought the question of whether our own online information could be used without our knowledge or consent into sharper focus.
With this month seeing in the General Data Protection Regulation (GDPR), it will change the regulations for companies that process, collect, or store large amounts of user data. We’ve all noticed the rules being implemented over the past few weeks, with emails and texts asking us to confirm we accept our data being used and/or if we consent to being contacted by the firms directly.
Facebook CEO Mark Zuckerberg’s statement before Congress last month detailed, “I think the GDPR in general is going to be a very positive step for the internet”. With the timing of the scandal coinciding to the implementation of GDPR, it has sparked controversy around whether this sharing of information can, or should, be labelled a ‘breach’, with Facebook stating,
‘People knowingly provided their information, no systems were infiltrated and no passwords or sensitive pieces of info were stolen or hacked’.
The term ‘breach’ is somewhat ambiguous; to me, it throws up images of some computer-science undergrad sitting in a dark room, frantically typing codes to hack into large company databases.
That is not what has happened here.
The ‘victims’, if you will, were paid to take a personality test, which also gathered data on these people’s Facebook friends. To their knowledge, this information was to be used for academic purposes only. In sharing 50m people’s information with Cambridge Analytica, and allowing it to be used for political marketing (to influence Trump’s victory in the US presidential election), it was Global Science Research employee Aleksandre Kogan who broke the terms of license.
A ‘breach’ can be defined as ‘a gap in a wall, barrier, or defence, especially one made by an attacking army.’ So, is Facebook the ‘attacking army’? Or is it Cambridge Analytica? This begs the question; is this a widespread data protection problem, or just a corrupt data analytics firm who have been caught out?
FB’s Andrew Bosworth tweeted ’This was unequivocally not a data breach’. He went on to say that the third party not following the data agreements was a violation of contract, not a breach of data.
Facebook obviously wanted to clear their name, but regardless of who we place the blame on, isn’t it worrying how easily this can happen, and then stay covered up for years? Facebook admitted that they learned about these app issues in 2015, removed it and demanded the data was destroyed. But why did nobody hear about it back then, and how would we ever know if this data really had been deleted?
The scandal has got people talking about safety online, and of course, this isn’t the first high profile data story, with FedEx, Uber and Yahoo all making headlines in the last year for similar data breaches. Sadly, I doubt it will be the last.
There is an overwhelming vibe that the Cambridge Analytica outrage has made people very uneasy and even reluctant to continue using online platforms such as Facebook, Twitter and Instagram with the worry that their data could be left unprotected. I, for one, certainly fall into that category.
Clarence Mitchell, a spokesman for Cambridge Analytica has since, last week, released a statement that “it is no longer viable to continue operating the business”. He goes on to explain that the accusations were ‘unfounded’, and that the company has been ‘vilified’ for legal activities. They have advised that the investigation is ongoing.
I feel that there is a deeply cynical air surrounding this inquiry, with Cambridge Analytica’s core aim suspected to be the use of this data to predict and influence the US electorate, and even rumours of a similar procedure during the run-up to the Brexit referendum. This powerful propaganda tool surely becomes problematic when it is being used to exploit and take advantage of more vulnerable members of society, which is essentially what the company aim to do when they identify the most persuadable voters, and proceed to target them online. It seems odd that as soon as they have been brought under scrutiny, their only option is to shut the company down. Something to hide?
This, to me, feels so morally wrong and uncomfortable. Call it what you will – a breach, or a violation, either way it is unsettling.