The revelation that over 50 million Facebook users personal information was accessed and analyzed by Cambridge Analytica to create specific politically motivated targeting during the 2016 US election cycle has only begun to unfold.
The scandal has been documented in painful detail by the man at the center of the storm, Christopher Wylie, and it looks like the fallout is still coming thick and fast, with Mark Zuckerberg losing 9 billion dollars off his net worth in the days following the revelations. There are calls in both the United Kingdom and the United States for Facebook to be investigated and appear before congressional hearing committees. There have been videos released of the owners of Cambridge Analytica boasting about their success in effectively manipulating elections across the world using a combination of data, targeting ads and bribery. So what should be done in the aftermath of this revelation?
The reaction of many is to proceed to delete their accounts from Facebook and become angry at how their privacy and data was used and manipulated in a very sneaky manner. Perhaps the voice which carries the loudest in this cry is Brian Acton, WhatsApp founder, who sold his company to Facebook and weighed in on the recent debacle by tweeting “It is time. #deletefacebook” which has been trending on Twitter since the news broke.
Mark Zuckerberg made his first public statement about the scandal, and when responding to a question about regulating social media, he responded, “I actually am not sure we shouldn’t be regulated. I think in general technology is an increasingly important trend in the world. I think the question is more what is the right regulation rather than ‘yes or no should we be regulated?’”
If the information you provide to sites can be used without your knowledge or consent in ways that are invisible to you how can you guarantee you won’t be a victim?
Thanks to the new General Data Protection Regulation, coming into effect in May throughout the European Union, understanding exactly what details any site collects or has about you and what data they will use will become a European standard. Websites will now actively prompt users to read very clearly structured, stated privacy statements and cookie policies. In addition to this, you can opt to have your details forgotten, have your data removed and also find out how, where and for how long your data is stored. The details of any analytics tools used by every site you visit must be made very clear, and the ability to opt out of these analytic tools must be provided.
The GDPR has very specific guidelines outlining that if a breach of personal data happens at a site that there is a timeline of 72 hours in which the breach must be acknowledged and reported. Furthermore, there are severe punishments in place for those who do not follow this protocol including but not limited to fines totaling a percentage of your companies net value.
The question as to whether this will be enough to stop companies like Facebook misusing private data is hard to say, as Facebook maintains that they were “not breached” as Andrew “Boz” Bosworth Tweeted, “This was unequivocally not a data breach. People chose to share their data with third-party apps, and if those third-party apps did not follow the data agreements with us/users, it is a violation. No systems were infiltrated, no passwords or information were stolen or hacked.”
The future of social media?
In Europe, the consensus on web safety has been allowing the browser the maximum level of transparency and freedom to choose how much data they give about themselves. The European Union has been making moves in this direction for over six years with the GDPR regulations. The U.S., however, up until the Facebook scandal broke, seemed to be equally split on the regulation of the internet. With opponents of regulation citing fears that regulation is not competitive for business, a violation of the first amendment and a slippery slope toward government control over the content of the internet.
Currently, Silicon Valley outspends any other corporation in America in political lobbying, with Alphabet, Googles parent organisation, being the biggest spending corporation in the U.S. Google itself spent a cool 25 million dollars on lobbying including hiring 18 firms to represent their interests in Washington, including having six lobbyists to every one member of Congress in Washington. This level of spending has been suspected as the reason that Google avoided any major penalties in a two-year Federal Trade Commission antitrust probe that concluded in 2013.
If there is such a massive gap between European law and U.S. law about a global platform how can it be bridged?
One solution seems to be using regulatory standards, like the GDPR in the United States. Its vital that there is transparency between the service and the user with clearly explaining what their data is being used, for what purposes and how they will be used and most importantly regulating the usage of third-party applications. These are the things that guarantee the users maximum privacy, and ironically Mark Zuckerberg proposed something similar to GDPR guidance, “There is transparency regulation that I would love to see. If you look at how much regulation there is around advertising on TV and print, it’s just not clear why there should be less on the internet. You should have the same level of transparency required. I don’t know if the bill is going to pass, I know a couple of senators are working hard on this. But we’re committed, and we’ve already started rolling out ad transparency tools that accomplish most of the things that are in the bills people are talking about today. This is an important thing. People should know who is buying the ads they see on Facebook, and you should go to any page and see all the ads that people are running to different audiences.”