Facebook and Cambridge Analytica recently found themselves at the centre of a sensational dispute over the collection and use of personal data (in this case, information about users’ political alignment; data that’s known as ‘sensitive’ personal data under new GDPR legislation).
It all began with a ‘Personality Quiz’ app designed – and one can assume, approved – for use on the social networking site as a fun way to pass the time and connect with friends. As was common at the time, the app was also developed to harvest personal data of the user and, if reports are true, that of their unconsenting friends’ list.
According to reports, the personal data was then sold to Cambridge Analytica and used to psychologically profile users so that targeted advertisements and political spin/smear campaigns could be delivered straight to their profile pages and newsfeeds. A shocking allegation of invasion of privacy and political bias that has authorities on both sides of the pond enraged.
It’s worth noting that Facebook has since changed the amount of data that app-developers can scrape in this way and removed the app, demanding all its information be deleted.
Cambridge Analytica claims that it never used the data, and deleted it when Facebook told it to.
So, what can we take from the events?
It’s true that most users of social networking sites have no idea how much the platform actually knows about them (and their list of contacts). Remember, advertisers buying space on such networks are paying for your attention, and that attention is intensely targeted by the personal and sensitive data we’re almost all guilty of over-sharing online. The question left in the aftermath of such a scandal is this: with whom does the burden of data protection lie, the user or the platform?
Whilst admitting that mistakes were made and listing the more stringent measures he would implement to protect users’ data, Zuckerberg’s proposed solutions include a tool to empower users to control their own data on the site, e.g., which apps they allow to access their profile information and for how long.
Indeed, if we were to find a silver-lining here, it would be the empowerment and the raised level of awareness amongst social network users who have been following the story. Knowledge, as ever, is the key to prevention.
As GDPR legislation came into force in May 2018, individuals will have ever-more control over their personal data as well as increased access to it, a directive which is highlighted in Zuckerberg’s promise to ‘provide an easy way to revoke’ data-access permissions.
Looking to raise awareness about using social media, data protection, or GDPR? Visit our Compliance page to see our full range of courses.