During March 2018, the Facebook data breach scandal came to the public light. Soon after the news broke out, the world started questioning the credibility of Facebook’s privacy policies. The public outcry over the incident was so vociferous that the US Senators Committee decided to summon Mr. Zuckerberg to an official hearing over the matter, titled: “Facebook, Social Media Privacy, and the Use and Abuse of Data” on April 10, 2018.
Flanked by the Senators, Mark concluded his testimony, and regretfully admitted:
It was my mistake, and I’m sorry!
What does all this mean to you and me? As a responsible social media user, what lessons should we learn after this incident? This is what I attempt to explain through this post today. But let’s first dive into a little background of this imbroglio:
What was Cambridge Analytica? And How did the data leak happen?
Cambridge Analytica was a political consulting firm based in London, which placed itself as a provider of intelligent data driven solutions to a variety of political and business clients. The firm worked on a business model of targeted and influential advertising based on data profiling. Kogan, an app developer from Cambridge University developed an application on Facebook called “This is my digital life”. The app passed itself as a personality quiz app. Facebook’s privacy policies at that time allowed the app to gain access to the private data of not only the people who used the app, but also the data of people in their friends network. The personal database that the app managed to gain access to included their names, email addresses, likes, status messages and even the personal messages. The app thus managed to harvest personal data of a staggering 50 million users on Facebook.
Kogan then sold this data to Cambridge Analytica, without prior permission of the users whose data was collected on account of security lapses in Facebook at that time. Wylie (the CA whistle-blower) said that what Kogan offered us was way cheaper, way faster and was of a quality that nothing matched! The firm is reported to have used this data during the US presidential elections in 2016. It then segmented the profiles based on this personal data and used targeted influential/emotional advertisements to change the behavior of people in favor of the contesting presidential candidates.
Here is a video published on YouTube describing the nitty-gritty of the business model that Cambridge Analytica worked upon:
A strong lesson for 2+ Billion Facebook users:
No one likes their private data being misused. What happened in the Facebook data breach scandal was gross negligence of privacy and data protection laws by a company of this repute. In the light of this incident, here are the key learning to take home:
1. Take full responsibility of your data
When you’re using Facebook, you are fully responsible for the apps that you interact with and permit access to use your personal information. If you condone this responsibility, then incidents like this data breach scandal will remain fairly common. As an informed and educated social media user, you have to understand the level of information an app wants to access. If you feel uncomfortable with a particular app, it’s better to avoid it rather than being sorry in future.
2. Understand how an app may use your data
How often do you care to read the permissions an app wants to access to? This is not just limited to the apps on Facebook, but also expands to the apps we interact daily on our smartphones. I can bet, very few of us even bother. Whenever you come across an app, do spend a few minutes understanding the list of permissions (location, contacts, messages, photos, etc.) that it wants to access. If you trust the app and feel that granting such permissions is benign, then feel free to interact with the app. If you suspect something fishy, stop using the app.
3. Periodically review the apps which have been granted permissions to access your data.
It’s important to keep reviewing all the third party apps that have already been granted permissions to access your data. On Facebook, you can do this by visiting the apps and websites tab in the settings menu.
You’ll see the list of apps that are active and can request information you’ve chosen to share with them. You need to review those information. When you click the view and edit option, you’ll see the list of personal information that you’ve chosen to share with the app to personalize your experience. Here is a screenshot of a live music streaming app called ‘Saavn’. You will have the options to turn the controls on and off.
However, if you feel that the control to some information is inactive, you can always contact the app developer and request him to delete your data.
Regulatory After-Effect: Introduction of General Data Protection Regulations (GDPR)
The EU (European Union) recently passed the GDPR with effect from May 25, 2018. Under these regulations it is binding on all the companies doing business within the EU and European Economic Zone to protect the data of individuals belonging to EU by enforcing the privacy of highest levels.
The companies are obliged to obtain consent from individuals every time they wish to store/share their private data to customize the experience. If a company is found violating these regulations, then there is a provision of imposition of a penalty of up to 4% of its global turnover! This pretty much explains the reason why you might have started seeing a sudden spate in number of emails from internet companies regarding updated privacy policies in compliance with the GDPR.
What’s your take?
What are your views on data privacy? How do you ensure safety of your data in this digital world? I look forward to a healthy and meaningful discussion here.