The recent Facebook and Cambridge Analytica data breach scandal has been a hot topic in the news over the last while- but what actually happened?
As software technologies evolve we’re needing to deal with more and more personal data, and this kind of breach shows that, quite frighteningly, even the largest corporations aren’t managing to keep track of how their data is being used.
To understand what happened and what the implications are, here is a brief breakdown of the key issues:
The web of interconnected relationships that make up the full scope of this scandal are quite complex, but essentially, millions of people’s personal data (mostly from the United States) was shared without consent, before Facebook made major changes to its privacy settings in 2014.
This data was unwittingly shared when a researcher- who built a Facebook quiz app- gained access to 270,000 quiz respondents’ data, and all of their friends’ data as well.
This is a major privacy issue because it shows how easy it can be to gain exponential amounts of supposedly private data. What’s even more worrying is that this took place via a loophole in the way that Facebook managed their APIs, which suggests that the platform didn’t adequately prioritise the protection of private data when sharing information between different programmes.
The initial focus of the investigation was Cambridge Analytica- an umbrella company for an apparently quite shady British PR firm that works in “psychographic profiling” and messaging for governments and large corporations. However, what is becoming clear now is that Facebook really should have better managed peoples’ personal data in the first place.
This has lead to Facebook coming under intense scrutiny, even at a government level, and the platform is being criticised for not responding to an issue that they had apparently know about for a while, but didn’t do enough about at the time.
In response, Facebook has reaffirmed that they did clamp down on privacy issues in 2014, but unfortunately this was too late to prevent this data breach, as once the data was downloaded, it had been shared, despite Facebook’s legal attempts to have the data deleted.
In response to changing online privacy laws in Europe (which will be put into effect on 25 May 2018), Facebook has implemented a variety of privacy setting changes, as a way of making users more aware of how their data is being used.
However, these efforts have been criticised for not actually encouraging people to make informed choices, but rather guiding users just to accept all the changes by making it easier for them to do so with less friction. These measures also only apply to users in Europe, what about changes to privacy settings for users from other parts of the world?
Overall it’s clear that there has been a major breakdown in trust between Facebook and its users after this scandal, and this is definitely something that everyone at Facebook is working hard to amend.
The reality is that we’re all involved in producing and managing data online to some extent, and it is up to all of us to make sure we understand what the implications are for sharing certain information on a massive global platform that stores billions of people’s personal data (which is incredibly valuable for online sales and marketing).
But who really has the time and understanding of legal jargon to go through privacy agreements in detail? This is the problem, and the fact that unfortunately no one seems to know what the scope of these kinds of problems are before they actually happen.
Changes to the way APIs are built, was well as a range of other cybersecurity measures, like authentication, need to be carried out to prevent this from happening again- on all major platforms.
Even with all of the fear around of personal data being used without consent, we’re now more aware than ever of the importance of solid online privacy measures.
One point of discussion to come out of the debate around privacy at Facebook is that a balance needs to be found between providing data in exchange for monetary reward and the need to protect users’ information.
What’s also needed (and this is a big wake up call to every Facebook user) is that we all need a broader understanding of what sharing information online really entails.
In the meantime, advances in cybersecurity, authentication and privacy policy will most certainly be developed to counteract this historic data scandal.
