The recent uproar surrounding Facebook right now is unique. Unlike other data privacy scandals haunting the headlines lately, this wasn’t a breach. No one hacked or phished their way in. There was no ransomware attack. They just got caught using our data in ways we never expected. This isn’t an issue of cybersecurity—it’s one of policy.
I recently posted on LinkedIn about the issue, wondering if others felt the same—if they too felt that this scandal could be the spark that fuels an increase in data privacy awareness here in the U.S. The response was mixed. As such, I want to take a moment to discuss the potentially far-reaching effects of a scandal catapulting data privacy regulation to the public consciousness.
There are a number of issues to unpack in order to understand the scope of the Facebook situation, the biggest of which is Cambridge Analytica’s access to 87 million users’ data. Target ads and content connected to the alleged Russian interference in global elections were run based on this information.
There was also the issue of Facebook collecting more information than users felt they had consented to share with the company, like their contacts’ personal information. Numerous other allegations range from the tracking of non-users to the illegal use of consumers’ biometric information.
While the importance of data breaches and privacy may be obvious to those who, like myself, work in the space, it goes beyond that. This case is relevant to people who’ve never even considered the need for privacy before. That is massively important. Facebook is so widely known and utilized that people who previously may have felt immune or disconnected from privacy issues will realize how important data protection is in an increasingly connected world.
The reaction to this scandal highlights a growing trend: people are increasingly concerned with where their information is and what organizations are doing with it.
Coming out of Europe, GDPR is a prime example of regulation seeking to give people the answers—and protections—they’re asking for. Although consumers beyond the EU are seeking to regain ownership of their data, I doubt the US government will implement equally stringent changes. My views on the matter have not changed since my last post, and the recent Zuckerberg testimony made it pretty clear Congress is on over their heads when it comes to the intersection of privacy and technology.
Regardless, things are changing. Media coverage and the resulting economic pressure has caused Facebook to be more transparent and forthcoming about their data privacy policies in light of this scandal. If you’ve logged in recently, you’ve likely received a notification on how your information is handled. You can download and review the information Facebook has on you and view which advertisers have obtained access to this information in the Settings page.
While these are important steps towards ensuring data privacy, we must be vigilant in ensuring continuous improvement. Without regulation, organizations may, like Facebook, only offer improvement when backed into a PR corner.
Taking a Step Back
It is important to note that Facebook is not the only company with problematic privacy policies. Numerous tech companies have, and likely will, face repercussions for flimsy data protection and consumer privacy policies. Twitter, Yahoo (now Altaba), and Google have all been in the news recently, and that’s just the tip of the iceberg.
I discuss Facebook here today, as it is the timeliest and most recognizable example, but this post is not meant as an indictment of the platform. Instead, I hope their recent situation will provide industry at large the opportunity to reassess how consumer data is managed.
Facebook knew these apps had access to our information but denied knowing how or to what extent third parties were using it. By no means is that an excuse, but it highlights the importance of obtaining and maintaining data control. Monitoring data usage, while possible, has not been a widespread practice, historically, because consumers have not had enough visibility to raise concerns. While the changing tides of technology may leave us more exposed to data theft, it also increases the transparency with which organizations must act. It’s time to step up privacy protection and use innovation to our collective advantage… as businesses and consumers.