020 7831 0101

Does data privacy “trump” data exploitation?

Does data privacy “trump” data exploitation?

The news about Cambridge Analytica allegedly using personal data to influence elections is not new. The Guardian has been investigating them for some time and an article from May 2017 suggested that Cambridge were employed by both the Trump election team and Brexit leavers to swing their respective elections. It also highlighted interesting connections between Cambridge Analytica, Steve Bannon and the Brexit Leavers.

The news about Cambridge Analytica allegedly using personal data to influence elections is not new. The Guardian has been investigating them for some time and an article from May 2017 suggested that Cambridge were employed by both the Trump election team and Brexit leavers to swing their respective elections. It also highlighted interesting connections between Cambridge Analytica, Steve Bannon and the Brexit Leavers.

The recent revelations which have pushed Cambridge Analytica, its Old Etonian “controllers”, Facebook and Mark Zuckerberg into the headlines assert that Cambridge also scraped data from Facebook users by running a quiz in 2014 and selling that data to the Trump campaign, providing it with the details of 50 million individuals.

Leaving aside concerns about a concerted attack on democratic principles, this raises questions about data security and the myopic use of social media by users who don’t check the small print and are unaware of what happens to their personal data. Most users of Facebook as a portal into other sites haven’t thought beyond that simple efficient use of their data and have never realised what Facebook might pass on to third parties and how they might in turn use it. By using Facebook (and other online) accounts to log into apps and websites, users are often inadvertently allowing those apps and websites to access not only users’ personal data but also details of their contacts. It is then unclear what might happen to this data. Most connected activities involve some form of marketing activity but marketing can be construed very widely encompassing, in this instance, political campaigning.

It seems that Facebook is holding its hand up to its misbehaviour (under pressure from its millions of users but, more importantly, from the significant fall in value of its shares and the potential loss of advertising revenue) and suggesting that its users should be more clearly informed about its policies. It will be interesting to see how it might educate them and how it might exercise greater control over the personal data it has access to.

This comes at a time when we are about to see the introduction of new data privacy legislation (the General Data Protection Regulation (“GDPR”)) from 25 May 2018. In theory this legislation, which will remain in force post-Brexit, will impose greater control over the manner in which organisations use personal data and will restrict any use of data beyond the reason for which it is provided. At the same time, the Information Commissioner (who is responsible for data privacy) will become much more active in investigating and enforcing any misuse of personal data. She has been very involved in the investigation of Facebook and Cambridge but has had to telegraph her interest and proposed actions so far in advance that any data abuse might have been covered up by the time she has obtained access to key players.

Under the GDPR she will have much greater financial powers, being able to impose penalties of up to 4% of turnover, but we won’t know how successful she will be at restraining data abusers until she has tested her new powers. Some are already suggesting the GDPR does not go far enough and doesn’t provide enough powers of enforcement.

In the meantime Facebook (and social media) users need to be educated about what is happening to their data and to take greater responsibility for its security and use (providing, of course, that they care). They should check their data is being kept securely and only being used for certain purposes by looking at the data privacy policies of online sites; they should monitor the consents which they provide to websites; they might only provide data to sites which have security certification; and they must call out any further abuse of personal data by the likes of Facebook. This will hopefully encourage social media organisations to consider their users’ interests first and politicians to support our innate right to privacy. 

Data has been labelled the newest and most important global commodity. The battle for control promises to be long and drawn out.