Personal data of millions of Facebook users was collected without consent in 2018 Cambridge Analytica Facebook data scandal, the biggest data breach in history.
In the wake of the Cambridge Analytica controversy,
Britain’s Channel 4 News reporters ran an undercover sting operation on CA’s
micro-targeting behavioral science-based political research and analysis work,
posing themselves as political consultants looking for CA’s help to win an
election in Sri Lanka. In a secretly videotaped footage CA’s former CEO
Alexander Nix boats about the firm role in winning Electoral College for Trump
by securing tiny margin victories in three swing states. Such a narrow victory
is achieved by carefully manipulated micro-targeted political adverts. Nix can
be heard saying in the footage, “We did all the research, all the data, all the
analytics, all the targeting, we ran all the digital campaign, and the
television campaign, and our data informed all the strategy”.
Christopher Wylie
What is Cambridge Analytica?
CA is a British data analytics firm founded in 2013, and headquartered in
London. It offers data-related services to corporates and political
parties by running promotional ad campaigns in online communities using a
data-driven, behavioral science based approach. CA is
an offshoot of SCL Group (Strategic Communication Laboratories). The firm
collects data from social media platforms, and through its own polls and
surveys. Its services involve research work on counter-narcotics, food security, and political
campaigns. Reports show CA had on previous occasions assisted political campaigns in Kenya,
Colombia, and India.
How did Cambridge Analytica get data?
Since the year 2010, Facebook had a service called OpenGraph, an API (Application Programming Interface) that enabled third-party app developers to create apps with Facebook
integration and obtain personal data from users such as user’s name, age,
gender, location, education, political ideologies, relationships, religious
thinking, online chat status and in some instances users’ private chats,
however subject to the consent of those users. What Open Graph does is to let
Facebook users sign into external apps using their Facebook credentials and become a member of those third-party services with their Facebook identity. However,
before Facebook's privacy policy changed in 2014, no explicit consent was
required for third-party apps to gain access to data of a user’s friends’
profiles. Consequent to privacy policy change in 2018, third-party app
developers will no longer gain access to Facebook users' data if users stop using the app
for at least 3 months.
Cambridge Analytica took advantage of
Facebook’s data access policy to obtain Facebook users’ data through an
external app called thisisyourdigitallife in 2015. The third-party app hosted a personality
quiz for those users who were paid around $3-4 to take the quiz. The quiz represented that the data will be used for academic purposes only. However, the data collected
were not restricted to the personal information of those who consented and were paid to take the quiz. The app unlawfully obtained user data from users' friends’
Facebook accounts, and these personal data were used outside of academic
purposes when they were sold for commercial purposes.
The personality quiz was created in 2013 by Cambridge
academic Aleksandr Kogan with the help of his company Global Science Research.
Reports say roughly 300 000 Facebook users answered the quiz. Kogan was a
Russian psychology professor at the University of Cambridge. However, the
university of Cambridge denies any connection with CA. Mark Zuckerberg in his testimony before
Congress however stated that Kogan’s app is just one app similar to large number of apps built by other Cambridge
University-associated researchers.
Why did Cambridge Analytica want the data?
Cambridge Analytica wanted to build psychological
profiles of social media users to analyze their characteristics and personality
traits to micro-target political advertisements based on individual user
inclinations and preferences. The data harvested through
the app thisisyourdigitallife was shared with Strategic Communication Laboratories (SCL) which is the
parent company of the subsidiary firm 'Cambridge Analytica'. CA bought the data for
approximately $800k to develop psychological profiles of Facebook users and
individualize pro-Trump advertisements according to user ideologies.
Cambridge Analytica and Trump.
Billionaire Robert Mercer, a major far right-wing supporter who previously funded the Republican-flavored news site Breitbart had reportedly injected $15 million into Cambridge Analytica ahead of 2016 US Presidential elections. Steve Bannon who led the final
phase of the Trump campaign had served on the board of directors of Cambridge
Analytica from 2014 to 2016. Bannon was the chief strategist in Trump’s 2016 presidential campaign. A 2015 Guardian report reveals that before coming to Trump’s support, CA had previously assisted Ted Cruz's
presidential campaign. In Channel 4 news secretly-filed video footage, CA’s
Managing director Mark Turnbull readily admits CA's role in pulling the mud-camapign on Hilary Clinton 'Defeat
Crooked Hillary'.
Cambridge Analytica and Brexit.
Christopher Wylie claims that the Cambridge Analytica
firm and a Canadian firm called AggregateIQ collaborated during the
UK’s Vote Leave Campaign to help pro-Brexiters evade campaign financing laws.
Leaked papers by Shamir Sanni show AIQ had been paid for its services via donations
made to BeLeave(a sub-unit under Vote Leave Campaign). Wylie in his statement to UK Parliamentary Committee claims
that he helped create AIQ on behalf of SLC, the parent company of which
Cambridge Analytica is a subsidiary, and that AIQ and CA continued to share data during
the Brexit referendum.
FTC inquiry and Zuckerberg’s testimonies before the Congress.
The Federal Trade Commission (FTC) launched an inquiry
into the Cambridge Analytica data scandal in March 2018. FTC particularly looked at the issue
of whether Facebook violated its privacy obligations under a 2011 agreement it
had with FTC. After a year-long
investigation, Facebook Inc. was imposed a $5 billion penalty. The fine ordered in United States of America v Facebook Inc. stands as the largest penalty imposed on a company for violating consumer
privacy. The second largest fine is at $275 million that was imposed in CFPBand States v Equifax.
In April 2018, Zuckerberg made two Capitol Hill
appearances to give his testimony about the Facebook data leak and how the
company handled user data before the Senate Judiciary and Commerce Committee
and House of Energy and Commerce Committee. In his testimony, Zuckerberg admitted
that Facebook could have in theory banned CA in 2015, and by not doing so it made a huge mistake.
Cambridge Analytica and GDPR.
In
response to the Cambridge Analytica Facebook data scandal, the EU
enacted a new privacy regulation called General Data Protection Regulation to
protect digital privacy of users on online platforms. GDPR introduces a new fine regime
against data breaches and a statutory rights framework to protect the privacy
of online users. The State legislature of California also introduced California
Consumer Privacy Act (CCPA) for privacy rights and consumer protection. After the Cambridge Analytica data controversy, many countries started to enact GDPR based data privacy regimes in their own jurisdictions. In early 2022, Sri Lanka became the first South Asian country to enact a data privacy legislation.
Conclusion.
Four years after the Cambridge Analytica data scandal, Facebook's privacy policy has changed drastically due to strict data privacy regimes and constant monitoring by newly established regulatory bodies. Cambridge Analytica data scandal did affect Facebook in a major way, in that the users’ trust in Facebook’s privacy policy was damaged significantly. But Facebook’s MAU numbers keep rising. As of July 2022, Facebook has roughly 2.93 billion monthly active users. At the same time, the scandal changed the global online privacy realm in unprecedented ways. In the aftermath of the scandal EU's GDPR came into being with aim of setting up a legal framework to govern how personal data of users are collected, processed, and erased. The European Court of Justice in its landmark rulings like Google Spain SL v AEPD also complemented GDPR's new statutory rights regime by highlighting the importance of giving users control over the data they share on platforms. The Cambridge Analytica scandal also stimulated scholarly debates on the subject of data privacy, compelling lawmakers to weigh the pros and cons of having a strict data privacy regime. Federal Trade Commission’s massive fines on Facebook show the seriousness of the data breach offenses in today’s data-driven online economies and highlight the need to hold giant social media platforms accountable for privacy violations on their platforms. The future is privacy, and as we are living in a time of eroding trust, governments. lawmakers, non-governmental bodies, and all other stakeholders need to act fast to future-proof our online data privacy.
No comments:
Post a Comment