BY BRANDON DIMAPASOC
Last week, Facebook CEO Mark Zuckerberg testified before a joint hearing of the Senate Judiciary and Commerce Committees and before a hearing of the House Energy and Commerce Committee. Zuckerberg was asked to testify due to the revelation that 87 million people had their personal data accessed by the data analytics firm Cambridge Analytica, a firm with ties to the campaign of President Donald Trump. Cambridge Analytica collects and analyzes personal data to create psychographic profiles about voters in order to create ads that better influence viewers.
Public condemnation of Facebook has been swift and fierce, as the company has broken the trust of its 1.4 billion active daily users by allowing an outside firm to access their data without users’ explicit consent, a firm whose CEO was filmed discussing methods of extortion and the spread of fake news. The firm is also potentially in violation of federal election law, since it has been reported that its United Kingdom employees worked on advertising for the presidential campaigns of both Ted Cruz and Donald Trump.
The issue stems from Facebook’s decision to allow third party app developers to access the data of the friends of users of their third party applications until a change in policy in May 2015. In the Cambridge Analytica case, a psychological test called “This Is Your Digital Life” was taken by 300,000 users which enabled Cambridge Analytica to harvest data from those 300,000 users plus all of their Facebook friends, for that grand total of 87 million profiles harvested.
Facebook is not only under fire for allowing this unauthorized access to data, but also for failing to inform users of the issue when it was discovered by the company. What is of note here is that this controversy is not a hack, it is a failure of Facebook to have adequate protections in place to allow only authorized developers to access data. This failure left personal information of users free for exploitation by third parties. A failure that Cambridge Analytica exploited to access millions of users’ data to assist a presidential campaign that likely many of those millions did not support.
In response to the scandal, many have chosen to delete their Facebook accounts, including prominent individuals, such as Tesla CEO Elon Musk, co-founder of Apple Steve Wozniak, and the singer Cher. While deleting Facebook is an option for these celebrities, it is not an option for the 20 percent of U.S. adults who rely primarily on Facebook and other social media to keep in touch with friends and family, according to a study by the Pew Research Center. For this 20 percent of U.S. adults, Facebook and other social media is particularly important for maintaining communication between adult children and their parents. Ultimately, there is no substitute for Facebook, with its global reach and integration with other online services.
Rather than simply shunning away a service so interconnected with our use of the Internet, we should demand legislative action that increases Facebook’s accountability for how it uses people’s data and subjects it to stricter punishments for failing to maintain users’ privacy. It is more realistic to fix what is broken, rather than throwing all of it away.
A good first step would be implementing the California Consumer Privacy Act, which is expected to appear on the 2018 ballot in California. This act would allow consumers to “see what categories of their personal information large businesses collect about them, to tell those corporations to stop selling their personal information, and to not discriminate against them for making that choice; and to hold businesses accountable to victims of data breaches when they are reckless with Californians’ personal information.” Another regulation that would be helpful, and that Zuckerberg personally supported during his testimony before the Senate Judiciary and Commerce Committees, is to require Facebook to inform users of a breach of data within 72 hours. In 2016, the European Union passed a law containing the protections of the California Consumer Privacy Act and the requirement to report data breaches within 72 hours, in addition to ensuring users have the ability to “stop disseminating, halt third-party access to, or delete their data.” The U.S. should implement these protections as well, catching up in the area of digital privacy and consent to the level of protection that Europe has adopted.
It is also up to consumers to be more aware of the companies they give access to their personal information. Every time we make post on Facebook or Instagram or tweet out on Twitter, we expand our digital footprint and enable more advertisers to access our personal information to target us with ads. However, while there is an aspect of personal responsibility in being aware of the personal data we as consumers share, it is impossible to be responsible if social media companies are not transparent in their data policies. Therefore, it should be the burden of the social media companies to be as accessible and transparent as possible with how they collect and sell the personal data of their users. While it is voluntary to use these social media services, the average American should not have to make the choice between maintaining a sense of privacy and staying connected to friends and family.