Your data is probably being used without your consent.
This is, I hope, not a shock to you. In fact, it’s one of the biggest takeaways of the recent investigation involving Facebook and a data mining company called Cambridge Analytica.
The short version: Cambridge Analytica used a quiz app to scrape data such as users’ identities, their friend networks, and likes from millions of Facebook users. Users inadvertantly gave consent by agreeing to the user conditions in the app. The company later used that data to build targeted political ads for Donald Trump’s political campaign, the New York Times, which conducted the investigation along with The Observer, reports.
But who’s to blame for such a massive breach of user privacy? Yes, it’s easy to point a well-deserved finger at Cambridge Analytica, and another at Facebook. But it’s too neat to pin it on those two when the problem is so much larger and insidious.
These seem like simple questions, but they’re really not.
To the first point: Well, the Facebook users that downloaded the data-scraping app, thisisyourdigitallife, did technically consent to having their data scraped.
We all do this. When we download a new app or sign up for a social media site, we never read the user agreements. They’re boring and we’re impatient. But the truth is they have some pretty important information in them. We check “yes” on Terms of Service agreements, even though we know in the back of our minds the fine print might include an article that the network plans to sell our information. We could all stand to be more discerning before downloading apps and filling out quizzes.
Even more invasive was that Facebook’s terms of service allowed apps to access friends’ Facebook data as well as the user’s own (this was the case in 2014 and, Facebook has stated, has since changed). That means that any app that was using Facebook at the time could have accessed as much data as Cambridge Analytica did, though it’s not yet clear if other apps did so.
Facebook executives have claimed “everyone involved gave their consent,” as said by vice president and deputy general counsel Paul Grewal. But that’s patently false. Consent, by nature, has to be informed for people to actually give it.
That is, how worried should you be?
Cambridge Analytica says they used this information to create profiling tools, which were then used to target political ads at users’ personality traits. In doing so, many news reports have suggested, the company helped put Donald Trump into office.
It’s still unclear if that sort of targeting has much influence. Research suggests that it does not. As The Verge put it, while misuse of data is a no-no, suggesting that Facebook likes are enough leverage to influence an election is “almost certainly overstating Cambridge Analytica’s power.”
Even so, the sort of data that the app was collecting is used by lots of other third parties. It’s incredibly valuable to advertisers, who can exploit users’ information to target their marketing down to the individual level. All of this high-tech data collection is in the name of a timeless goal: to get consumers to buy a product.
Discomfited by the seemingly unlimited power social media has over our information, lawmakers globally have pushed for governments to step in. In a recent review, the New York Times found that, in the past five years, more than 50 countries have passed laws that better regulate how people use, and are protected from, websites.
Most notably, in May, the European Union (EU) will put new regulations into effect that will ensure users understand when their data is being collected. The General Data Protection Regulation, or GDPR, requires that companies identify what data they are collecting and why it’s being collected, and allow consumers to access and control that data. The legislation applies to social media networks, which must comply.
The United States remains one of the few of the world’s leading countries that has no such legislation in place. Last year, Congress overturned a law that would have prevented internet service providers (ISPs) from selling data without users’ consent. Legislators have resisted taking any action against Silicon Valley; broadly, opponents of such regulation assert that these regulations stifle innovation.
But that doesn’t mean that Americans are going to be the only people in the world with their data up for grabs. As the EU’s new laws go into effect, Facebook is launching a new “privacy dashboard” that will help users worldwide exert better control over their privacy settings. Other companies are altering, or even shutting down, their social media advertising and data businesses internationally in response to the GDPR, Wired reports, simply because it’s too difficult to tailor services to the countries with more restrictive laws.
Cambridge Analytica may be the most recent company found to be taking advantage of the data users unwittingly hand over to social media sites, but it likely won’t be the last. There’s no telling how many apps have been doing the same thing. Their roles may come out in the future, or they could remain a secret.
GDPR shows the power that legislation can have in reining in the moneymaking schemes of social media. If similar laws were passed outside the EU, you wouldn’t have to worry as much about clicking “I agree” to any terms of service you damn well please.