GDPR to the rescue as Facebook betrays our trust
Facebook isn’t having a good week. In fact, since Donald Trump was elected President of the United States, Facebook, along with other social networking platforms, (Twitter, Instagram, Google etc.) have been in a bit of hot water. It seems we’ve all suddenly come to the realisation that putting every single detail about us, every thought we’ve ever had, into an app that is owned by a for-profit organisation and whose business model is built on selling off our deepest, darkest thoughts to advertisers isn’t all that great. Who would have thought, huh?
This week’s explosive revelation that Cambridge Analytica – a London based data mining and brokerage firm – scraped close to 50 million Facebook profiles by getting only 270,000 users to download an app, and then used that scraped data to create psychographic profiles of users to target political ads in the UK’s Brexit referendum and the 2016 US Presidential Election has everyone with an internet connection up in arms. So, what’s the big deal and why is the EU’s General Data Protection Regulation even more relevant now than it was one week ago? Well…
Excuse me, but have we met?
We all know Facebook (and every other social networking platform) thrives on advertising. It’s the sole reason users don’t have to pay for the service, or rather, don’t have to pay with money.
We’ve all experienced it; you jump on the internet one night, look up cheap flights to Iceland and the Northern Lights, and for the next six weeks, every second YouTube clip you try to watch has an advert for Reykjavik Excursions that you’re not able to skip. Sometimes it can be incredibly annoying, other times it lets you know about an upcoming gig at the Troxy – it’s a daily digital dilemma.
What is not so well known, however, is just how easy it is for Facebook - and other social networking platforms - to build frighteningly accurate psychological assessments of its users simply based on what they like and share on the site. Add to this the fact that people ‘check-in’ to various locations (like work, home and holiday resorts), as well as regularly tag their friends and family in photos, and Facebook can build almost perfect personas for marketers and politicians to go after.
As this New York Times article points out, researchers at Stanford and Cambridge Universities found that they could build a model to assess a person’s personality based on Facebook ‘likes’ alone. I repeat, a model of your personality can be built simply based on the things you ‘like’ on Facebook; never mind all the things you post like photos, location and WhatsApp and Messenger conversations. Think it’s safe to ‘like’ Kim Kardashian West on Facebook (or in real life)? Think again. By simply letting Facebook know that you ‘like’ her page, you’ve let advertisers know that you’re:
- Very extroverted
- Highly conscientious
- And not very open minded
As Keith Collins and Gabriel J.X. Dance point out, “when your fondness for Ms Kardashian West is combined with other interests you’ve indicated on Facebook, researchers believe their algorithms can predict the nuances of your political views with better accuracy than your loved ones.”
I’d like some GDPR, please
I’ve written before why personally I’m grateful for the GDPR. And if you still haven’t gotten your head around the GDPR, I suggest you check out this blog and download this white paper pronto.
In this particular case, however, I’m grateful that the GDPR is coming into effect in less than two months (25 May 2018), because it means apps like ‘thisisyourdigitallife’ – the app developed by Cambridge Analytica to scrape data off 50 million Facebook users – will have a much trickier time sneaking around our digital backyards. You see, the reason Cambridge Analytica was able to turn 270,000 consenting users into 50 million non-consenting users was through Facebook’s very own terms and conditions.
In 2014, the social networking giant made it possible for third-party apps to access the data of everyone on your friends list, in addition to your own. So, while you may have consented to a third-party app – like any one of the millions of apps that provide you with the option to ‘login using Facebook’ – to access your Facebook profile, Timmy and Jane from that one Contiki trip you took four years ago didn’t. Yet, thanks to Facebook, this third-party app now has access to all of us. Sorry, Timmy. My bad, Jane.
How did Facebook get away with giving us the slip? Well, unless you regularly go through and check all of the privacy features, updates, and terms & conditions Facebook is constantly bringing out (Facebook has now turned off their ‘spy on your friends feature’), the site – by default – simply assumes you agree to all of their changes; leaving it to you to make sure you’re up-to-date with the latest and greatest from the world of social media and digital technology.
It is on this point, this ‘assumed consent’, where the GDPR comes in to save the day. Come 25 May 2018, the GDPR will ensure there is no such thing as assumed anything when it comes to the world of corporate interactions. If Facebook, Sainsbury’s, Debenhams or Macey’s want to use your information to do anything, they must first explicitly and in easy-to-understand plain language obtain your active, opted-in consent; failure to do so will see them face fines of up to €20 million or four percent of annual global revenue, meaning this domino effect of mass digital surveillance will be slightly curbed. At least within the EU and those businesses that want to sell into that market.
Was Facebook wrong to let Cambridge Analytica access its users’ data in such a way? Absolutely.
Should we, as consumers of digital services be more aware of and take responsibility for the information we share online? Yes, yes and of course, yes.
Will the GDPR make us more digitally literate and stop this type of exploitation from happening in the future? I’m counting on it.
To find out how you can safeguard your customers’ data and meet GDPR compliance talk to Advantage today.
If you’d like to find out more about how to stop third-party apps from accessing your data click here.
Words by Camilo Lascano Tribin