The news that broke this week about data analytics firm Cambridge Analytica and their massive acquisition of Facebook user data is concerning to say the least. Facebook and many of the other companies involved in the mass collection of personal data have been excellent at highlighting the benefits of them having exceptional insight into the lives of their users. They talk about their unique ability to connect their users with the people and products that they want based on a profile they’ve built. These technology companies have been less forthcoming however, about the dangers that this microtargeting presents when used for manipulation of public opinion, beliefs or the swaying of elections.
Most of these companies have thrown up a simple defence, that they would never release user data to third-parties for commercial purposes and that any data they did release could not be used to identify individual users. They claim that they are the only ones with access and they do all the connecting for third parties. Given that Cambridge Analytica has been in possession of the personal data of over 50 million Facebook users since 2014, this defence is somewhat difficult to believe. This data has allegedly been used by Cambridge Analytica in their work on the campaign of US President Donald Trump and for the Vote Leave campaign in 2016 Brexit Referendum. If these allegations are true then Cambridge Analytica many well be the most successful manipulator of public opinion in recent years, and most certainly the most successful manipulator for hire.
Understandably many people are shocked at the revelations. Politicians and activists are calling for investigations and stricter legislations. The EU is already a step ahead with the General Data Protection Regulation (GDPR) coming into force later this year, representing one of the largest updates to data protection regulations ever and fundamentally forcing many businesses to reconsider how they gather and use user data. Founder and CEO of Facebook Mark Zuckerberg has faced calls to present himself in front of various committees to answer for Facebook’s failure to protect user data. For what it is worth Facebook has shut down Cambridge Analytica’s access to their platform, a full 4 years after they first discovered the data breach.
With all the shock and knee-jerk reactions going on, it is important to remember that we as users and citizens were warned that this would happen. In fact, privacy activist have been talking for years about the danger that the mass collection of user data presents and utter lack of law governing political campaigns on social media. Needless to say, they’ve mostly been ignored. The best way to sum up their message however is to say that if a service is free, you are the product. Facebook, Twitter, Google, Amazon and all the big technology giant’s business is user data, and we all just hand it over to them without a second thought.
Currently we rely on the goodwill of technology companies and self-regulation to ensure our data is protected adequately. Various enforcement offices may exist around the world with the stated aim of ensuring user data is being protected, but the simple fact is that they are too small and not equipped with the right powers to adequately perform their jobs. Furthermore, the fact that Facebook was apparently aware of the data breach raises the question of whether they even view it as worth their time to protect their users. After all there is no commercial upside for them, their brand is already linked with privacy concerns after the revelations that the NSA had full access to their data and chasing up data breaches takes time and money.
Facebook was already under significant fire for their handling of the investigation into Russia influence in the 2016 Presidential Election, and questions have been building over whether or not a similar role was played in the 2016 Brexit Referendum. The fact that their approach to managing each of these crises has been to bury the problem as deep as possible, only admitted culpability when there exists no other option hasn’t helped. This latest revelation has put them firmly in the spotlight on both sides of the Atlantic. However, this is where we arrive at the fundamental weakness that Facebook and the other tech giants have thus far exploited to keep itself unregulated: it operates in a black box but remains the most effective way of mass communicating a message.
No one outside of select teams in Facebook really knows how it works, the data it gathers or how it profiles users to deliver pinpoint targeted advertising. We know what data goes in and what the end product is, but not the process. Despite this it remains the most effective means for politicians and officer holders to communicate their message to voters, availing of this ability to target them with pinpoint accuracy.
This fact needs to be kept in mind as no politician will willingly sacrifice such a tool. Couple this with the fact that many political parties and individuals have directly benefited for the user data that Facebook has collected, it remains unlikely that they would want to cripple their campaigns and fundraising activities by curtailing the activities of tech companies significantly. This approach is demonstrated all to clearly by the Irish government’s efforts to water down the GDPR, creating a specific legal carve out to allow for the collection of data for political purposes to continue.
This presents ourselves as Irish voters with a significant concern. Ireland is the European Headquarters for Facebook and many other technology companies, and therefore they are required to comply with Irish data protection laws. Our Data Protection Commissioner is responsible for policing Facebook. If we allow our Government to create this carve out there is a distinct possibility that we will become a base camp for the continuation of these activities. Cambridge Analytica is being accused of subverting the democratic process with its practices, and we as a state and a people should want nothing to do with that.
Aaron Bowman – Politics Editor