The US data regulator, the Federal Trade Commission (FTC), has announced that it intends to fine Facebook $5 billion for its part in the Cambridge Analytica Scandal.
The fine that Facebook received from the UK’s ICO , coming pre-GDPR, was a mere £500,000 – but despite this being a huge amount more, many feel that it’s inadequate.
Here’s what Dave Lee, the BBC North America technology reporter had to say about it:
Facebook had been expecting this. It told investors back in April that it had put aside most of the money, which means the firm won’t feel much added financial strain from this penalty.
What we don’t yet know is what additional measures may be placed on the company, such as increased privacy oversight, or if there will be any personal repercussions for the company’s chief executive, Mark Zuckerberg.
The settlement, which amounts to around one quarter of the company’s yearly profit, will reignite criticism from those who say this amounts to little more than a slap on the wrist.
You can read the full news report here: https://www.bbc.co.uk/news/world-us-canada-48972327
It’s notable that the fine was only just passed by the FTC by 3 votes to 2, with those voting against it stating that it was insufficient, even though it would be the biggest ever brought by the FTC against a tech company.
Perhaps the most shocking thing is that Facebook shares actually rose 1.8% at the news, with investors receiving the news positively.
The debate will go on, but many will continue to think that Facebook got off lightly with just a $5 billion fine. If this had come under GDPR, it would likely have been in a great deal of trouble.
As it is, a mere £500,000 from the ICO – a record at the time, until the recent British Airways fine of £183 million – seems hardly worth mentioning.
The most welcome thing you’ll see from Facebook’s new policy is how much more control you’ll have as a user. A big positive coming from GDPR is that users have so much more control over their personal data, and it’s a welcome sight seeing Facebook comply here.
While the Cambridge Analytica scandal has really hurt Facebook’s credibility, the company has acted very quickly and efficiently to become more GDPR compliant.
It’s still not too late to become fully compliant with GDPR before the May 25th deadline – but you’ll need to act fast, and with professional consultants helping you on the way. That’s where we come in. Check out our services and get in touch with us for a quote now…
Read more on Facebook’s new policy here: http://tradearabia.com/news/MEDIA_339327.html
The main issue that arose from Cambridge Analytica taking 50 million user data was that it was obtained without consent. How is this possible? Well, unless an individual user has put their privacy settings to the highest level, pretty much anyone can view your information.
So how can Facebook adapt and give their user the power to control what they consent to and what they share?
Friends and Mutual Friends
One way Facebook can allow users to share their data – thereby consenting to share their data – is by adding a friend. Once you confirm a new friend this can essentially be considered as an individual providing consent to share their personal data with another individual – who is equally consenting to share their data.
The issue is that many users will most likely not have the privacy settings set to completely private. Which means people you may not even know can see your personal data (organisation such as Cambridge Analytica, for example). The option for you to hide your personal data from anyone who isn’t a friend should be in place from the get-go. It would then be on the individual to consensually adjust their settings to allow for more public sharing of data.
The really big issue is that isn’t easily fixable and would only really be an option for new Facebook users – and after this farce, that’s fairly unlikely. The best thing Facebook could do could be to just notify their users that they are setting EVERYONE’S Privacy Settings to the highest privacy option – I.E. that no-one can view your profile. That would then give the individual the power to set their profile to whatever privacy setting they like – thereby consenting to share their data with a select number of people that they choose.
This is just one example of what Facebook could do, but it also illustrates the massive task Facebook have on their hands. Would forcing their users to set their own privacy settings go down well? How would they go about obtaining consent to process individuals’ data? Can they just encrypt all the data they currently hold and ask for users to re-consent? Again, these are just a few of the many, many questions Facebook need to be asking themselves.
In the wake of the recent Facebook data breach, we take a brief look at how the social media giants could become the poster company for how NOT to be in the new age of GDPR.
In 2014, the company Cambridge Analytica ran a survey that collected the data of over 200, 000 Facebook users – those users willingly gave their consent to the company to use their data. They were actively taking part in the survey. However, Facebook has various functions in place that can allow you to view the profile, and hence personal data, of friends of one specific user – and potentially even friends of friends, and so on. Those users did NOT provide their consent to be used in the survey, yet it still was.
The number of users’ that did not provide their consent that has been floating around is 50 million. But, looking at the average number of Facebook friends (as noted here: http://bigthink.com/praxis/do-you-have-too-many-facebook-friends) that number could be significantly higher.
So, take those 200,000 friends and the average 338 friends per user, a potential 67.6 million could have been obtained without express consent. (Even looking at the median number of Facebook friends (200) that number would still reach 40 million, so that 50 million seems to be a middle ground number).
Facebook has come under a lot of scrutiny for this breach of data, but it doesn’t just end there for them. Other issues they have with data privacy include: not providing users with suitable privacy control (i.e. there are only a few privacy settings to even choose from), the amount of data they hold can alone be problematic with DSARs such as the right to be forgotten or the right to suspend processing. Mark Zuckerberg has even been called into UK Parliament to address various data protection concerns and misleading information.
One good thing that has come of this is that users are taking action with a campaign to delete Facebook. Ironically this campaign is happening on social media platforms such as Twitter, which is also likely to be collecting personal data of users without consent.
This campaign does represent the power users and individuals will get over their personal data when GDPR comes into place. #DeleteFacebook won’t just be an idle threat, but if you request for your account, and personal data, to be deleted, the company must abide by your request, or face further consequences.
Read more on the story here: http://www.bbc.co.uk/news/technology-43465968