A Closer Look at the Facebook Privacy Fiasco
April 23, 2018
Does this message look familiar? If you’re like the 71 million other Americans who use Facebook, it does.
All eyes are on the world’s largest social media company as it is under fire for ultimately revealing unknowing members’ personal information and selling it to a data collection firm. What exactly happened?
What’s the fuss all about?
In a nutshell, the scandal is surrounded by the fact that Facebook did not alert users that their personal data was harvested through “This Is Your Digital Life” app, one of several personality quizzes presented on the platform. When it’s all said and done, approximately 87 million users’ private information worldwide has been directly or indirectly compromised.1
And the scandal has proved to create quite the uproar in the U.S. as Zuckerberg spent 10 hours with U.S. Congress answering over 600 questions about the breach. Aside from the time spent there, the entire country is writing, speaking – arguing – that the U.S. needs a strategy to protect general data. If private information had been protected under federal regulation laws, would these millions of users’ information have been spared?2
While private health information is protected in the U.S. under HIPAA, the sharing of non-healthcare related information isn’t shielded at all. The U.S. does not have laws in place to protect general data like the EU’s General Data Protection Regulation, or GDPR. GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. If solid rules and regulations were in place when Facebook users’ data was breached, would the ramifications for the social media company have been more straightforward?3
How was Facebook users’ data obtained?
Aleksandr Kogan, a psychology professor at the University of Cambridge and owner of Global Science Research, collected data from Facebook users who downloaded his app, “This Is Your Digital Life.” Only 270,000 Facebook users installed the app and took its personality quiz, and those users consented to have their personal data collected. What’s key here? Those users also gave permission to collect data on all of their Facebook friends, resulting in information having been gathered from millions. Kogan sold all of the collected data to Cambridge Analytica. Facebook was made aware of the issue in 2015 but never alerted its users to the breach of information even though data harvesting violates Facebook’s own data policy.
What is Cambridge Analytica and how are they involved?
Cambridge Analytica is a London-based data collection and analysis firm founded in 2013. They study individuals’ internet trends on sites like Facebook and then coin slogans and campaign initiatives to help their client – largely political groups – win elections. Cambridge Analytica bought millions of people’s’ personal information from Kogan and Global Science Research to help sway voters for future political clients.4
What is Facebook doing to protect users going forward?
Zuckerberg has admitted that he made a “huge mistake” in failing to take a broad enough view of the company’s responsibilities. “It was my mistake, and I’m sorry. I started Facebook, I run it, and I’m responsible for what happens here.” Zuckerberg says in a prepared statement.5
Aside from apologies and admitted wrongdoing, changes will be made to Facebook itself. The information that third-party apps can gather will be limited, some functionality will be deactivated or deleted, and users will have a clearer idea of what information apps have collected about them.6 Facebook now has about 15,000 staff members working on security and reviewing content. Zuckerberg says that figure should rise to 20,000 by year’s end.7 What those thousands upon thousands of employees will be doing to protect the consumer and their data, though, remains to be seen. Ultimately, without regulations to protect personal information, whether or not Facebook – or any organization that holds your personal information – can be trusted is forced to be an individual decision.
How does this incident speak to privacy and security in general?
In response to the Facebook/Cambridge Analytica scandal, the U.S. government is stepping in. Congress has asked Zuckerberg over 600 questions and the Federal Trade Commision has announced that it is investigating Facebook’s privacy practices. A class action lawsuit has also been filed in the US Federal District Court in Delaware, where Facebook is incorporated. The lawsuit was brought forth for potential violations to the US Stored Communications Act. The legislation provides for a minimum $1,000 penalty per violation found by a court. So if the case is ruled against Facebook, it could face damages of well over $70 billion.8
While the government’s involvement is a step in the right direction, consumers are left to question if our national and state laws can impose enough regulation over Facebook and other companies to make a true difference in protecting privacy. Until decisions are made and rules and laws are put in place, protecting your personal privacy is your own responsibility. As more and more business and personal information is accessible through the world wide web, it’s crucial to take the steps to protect it. Use the knowledge you’ve learned from implementing HIPAA compliance to safeguard not only your health information but any sensitive information – financial and personal – online.
May 18, 2020
With the onset of COVID-19, many employers have had to face the possibility of the virus entering the workplace. Normally, under the Americans with Disabilities Act (ADA), employers are prohibited… Read More ›Read More
May 6, 2020
On March 13, President Donald Trump declared a national emergency in response to the rapid spread of COVID-19. Two days following this statement, the U.S. Department of Health and Human… Read More ›Read More
April 20, 2020
In this blog post, we review nine email encryption vendors (Barracuda, Egress, Hushmail, Indentillect, MailHippo, LuxSci, Protected Trust, Rmail, & Virtru) who provide HIPAA compliant email encryption services that will… Read More ›Read More