19th April 2018
Mark Zuckerberg’s Facebook Data Privacy Hearing
If you’re on Facebook, and I have no doubt the majority of you reading this will be, then I expect you have shown an interest in Mark Zuckerberg’s recent hearing with approximately 40 U.S. senators regarding the breach of data privacy between Facebook, Dr Kogan’s app and Cambridge Analytica.
There has been a very mixed response when asking who was actually to blame, and if you watched the whole hearing (all 6 hours of it) then hopefully you’ve come to the same conclusion as me. If you haven’t then let me summarise the facts.
What actually happened?
In a nutshell, Dr Alexander Kogan ran an app, a personality quiz, through Facebook and was able to gain limited Facebook data about 87 million American Facebook users – including Mark Zuckerberg himself!
Kogan then sold this data to Cambridge Analytica in 2014, an organisation known to have assisted in the 2016 presidential campaign of U.S. President Donald Trump. Selling this data and using it was a direct breach of Facebook terms. As a result, the developer, Kogan, was banned from running his app on Facebook, and Facebook requested that the data was deleted – by both the app and Cambridge Analytica.
Facebook was informed that the information had been deleted at their request and therefore deemed it as ‘case closed’. This led Facebook to the decision not to inform the 87 million users who had their data sold. Facebook has since changed the way that app developers receive data, so a breach like this can’t happen again.
But is that enough? The senators questioning him didn’t seem to think so.
The right to privacy and understanding those all-important T&Cs
There is no doubt that everyone has the right to privacy – absolutely no doubt at all. And it was refreshing, and encouraging, to hear Zuckerberg say exactly that. He maintained that everyone on Facebook has complete control over their data – and I believe him. Personally, I have very strict privacy settings on my Facebook page, and I understand exactly how my data is used to show me relevant ads. I’d much rather be shown ads about products and services I’m interested in, as I agree that it enhances my online experience – much more so that being shown as advert about something I have absolutely no interest in at all.
While Zuckerberg has access to my data, I trust that he absolutely would not sell it. That directly breaches Facebook’s terms and conditions and to do so would be business suicide. However, the apps that run off Facebook are a different story.
When you accept a third party app, and log in using your Facebook credentials, a pop up requests you to actively opt in, allowing that app access and the ability to use your Facebook data. These apps could be games and quizzes, or something like TripAdvisor. The important part here is that as a user, you have to affirmatively opt in to say you are happy for your data to be used.
Now, in my eyes there are two problems with this:
- People don’t understand the implications of sharing their data with a third party app.
- People do understand the implications of sharing their data, but because they trust Facebook, they don’t read the terms and conditions.
It’s this second point that the senators felt was the most important: Facebook has a responsibility to protect people’s data, even though it wasn’t Facebook that sold the data. And to be perfectly honest, whilst part of me feels like Zuckerberg is being used as a scape goat, the part of me that understands human behaviour completely agrees.
Put it like this: you want a plumber, and your friend recommends one. You therefore expect the plumber to be professional and trustworthy, and you’d blame your friend if he isn’t – especially if he comes into your house, takes your possessions and sells them on. After all, without that friend you wouldn’t have used that plumber. Replace ‘friend’ with Facebook and ‘plumber’ with app, and you have the same problem. Just like a friend, Facebook is in a position of trust, and the senators agreed he has the potential to lead the way when it comes to online data security for users.
Zuckerberg agrees, stating "They did not want their information to be sold to Cambridge Analytica by a developer, and that happened, and it happened on our watch… Even though we didn't do it, I think we do have a responsibility to be able to prevent it."
In my eyes, that all sounds rather promising.
But did the senators actually understand Facebook, its data privacy, its limitations and how advertising and remarketing actually works?
While the hearing was serious in its nature, there were a few comical instances with questions from certain senators that highlighted their misunderstanding of how the internet, and Facebook works:
Senator: “How do you sustain a business model in which users don’t pay for your service?”
Zuckerberg: “Senator, we run ads.”
Senator: “I see. That’s great.”
Senator: “If I’m emailing within Whatsapp, does that ever inform your advertisers?”
Zuckerberg: “No, we don’t see any of the content in WhatsApp, it’s fully encrypted.”
Senator: “Let’s say I’m emailing about Black Panther within WhatsApp, do I get a Black Panther banner ad?”
Zuckerberg: “Senator, we don’t… Facebook systems do not see the content of messages being transferred over WhatsApp.”
Senator: “Yeah I know, but that’s not what I’m asking.”
What happens next?
Next comes the legislation and regulation. The general consensus was that senators run the risk of over-regulating if they are left to do so on their own, and that they will need Zuckerberg to work with them in creating the right regulations to further protect users online. Zuckerberg repeated time and time again that he is 100% supportive of regulation being introduced, but it needs to be the right kind of regulation.
Who do you think is the blame for the data being sold to Cambridge Analytica? Zuckerberg, Kogan or the users themselves? Let us know on social!