Facebook’s privacy policies are under investigation by the US Federal Trade Commission over reports of the company’s illicit harvesting of users’ personal data. The agency is looking into whether Facebook violated the terms of a 2011 settlement to enhance its privacy policies so that third parties cannot acquire data from Facebook users without their knowledge or consent.
Revelations in the Observer show that Cambridge Analytica (CA) who worked with Donald Trump’s election team as well as the winning Brexit campaign, harvested millions of US voter’s Facebook profiles. The data gathered was used to create a software programme that aids to predict and influence voting choices, through micro-targeted ads.
According to a whistleblower, CA used personal information without authorisation in 2014 to build software that could target individual users with personalised political ads.
Christopher Wylie worked with a Cambridge University academic to obtain the data. He told the Observer: “We exploited Facebook to harvest millions of people’s profiles. And built the models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on.”
CA obtained voter data through a Facebook-linked app called “thisisyourdigitallife”. Aleksander Koga, a member of CA, paid Facebook users in exchange for a detailed personality test for academic research purposes apparently.
Roughly a quarter of a million people willingly took the test, but 50 million people have allegedly had their private data used for political gain without their knowledge.
In 2016, Facebook had only just became aware of the firm’s breach of contract, yet reportedly waited months for the data to be deleted by CA.
In recent years, the social media company had received numerous warning about the breaching of security policies but had only suspended Cambridge Analytica and the university researcher who had harvested the data.
Last Saturday saw investigators from Britain’s data watchdog, the Information Commissioner’s Office (ICO), search the London offices of Cambridge Analytica amid these allegations.
Mark Zuckerberg, CEO of Facebook posted a statement about the scandal on Wednesday 21st March.
“We have a responsibility to protect your data, and if we can't then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again.
“Last week, we learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We're also working with regulators as they investigate what happened.
“This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.”
Soon after the scandal came to light, Facebook have unveiled changes to their privacy settings, a move that was apparently already planned ahead of the scandal, to comply with new EU rules.
The EU’s new law comes into force on the 25th May and toughens the requirements on how organisations handle the publics’ data – imposing harsher consequences for breaches.
The new settings aim to give people greater visibility to their privacy settings and an easier way to delete app data.