Who should be blamed for the Facebook data breach scandal?
Facebook is currently facing a probe into what looks to be the one of the largest social media data breach in history. In a post on the company’s newsroom, Mike Schroepfer, Chief Technology Officer of Facebook, admitted that the information of up to 87 million people — 1.2 million being Filipinos — may have been taken by Cambridge Analytica, a British data analytics firm that lends its capabilities to political campaigns.
The tech giant stated that Cambridge Analytica’s acquisition and use of user data was unauthorized as they were not informed of the sale of data to them, but news reports however reveal that the firm has been harvesting data for over two years before the story broke out, with Facebook knowing what was happening all along. Even Mark Zuckerberg admitted on his testimony against the US Senate that Facebook first found out about Cambridge Analytica acquiring the data back in 2015.
Multiple conflicting reports aside, the truth of the matter is that a breach of private data happened. But who is at fault? Who should take blame for this? In order to answer this question let’s first take a brief look at what happened.
Two months ago, The Guardian and The New York Times revealed that Cambridge Analytica acquired the private information of up to 50 million Facebook users in order to influence the results of the 2016 United States Presidential Elections and the 2016 United Kingdom European Union membership referendum. The company was able to do this by buying the information gathered by the personality quiz app “thisisyourdigitallife” developed by research firm Global Science Research (GSR) for academic purposes.
Because Facebook’s partnership was with GSR and not Cambridge Analytica, the tech giant described the sale of user data as a “breach of trust” and cut ties with both parties while also taking steps to remedy the situation. The damage however has already been done.
It should be noted that despite only targeting 270,000 Facebook users who explicitly chose to share their data as part of GSR’s research, the quiz app was able to take the information of about 50 million users (now 87 million according to Facebook). This is due to Facebook’s former platform policy on research apps which allows the acquisition of the data of a person’s friends on Facebook despite not being involved in an ongoing study and without giving consent. Since the story broke out, Facebook has changed this policy and have made it harder for companies to acquire third-party data, as stated in the post of Schroepfer. The company has also created a page on their help center where you can check for yourself on whether or not your account’s private data was shared to Cambridge Analytica. Click this link to view it: https://www.facebook.com/help/1873665312923476
Being the largest social media network in the world, the incident made headlines globally, and calls for further privacy measures to legal probes in various governments, such as our own National Privacy Commission, has begun.
So let’s go back to the question, who is to blame for this? This question is more complicated than it might appear at first glance. Ultimately, responsibility should fall on the shoulders of Cambridge Analytica, Facebook, and even us Facebook users.
Despite being made for research purposes, there is no excuse for the third-party information gathering method used by the quiz app thisisyourdigitallife. Of all people, Facebook should know that consent with regards to the acquisition of private data must always be taken first, regardless of the intent. What’s more alarming is that Facebook needed for all of this to blow up before changing their app development policies.
Another way Facebook could have prevented this scandal is giving users more information on how third-party apps use their data and offering more choices to users on how to manage it. Users should be able to understand where their data goes and who has access to it.
Why Cambridge Analytica?
This is a no-brainer, obviously. In their attempts to sway public opinion, the research firm illegally obtained private data that was intended for academic purposes. Due to their acquisition, the company was able obtain millions of user data without consent.
Ultimately, some responsibility should also fall to us users of Facebook, as we have created the privacy environment that allows for these violations to happen. We carelessly give up our data to various parties in order to reap the benefits of new technology. We can blame Cambridge Analytica for using your data, which is their job in the first place, or Facebook for collecting our data. But if we really care about preventing these breaches, we must also take it into ourselves into protecting our data by changing our social understanding of privacy and how data should be collected and used. All of us should know that even a tech titan like Facebook is not impenetrable to data breaches, so we must always be vigilant in giving away any personal data. Otherwise, we should stop being surprised when our most personal information is inevitably misused.