By now it should be apparent to anyone who keeps up with current events that Facebook is more than a social media platform. Either that or our definition of social media needs to be drastically expanded. The privacy horror show that has unfolded before us these past few weeks around Facebook and Cambridge Analytica has shown the world just how powerful you can be when you have data and you know what to do with it. Powerful… and dangerous.
This is possibly the strongest message we’ve yet seen in support of better privacy regulation. It comes at an interesting time, too. We’re right on the eve of Europe’s General Data Protection Regulation (GDPR) going into effect: the most comprehensive and protective privacy legislation the world has ever seen.
But are those who would protect us from the likes of Cambridge Analytica (and Russia) listening to that message? It’s complicated — here’s why.
More Than a Social Media Platform… But What?
As keepers of the largest treasure trove of personal data on citizens all over the world, the social media giants are literally sitting on some of the most valuable resources on the planet. As such, it hardly seems fitting to call them mere social media platforms. ‘Public institution’ might seem more appropriate for 2018 and beyond.
And as we all know, public institutions are subject to governmental privacy regulations (or should be).
Do Tech Giants Have Privacy Concerns? Do They Require Oversight?
Tech giants like Facebook, Twitter, and Google have shown where their priorities lie… and in doing so have revealed that privacy is not their primary concern.
Whether it’s inadvertently (through hacks) or under terms (through contract loopholes), the enormous troves of personal data they collect, and store have been accessed by the wrong people.
In the case of the 2016 U.S. presidential election, it was accessed by some very wrong people: Russians bent on fomenting disruption and influencing campaign in order to sway election results.
Now that we’re discovering Mark Zuckerberg not only failed to be proactive but may have known about the Cambridge Analytica shenanigans all along at his company, the idea of Silicon Valley self-policing to keep our data safe feels naive and ludicrous.
“Last week’s hearings demonstrate that these companies might not be up to the challenge they created for themselves.”
-U.S. Senator Al Franken, D- MN
We shouldn’t even be surprised at Silicon Valley’s lack of respect for privacy. In 2010, Mark Zuckerberg declared the end of privacy, stating it was no longer a social norm to expect it. That same year, Facebook took away much of the control their users had over their own data. They also made more personal information public. Does that sound like the actions of a CEO who cares about privacy?
This attitude toward privacy is what paved the way for the Cambridge Analytica nightmare. In doing so, it highlights the power held by one single tech giant.
Influence is One Thing. Deep Psychological Manipulation Based on an Invasion of Privacy is Another
Facebook and a handful of other social media tech giants like Twitter now have the power to influence elections, thanks to the personal data they collect. When they make behind-the-scenes liaisons with companies like Cambridge Analytica, the way Facebook did, it can lead to some very sinister results.
It’s not the influence that’s worrisome… after all, newspapers have been disseminating information for generations, changing people’s minds and thereby influencing elections. But newspapers never had the ability to change their message according to who was reading them. And of course, they were never privy to deeply personal and sensitive data on their readers. Plus, no single newspaper has ever had a grip on the world like Google and Facebook now enjoy.
What’s troubling is open access to private data which has allowed for the possibility of widespread manipulation. This vulnerability to global manipulation is what makes an increasing number of lawmakers and many private citizens see an urgent need for better privacy regulation. What’s at stake may be much more than many imagine.
The Vulnerability of Private Data Can Lead to Much More than a Disruption of Ideas
Weaponized, the data that tech companies collect on their users amounts to a tool that could cause not just global disruption but actual global devastation.
Case in point: the world has recently learned that Russian meddling in Facebook is thought to have influenced U.S. voters. Some think it may have caused unrest in the physical world, too. U.S. Senator Richard Burr chairs an intelligence committee that’s looking into the Russian efforts on the election.
“What neither side could have known was that Russian trolls were encouraging both sides to battle in the streets…”
-U.S. Senator Richard Burr, R- N.C.
Governments seem to be waking up but there’s a steep learning curve and they have a ways to go before they can clearly understand their role in all this. Meanwhile, what have the social media giants been doing about this? Very little, until pressured.
No Shame, No Cooperation Until Pressured
Last November, top tech company leaders appeared before intelligence panels in the U.S. Senate. Answering for the rash of Russian-backed ads on Facebook and Russia-backed accounts on Twitter, reps from FB, Google, and Twitter seemed to brush off any notions of serious impact on the 2016 presidential election via their platforms. Claiming that most of the ads centred around divisive campaign issues but no specific candidates, they effectively seemed to be absolving themselves from any responsibility in the matter.
Failing to see the seriousness of the Russian meddling is bad enough, but as it turns out, tech companies had been turning a blind eye for at least a year.
Big Tech and Government Need a New Paradigm
So: big tech companies like Facebook are huge, they’re powerful, and they hold tons of personal data on millions of users. And, as we’re learning, they’re also lax about privacy concerns.
Governments are just now waking up to the fact that these are not your ordinary corporations. They operate in a larger realm, in semi-public spaces that mimic institutions of yesteryear… and they need a new paradigm for regulation. GDPR might just show the way.
The new paradigm, heralded by GDPR, could be based on the idea that people should own their own data. They should also have effective ways to protect their data from being sold to the highest bidder. In the U.S., the Federal Trade Commission (FCC) has done very little in this regard, allowing companies like Facebook to harvest, store, and sell the data of millions of users from around the world.
In Europe, however, GDPR promises to have much more bite. It’s powerful and simple, the winning combination for effective legislature. It states that people own their private information and any online company must allow them the right to control that data by providing the necessary tools to do so. It also requires that companies have easy-to-understand descriptions of their privacy policies and that they offer consumers the ability to have their information deleted. And perhaps most importantly, it requires an explicit ‘opt in’ for the collection of personal data.
GDPR goes into effect on May 25 — just in time for everyone outside the European Union to realize its importance. Thanks, Facebook, for showing us the light.
Marc Gagné CCIE, CCII, CCTA, CIPP/G/C, CTFI, MAPP
Services Juridiques Gagné Legal Services