Data Protection and Political Campaigns
On 17 March 2018, whistle-blower Christopher Wylie shocked the world by revealing how his former firm Cambridge Analytica (“CA”) allegedly exploited data from Facebook to influence voters and win elections. Wylie worked at CA from the beginning and described the company as an “arsenal of weapons” in the current culture war.
The company, with a cash infusion from right wing billionaire Robert Mercer, grew exponentially as it collected increasing amounts of personal data from online users. On its website, the company claims it has accumulated a treasure trove of data, “with up to 5,000 data points on over 230 million American voters”. Wylie described how the company used this data to pinpoint voter profiles and create targeted content to persuade people to vote a certain way.
While the biggest shock is the allegation that this company had such a big role in recent elections, such as Brexit and the 2016 US election, another critical aspect that needs to be evaluated is the misuse of data and data protection.
Both the US and UK authorities are looking into Facebook’s handling of user’s data, with warrants for access to CA’s facilities and Senators and MP’s requests for Mark Zuckerberg, CEO of Facebook, to appear in Congress and Parliament to discuss Facebook’s alleged breach of data protection. He has now given evidence to Congress.
CA obtained their data through an App, created by academic Aleksandr Kogan. The application contained a personality quiz. According to Facebook, about 270,000 people downloaded the application and logged in with their Facebook credentials. After users downloaded this application, it began to gather data about the user and the user’s friends. Once data had been collected, it was then passed along to Cambridge Analytica for analysis. According to the Washington Post, Cambridge Analytica obtained access to the Facebook data of over 50 million people.
Even though Facebook users gave their consent to download the App onto their account, the pressing issue is the fact that the APP handed the data over to a third-party account. In search of more clarity, the UK Information Commissioner’s Office has obtained a warrant to search Cambridge Analytica’s office. Additionally, Attorneys general from the US States of Massachusetts and Connecticut have launched investigations into how Facebook handled their data.
More recent reports highlight Mark Zuckerberg’s statement regarding the release of the data. Zuckerberg states that he is disappointed in himself for the lack of security on user’s accounts. “I promise to do better for you,” said Zuckerberg, in full page ads taken out in US and UK newspapers apologizing for Facebook’s role in the scandal.
Notwithstanding his evidence to Congress, Mark Zuckerberg has not as yet agreed to testify to the Culture Media and Sport committee in the UK.
The scandal has raised immense questions regarding the issues of customer privacy on social media as well as data protection. Data Protection in the US is relatively weak, in comparison to the safeguards in the UK and Europe. These safeguards will be strengthened further still when the General Data Protection Regulation comes into force in May 2018. In response, Facebook has already changed its policy on third party Apps is adding more information to the consent notices before users agree to launch an APP. Although the company can change its policies now, it cannot retrospectively protect their users’ information. This misuse of personal data demonstrates the great care that must be taken when handing over sensitive data, and why data protection is so important.
Disclaimer: The information in this article is for information purposes only. The article is not advice and should not be treated as such. The legal points made in this article are for general application only and should not be taken as specific advice for individual use.