CA, Facebook & you

The controversy is a wake-up call to press ahead with a robust data protection law

March 23, 2018 12:15 am | Updated 12:15 am IST

The world has just learned how a data analytics firm, Cambridge Analytica, harvested the data of 50 million Facebook users and used that information to feed strategies such as ‘behavioural microtargeting’ and ‘psychographic messaging’ for Donald Trump’s presidential campaign in the U.S. Chris Wylie, a former CA employee-turned-whistle-blower, set off a storm with revelations of how the company had deployed a ‘psychological warfare’ tool for alt-right media guru Steve Bannon to try to sway the election in Mr. Trump’s favour. CA chief executive Alexander Nix, who was suspended a few days ago following an undercover report by a British TV broadcaster, said the company has used other dubious methods in projects worldwide — including honeytraps to discredit clients’ opponents. The combination of using personal data without consent and tailoring slander campaigns, fake news and propaganda to discovered preferences of voters is a potent and corrosive cocktail. Facebook has said its policies in 2014, when a personality profiling app was run on its platform, permitted the developer to scrape data not only from those who downloaded the app but also from the profiles of their Facebook ‘friends’. Yet it did not make sure the data were destroyed by the app’s developer Aleksandr Kogan, a Cambridge University academic, nor by CA itself when it came to light that Mr. Kogan had sold the data to CA, a third party. Facebook founder and CEO Mark Zuckerberg has offered an apology and expressed willingness to cooperate with inquiries and potentially open up Facebook to regulation.

This episode has brought to light several issues that need to be addressed. First, companies have been collecting data and tailoring marketing campaigns accordingly. The issue here is particularly prickly because politics and elections are involved. Second, regardless of whether what Facebook and CA did was legal or not, something is broken in a policy environment in which the data of millions are taken and used when only 270,000 people knowingly or unknowingly gave consent. Third, technology is evolving at a rapid pace, raising the question whether laws need to be reframed mandating an opt-out approach universally rather than an opt-in approach. Individuals often share their data without being aware of it or understanding the implications of privacy terms and conditions. Fourth, there must be clear laws on the ownership of data and what data need to be protected. Personal data cannot be the new oil. Individuals must own it, have a right to know what companies and governments know about them and, in most cases, that is, when there are no legitimate security or public interest reasons, have the right to have their data destroyed. The CA issue is a wake-up call for India; the government is still dragging its feet on framing a comprehensive and robust data protection law.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.