By Naomi Stephens (Paralegal) and Amelia Edwards (Lawyer)
The headlines are screaming, the politicians are pontificating: the Cambridge Analytica data breach scandal has turned the spotlight on Big Bad Data, and through all the huffing and puffing that has followed the unshaken public consensus seems to be that Facebook has, by negligence or design, thrown vulnerable users to the wolves.
We seem to have turned a new page on data security, but what is the real story here?
Enter Cambridge Analytica: a researcher creates a Facebook quiz app that collects not only the data of people who completed the quiz, but (through savvy use of a once more generous Facebook API) their friend connections too. The pay-off: the personal data of 87 million Facebook users, world-wide. The Facebook app terms prohibit the selling of data collected via the API, and Cambridge Analytica breached those terms when that data was sold-on to political campaign groups. But the initial collection of that data, and Facebook’s corresponding disclosure, was authorised by each user and, generally speaking, completely above board. Just because users made a bad bargain doesn’t mean that Facebook did anything wrong, but when the public wants a bad guy it’s easier to blame the big guy than to try to understand what actually went on.
As this tale has unfolded, Zuckerberg’s tone has markedly changed: from initial firm denials of responsibility to ultimate abject apology.
But does Facebook have anything to be sorry about?
Privacy and Facebook – the legal side
The moral of the story
Of course, Cambridge Analytica has turned out to be a huge problem for Facebook – the hit its public reputation has taken as a result of the scandal, evidenced by the #deletefacebook viral campaign, has demonstrated once again the awesome flagellating power of social media as the modern arbiter of public opinion.
And so, the moral of the story is this:
- Conduct a cost benefit analysis, weighing up the projected value in the activity, and transparency, against the reputational risk.
- Consult a PR expert and a legal expert, and make an informed choice regarding relative risk and industries standards and have a plan in place for if and when things do go wrong.
If you’re looking for some fun in the meantime, watch the videos of Zuckerberg teaching several of the not‑so‑technically minded senators how the internet works. Good for a giggle.