Unless you’ve been living in a cave for the last month, you will have seen Mark Zuckerberg facing off against congress. While Zuck’s booster seat, his weird way of drinking, and the Senators’ lack of internet smarts were all very entertaining, this is part of a wider shift in how we think about data privacy – one that can’t come soon enough.
Zuck may have gotten off pretty lightly (the most searching question seemed to be ‘do you sell data?’ – to which the obvious answer was: ‘No [not exactly…]’) but the Cambridge Analytica scandal that has plagued the internet since the start of the US elections is now more present in the mind of the public than ever before.
Russian Headfirst Into Chaos
In 2014, about 270,000 people took a personality quiz from an app called This is Your Digital Life (which, strangely, did not set off any alarm bells). Those who participated unknowingly shared personal information – including birthdays, pages they’ve liked and in some cases, even private messages – to Cambridge Analytica. The process also accessed data of their Facebook friends – so your aunt that constantly posts which type of potato they are has inadvertently given away your info too.
This information was then allegedly used to influence the US elections (with Cambridge Analytica working for Trump’s presidential campaign), with the use of personalized political ads, and ‘bot’ accounts that would target certain Facebook posts and spam them with anti-Hillary (anti-snowflake) propaganda. Facebook found out in 2015, and asked Cambridge Analytica to delete the app data at once – which, apparently, they did not.
As more people took to Facebook to passionately announce that they were deleting Facebook, it seems that Cambridge Analytica have fared much worse than Zuckerberg. Less than a month after Zuck’s inconclusive testimony, and in the wake of damning undercover recordings by Channel 4 in the UK, Cambridge Analytica have announced they are ‘immediately ceasing all operations’ and will start bankruptcy proceedings in the coming days.
‘Why Should I Care?’
This global scandal has brought to light many issues in data protection, and the loopholes that companies like Facebook and Cambridge Analytica have operated in for so long. The rules that govern how people use data have been out of date for some time, being based on an early understanding of the internet and how data can be interpreted and traded (in discrete transactions, for example, rather than using a coagulate of information to provide relevant advertising space to a political consultancy firm).
Apart from possibly giving your data to shady organisations like Trump’s personal staff, this scandal will change your rights to data protection forever, even if you don’t realise it. The European General Data Protection Regulation (GDPR) will come into effect on May the 25th across all EU member states, and is designed to give users more control over the data they produce, and simplify regulations over data for international business.
To make sure these new rules are obeyed, a fine of up to 4% of annual global turnover or 20 million Euros, whichever is greater, will be applied to those that misuse data, or simply do not get specific consent from the owner. This is an eye-watering punishment, even for a company as large as Facebook, and indicates that the EU are not playing around.
By stipulating ‘global’ turnover as the target, they have effectively extended this mandate beyond Europe, a smart move considering the fluid and borderless nature of enterprise these days, and one that will have companies covering their bases, not trying to find exceptions.
‘What About the Rest of Us?’
This regulation sets a new precedent, giving European citizens a ‘digital right’ over their personal information, and makes sure that nothing slips through the cracks (anyone who handles data must show they received consent, how long they had it for, that they have defended against data breaches, and must give details of the assigned data controller).
While this does not immediately impact people outside of Europe, GDPR states for the first time that personal data belongs to that person, and should be treated in the same way as any other personal property, which is sure to resonate around the world at a national and regional level. Companies must also disclose the changes they are making – no doubt your inbox has been flooded with mailers pleading you to read updated terms and conditions – giving users the option to agree or disagree, and withdraw their consent at any time.
Change Has Got to Come
The scale at which the data privacy conversation has blown up, and the fact that the EU has stepped into the ring to crack the whip, means that soon enough there won’t be anywhere to hide, and our human rights will increase by one – the right to find out which pasta fits your personality, without being trolled by the depths of the internet.