Just Wow! Facebook “shares/sells” 50 million user’s PII without their consent? Not good…

As Facebook continues to explain their inexplicable actions in the Cambridge Analytica scandal, it is clear that the Facebook probably can’t be trusted to regulate itself. Mark Zuckerberg Facebook CEO says, “he’s open to the idea of some form of regulation”. Well guess what Mr. Zuckerberg?  That’s not for you to decide. It’s seems clear that Facebook hasn’t abided by the Federal rules it is already supposed to complying with.

According to the Federal Trade Commission’s Consent Decree, Facebook was required to obtain permission from users before accessing private data about them beyond what they’ve explicitly agreed to. However, for many, many, many years, Facebook allowed literally thousands of its development partners to not only collect data from people who downloaded their Facebook apps, but to also collect data on all friends-of-friends.

And, this is exactly how Cambridge Analytica was able to collect the personal data of more than 50 million Facebook users.  About 270,000 users downloaded Cambridge Analytica’s gamified app. Read this article to learn about the issue and the broader problem.  Cambridge Analytica also obtain personal information about their friends, who likely had no knowledge that their data was being collected. Roughly 50 million people may have been affected.

If the FTC finds that Facebook broke that Consent Decree agreement, it could fine the company $40,000 for each violation. Hmmm let’s see… That’s $ 2,000,000,000,000 (that’s trillions folks).

Facebook’s record of adhering to old regulations is troubling enough that we should be skeptical of its enthusiasm for adhering to new ones. But what kind of regulations are called for to rein in a company that literally collects and profits off of the data of 2.2 billion people?

How can the officials crafting these regulations and decrees ensure that they work effectively, and enforce them?

The current situation could be record setting in terms of fines and class-action litigation, aside from drawing a clear box around the need for better privacy regulations.  With privacy requirements and regulations such as the EU General Data Protection Regulation (GDPR) and the FTC Consent Decree with Facebook (2011), the next several months will definitely be interesting in terms of corporate and government actions that are supposed to ensure and protect the rights and privacy of individuals.

In coming blogs, I’ll provide more updates in addition to some of the ways that Catapult can help your businesses address data privacy surrounding the various types of regulated data that you may hold within your databases and systems. While your environment may not be on the scale of a Facebook-sized conglomerate, the laws and regulations certainly do apply to all businesses.  We’ll be watching what happens with Facebook in light of this mega-issue to see how the rules for everyone evolve.

Till next time,

Ed

 

Leave a Reply