The Facebook/Cambridge Analytica data scandal has put
data protection under an even more intense spotlight, with the
General Data Protection Regulation (GDPR) due to come into
force on 25 May. While social media companies like Facebook
have long been suspected of collecting an unnecessary amount of
data, recent events have confirmed these suspicions and show
just how easy it is in the modern world to lose track of data.
The scandal shows action must be taken to ensure that personal
data is not collected without a user's permission.
Worse still is how the data was allegedly used. A class
action has been launched against Facebook, Cambridge Analytica,
SCL Group and Global Science Research Limited for obtaining
users' private information to develop what have been called
political propaganda campaigns in the UK and in the US.
Cambridge Analytica whistleblower Chris Wylie said in his
evidence to the UK Parliament's digital, culture, media and
sport committee that it was 'completely reasonable' to believe
the remain campaign would have won the vote if there had 'been
no cheating'. Cambridge Analytica is also believed to have
close links with AggregateIQ, which accounted for 40% of Vote
Leave's campaign budget. Dominic Cummings, Conservative
political advisor and one of the central figures of the Brexit
campaign, said on his blog that the Vote Leave campaign owes a
great deal of its success to the work of AggregateIQ. He
removed the quote last month.
Cambridge Analytica is also said to have worked with the
Trump campaign and is currently under investigation as part of
Robert Mueller's probe into Russian interference in the
election. In view of Mark Zuckerberg's comments that Facebook
is in an arms' race with Russia to keep personal data safe and
secure, this is one of the most crucial issues to address
The EU is making concerted efforts to help. GDPR could of
course help but the responsibility mainly lies with social
media conglomerates changing their business models to ensure
that this never happens again. Google, Facebook and Twitter can
no longer treat personal data rights with contempt, with
threats only likely to increase as time goes on.
Google stores location data, anything a user has ever
searched for, knows the apps they use, has access to photos,
webcams and microphones and to every single email ever sent.
This kind of practice has to stop – not only on purely
moral grounds – but also to ensure that it does not
get into the wrong hands. With technology becoming more
sophisticated and foreign powers investing more time and money
in this area, conglomerates are playing with fire.
GDPR's plans to address issues around data retention are
much needed and could go some way to avoiding circumstances of
this type. But now is the time to play tough with huge social
media firms who have neglected the interests of their users for
profit and power. GDPR is a step forwards but more needs to be
done to ensure the most extreme misuses of data – like
throwing the legitimacy of democracy into doubt –
never happens again.