Facebook and Cambridge Analytica: Is this the data wake-up call we’ve all needed?

Posted on: March 27, 2018 by Zeina Zakhour

There has been a cultural shift in the last week with regards to our personal data. Suddenly we all feel vulnerable, exposed and maybe slightly regretful. Perhaps even Mark Zuckerberg.

We’re now beginning to realize that we’ve been willing participants in what has turned into a huge social experiment rather than network. In our eagerness to connect with one another we have given away hugely valuable personal data without care for whom we’ve given it to and how it’s being used.

The Cambridge Analytica scandal is an illustration of how wrong this social experiment can turn out. Facebook users gave their data away by using an app, the app owner shared it with a third party who used it for profiling and behavioral analytics. They broke the trust of users, broke Facebook’s terms of use (by sharing data with third party) and (over)used personal data without consent.

Facebook, for their part, knew about the misuse years ago, requested the deletion of the data by Cambridge Analytica yet didn’t blacklist them until last week. Facebook have terms of use for third parties and developers but it has – until a few days ago – had minimum security checks and controls. We assumed more protection from the GAFAs of this world. They understand data and its value and should put processes in place to protect citizens who don’t.

But have we relied too heavily on corporations when it comes to our personal data?

The regulators seem to think so. In May this year, we will see stricter controls and regulations on personal data coming into force in Europe in the form of GDPR. These regulations will introduce the following changes which would have prevented Cambridge Analytica from freely using the personal data of EU citizens or at least made sure that if they did they were on the wrong side of the law. These changes include:

  • Organizations only being allowed to ask for the minimum amount of data they need eg. third parties & developers will only have access to email addresses/ user names when customers use Facebook login (This change was announced by Facebook a few days after the Cambridge Analytica scandal broke).
  • Organizations will have to explicitly ask for consent for sharing your data.
  • Organizations will have to tell you exactly what your data will be used for, particularly if it’s for marketing or profiling activities.
  • We will have the right to ask organizations where our data is, what data is being held and how it’s being used.

These aren’t the only changes in the regulatory framework but they will directly impact and minimize this type of event happening.

It’s easy for industry to view these regulations as a nuisance and, for many, there is work to do to ensure compliance. But in the long run it will be a positive move for business as well as citizens. It will ensure a solid foundation for business, one that is built on trust.

We’re in a new data-driven world and this has been a lesson for us all in how we protect and manage our own information. Industry must learn this lesson also.

The acceleration of the digital transformation means organizations will further rely on social media marketing and digital services to communicate and interact with their customers. Building such services by embedding privacy and security by design will comfort customers who are becoming savvier about the security and use of their personal data.

Smart organizations will come to see these additional security measures and regulations as a competitive advantage.


Share this blog article

About Zeina Zakhour
Fellow, Global Chief Technical Officer, Cybersecurity, Atos and member of the Scientific Community
Zeina Zakhour is the Global CTO for cybersecurity in Atos, creating , by day and a few nights, innovative solutions to be a step ahead of cybercriminals. Not an easy task you might say… But she is putting her 20 years of experience in the cybersecurity field to good use. Zeina covers the end-to-end spectrum of cybersecurity from security advisory, to security integration, managed security services and IoT and big data security. She worked closely with Fortune 500 companies to advise them in their security strategy and secure their infrastructure and protect their data. She holds a Bachelor of Engineering in C.C.E from Notre Dame University Lebanon, a M. Sc. From Telecom Sud Paris and an Executive MBA from HEC. She is member of Atos Scientific Community and a Fellow in cybersecurity. She is also a Certified Information Systems Security Professional (CISSP) and a certified ISO 27005 Risk Manager. Yet she believes that when it comes to cybersecurity, we never stop learning.

Follow or contact Zeina