Facebook and Cambridge Analytica: Is this the data wake-up call we’ve all needed?


Posted on: March 27, 2018 by Zeina Zakhour

There has been a cultural shift in the last week with regards to our personal data. Suddenly we all feel vulnerable, exposed and maybe slightly regretful. Perhaps even Mark Zuckerberg.

We’re now beginning to realize that we’ve been willing participants in what has turned into a huge social experiment rather than network. In our eagerness to connect with one another we have given away hugely valuable personal data without care for whom we’ve given it to and how it’s being used.

The Cambridge Analytica scandal is an illustration of how wrong this social experiment can turn out. Facebook users gave their data away by using an app, the app owner shared it with a third party who used it for profiling and behavioral analytics. They broke the trust of users, broke Facebook’s terms of use (by sharing data with third party) and (over)used personal data without consent.

Facebook, for their part, knew about the misuse years ago, requested the deletion of the data by Cambridge Analytica yet didn’t blacklist them until last week. Facebook have terms of use for third parties and developers but it has – until a few days ago – had minimum security checks and controls. We assumed more protection from the GAFAs of this world. They understand data and its value and should put processes in place to protect citizens who don’t.

But have we relied too heavily on corporations when it comes to our personal data?

The regulators seem to think so. In May this year, we will see stricter controls and regulations on personal data coming into force in Europe in the form of GDPR. These regulations will introduce the following changes which would have prevented Cambridge Analytica from freely using the personal data of EU citizens or at least made sure that if they did they were on the wrong side of the law. These changes include:

  • Organizations only being allowed to ask for the minimum amount of data they need eg. third parties & developers will only have access to email addresses/ user names when customers use Facebook login (This change was announced by Facebook a few days after the Cambridge Analytica scandal broke).
  • Organizations will have to explicitly ask for consent for sharing your data.
  • Organizations will have to tell you exactly what your data will be used for, particularly if it’s for marketing or profiling activities.
  • We will have the right to ask organizations where our data is, what data is being held and how it’s being used.

These aren’t the only changes in the regulatory framework but they will directly impact and minimize this type of event happening.

It’s easy for industry to view these regulations as a nuisance and, for many, there is work to do to ensure compliance. But in the long run it will be a positive move for business as well as citizens. It will ensure a solid foundation for business, one that is built on trust.

We’re in a new data-driven world and this has been a lesson for us all in how we protect and manage our own information. Industry must learn this lesson also.

The acceleration of the digital transformation means organizations will further rely on social media marketing and digital services to communicate and interact with their customers. Building such services by embedding privacy and security by design will comfort customers who are becoming savvier about the security and use of their personal data.

Smart organizations will come to see these additional security measures and regulations as a competitive advantage.

 

Share this blog article


About Zeina Zakhour
Fellow, Global Chief Technical Officer, Digital security, Atos and member of the Scientific Community
Zeina Zakhour is Vice-president, Global CTO for Digital Security in Atos. Zeina has twenty years of experience in the Cybersecurity field covering the end-to-end spectrum of cybersecurity from security advisory, to security integration, Managed security services/Managed Detection and Response, to securing digital innovations (Cloud, IoT, Edge, AI etc…) as well as risk management, compliance and privacy. She holds a Bachelor of Engineering in C.C.E from Notre Dame University Lebanon, a M. Sc. From Telecom SudParis and an Executive MBA focused on Innovation & Entrepreneurship from HEC School of Management. Zeina is a member of the Atos Scientific community and a Fellow in cybersecurity. She is also a Certified Information Systems Security Professional (CISSP) and a certified ISO 27005 Risk Manager. She was the recipient of Atos Innovation trophy in 2013, was named in 2019 among the “100 fascinating Females Fighting cybercrime”, was listed in the CTO/CIO/CDO French top 10 influencers and was recognized as 2020 Cyber security leader by the Cyber Security Observatory.

Follow or contact Zeina