Facebook Fans Dislike the Data Breach

Published on April 16, 2018, at 4:26 p.m.
by Stephanie Zielinski.

On March 17, 2018, Facebook was brought into the spotlight because of a privacy breach performed by Cambridge Analytica, a company that had access to some users’ personal data. People who gave Cambridge Analytica permission to view their data, without knowing, also gave the data of their Facebook friends’ information. This breach led to more than 50 million users’ data being leaked, according to a New York Times article. This data was possibly used in the 2016 election to gain insights into voter demographics, opinions and other personal information. When this privacy breach became public, it took Mark Zuckerberg, CEO and founder of Facebook, four days to respond to the incident.

What this means for transparency:
Social media has gone through a rough patch lately. From Snapchat’s drop in stock price, its poor update and its loss of $800 million due to an advertisement with poor taste, social networking — especially Facebook and Snapchat — has seemed like a social phase.

However, Dr. Karla Gower, director of The Plank Center for Leadership in Public Relations since 2008, said that “once you open yourself up to the ease of communication and the ease of connection, I don’t think you can stop that. It [social media] might take different forms as we move forward, but I don’t think we can stop that.”

While, social interactions on sites like Facebook put interconnectivity and cosmopolitanism at an all-time high, what do these security discrepancies mean for each site’s transparency?

Tim Peterson, author at Digiday, said that until Facebook can give people full control over their data, there’s always going to be at least a subset of people who aren’t going to be satisfied.

He explained that pre-2015 people were giving away this data without knowing or thinking of the consequences. Now, people are wondering how and why Facebook made it so easy for them to give away their data. They want to have some idea of where this information is and what kind of information is missing.

Dr. Gower agreed and said, “Facebook’s problem is that they have had these privacy issues before, and so we already don’t really trust them.”

She added, “It sort of surprised me that people are reacting to this way to the Cambridge Analytica thing, and I don’t know if it’s because it’s politics versus commercial. Because people market to us all the time on Facebook, and where do you think they get this information?”

The tech response:
Peterson recently wrote an article for Digiday  on more of the technical outcomes of this problem with Facebook. He lists issues like privacy, transparency, ease of use and consumer knowledge as areas that Facebook should reform.

To understand the depth of this issue, this article is a must read. It digs into the depths of why Facebook will not be able to fix the trust that was broken or to find the data stolen.

Peterson makes apt comparisons between a Facebook user ID and a Social Security card number. He says, “For example, if someone has only a list of actual Facebook user IDs, they can use Facebook’s Graph API to fetch the full names of each user associated with those IDs and then use those names for Custom Audience and Lookalike Audience targeting. And for a time, they could have even used this data to acquire people’s phone numbers.”

He also points out that Facebook may not be able to trace the data that was stolen. This makes restoring trust in users nearly impossible.

At the moment, April 2, 2018, Facebook’s main development has been adding privacy settings to an easier-to-reach location on its mobile app. The network is hoping that this small change will be enough.

On Tuesday, March 20, 2018, a movement was started for people to delete their Facebook profiles. The #deletefacebook movement was so popular that it was trending on Twitter. At one point, even the creator of What’s App, and a former employee of Facebook, tweeted, “It is time. #deletefacebook.”

The legal response:
At one point, Facebook’s stock dropped from $185/share down to $152. Due to this decrease, shareholders filed a suit against Facebook.

Dr. Gower explained that we may see some legal ramifications because the FTC is looking into Facebook over an agreement made in 2011 regarding a 2009 privacy breach. The FTC found Facebook had been deceptive. The FTC had Facebook sign an agreement in 2011 saying that the site would no longer deceive us. The question today is: Did the site deceive consumers? Did it know the data breach was going on, and if it did, what actions did it take to inhibit this behavior?

However, it is important for social networking consumers to understand that “there is no general federal privacy law governing the kind of information that was made available here, and so, they haven’t violated anything in that sense,” according to Dr. Gower. Although, she believes that there will at least be committee hearings regarding Facebook’s failure to prevent this breach.

Dr. Gower predicts that the policy changes will be a combination of self-regulation and policy.

How the European Union is reacting:
Peterson wrote an article regarding the General Data Protection Regulation, or GDPR, and its application to the U.S. and to Facebook (link 9). This regulation is being implemented in the EU to ensure companies that collect data are doing it in an easy-to-understand and consumer-friendly way.

Peterson said that what GDPR does is it forces the data collection agencies to ask for consent and then to explain in plain language what data they are taking, and why they’re taking it. The purposes of the data being used will be explicitly outlined and people will have ways to download, view and delete the data they’re giving out.

Peterson expressed his belief that these policies should be relatively easy to bring to the U.S. Once the EU implements these policies, the U.S. can request that Facebook uses them in the U.S.

He added: “You can use a VPN to access through a server that’s in, let’s say, Switzerland, and then be able to use Facebook under the GDPR restrictions.” A VPN is a virtual private network. Using this network, your computer can appear to be located in another place — with a little bit of coding. So, if the U.S. does not implement these policies, people will still have options for how to protect themselves from more data collection issues.

The PR response:
When asked how Dr. Gower believed Facebook could mitigate the damage, she said, “They have to rebuild trust. A start was saying that they were sorry. The classic way that public relations professionals would suggest doing this is to apologize, and then say what you’re going to do to prevent this from happening again, and then actually doing it.” She added that “public relations is communication as well as action, so they need that action.”