On March 17, 2018, The New York Times and The Guardian’s Observer broke the story that London-based firm Cambridge Analytica had accessed the personal data of 50 million Facebook users, without permission.
Once in possession of the data, Cambridge Analytica – then headed by Donald Trump’s advisor Steve Bannon – used these “psychographic profiles” to target individual US voters for the Trump campaign. The whistleblower who helped expose the incident called the data an “arsenal of weapons,” which the firm intended to use for fighting a “culture war.”
There is much to unpack in this scandal, and it’s still unfolding.
Friday, March 23, bipartisan representatives in both the U.S. Senate and House of Representatives asked that Mark Zuckerberg testify in front of Congress; the UK Parliament has already requested the same. The following morning, Cambridge Analytica’s London offices were searched by British law enforcement from the Information Commissioner’s Office; they’re now in the process of actively processing evidence and investigating claims of wrongdoing. On March 28th, Facebook announced they will permanently end their Partner Categories feature, which allows third party data brokers to access advertising data. And, to complicate matters even further, three Facebook users from the Northern District of California have now filed a class action lawsuit on the basis of mishandling personal data.
Without getting bogged down in details, this scandal is similar to many others – accusations and denials, questions of who knew what when, and a lot of throwing around the word “ethics.” There are ongoing legal investigations; there is negative public press; and there is a lot of speculation about what will happen to Facebook and Cambridge Analytica as a result.
This is without question a groundbreaking story, and we should all follow it closely. But for the sake of simplicity, let’s exclude the political implications for just a minute. Because – from the technology perspective – such an incident was a long time coming; as one journalist put it, this scandal “reveals nothing new about the social network or its data policies.”
Even though it took Cambridge Analytica to force discussion of data tracking into the public sphere, these tensions have existed for years. In short: it’s privacy and consent that are at the heart of this scandal.
When we register to use an online service like Facebook, we sign a Terms of Service agreement. Sometimes this lengthy document is put directly in front of us, and we have to click “Agree”; other times, as noted on the footer of many websites, using a platform in and of itself equates to consenting to their policies. Either way, it doesn’t really matter – because pretty much none of us read the Terms in the first place.
In those terms, however, may be a mess of information. Data tracking, data transfers, and data use are just some of the items that we may be agreeing too without even realizing it.
So, then, we have to ask ourselves: Is this actually consent? If we sign an agreement without reading it, or without fully understanding what it’s describing, does that mean we consent to all of its contained items? Or should we know better? Is the responsibility on users to read agreements in full and decline if we don’t consent?
These are tough questions, but they’re something we have to think about. Technology permeates our society more and more each day, and issues of consent are only going to play a greater role in our digital (and physical) lives.
With all of this in mind, let’s bring it back to the scandal at hand: if Facebook’s data sharing with Cambridge Analytica had been in total compliance with their Terms, would we have any right to complain? Do we have any right to claim conditional consent – that we’re fine with Facebook collecting our data, but only dependent upon who they share it with? And to that point, what ethical responsibility does Facebook have to actively comply with our wishes? Once we click “Agree,” should they even care at all?
Linked but distinct from the consent question is the issue of privacy. Because, after all, Facebook collects immense amounts of data on its users – quite literally all of the time.
Take, for instance, these phrases buried within Facebook’s Terms of Service agreement:
And these paragraphs, buried in Facebook’s Data Policy – a document separate from their Terms:
This raises even more questions: Are we comfortable with this amount of data collection? Are we comfortable with not having technical or legal control over our Facebook data? Is it fair to pose mass data collection as a “trade-off” for free use of the platform? Do we have any fundamental right to data privacy or data ownership in the US, like is the case in the European Union?
We could go on all day, but the point is clear: Facebook’s practices have existed for years. If this intense data collection, sharing, and selling seems new, that’s only because you haven’t heard about it.
Stepping outside the Cambridge Analytica scandal for a minute, we must recognize that Facebook isn’t the only tech giant collecting, analyzing, and profiting off our personal information. Further, Facebook is hardly the only company who considers our clicking of “Agree” – on an agreement we likely didn’t read – as full, deliberate, and legal consent.
Simply put, this issue is larger than Facebook. This is an issue of digital and online consent. This is an issue of privacy and corporate data-tracking. This is an issue of data ownership and trust.
The Cambridge Analytica scandal goes well beyond Cambridge Analytica, and it goes well beyond Facebook. Finally, this is the time we might realize this truth.