We wrote just a couple of days ago about the sanction that the Italian Data Protection Authority has imposed on the Rousseau association for the data breach case they were involved in. An episode of violation of privacy that, in our opinion, is destined not to make so much “noise” compared to another similar news that has been circulating in recent hours, but with a much wider scope. We are talking about the case of Facebook, the most popular social network, whose users – some 50 million – have ended up in the sights of the British analysis company Cambridge Analytica.
According to a report leaked to the major American newspapers by Chris Wylie, a former Cambridge Analytica employee, the British company has deceived such a large number of users by circumventing Facebook’s policies through an application known as thisisyourdigitallife. The purpose of this app was to collect data from users, specifically Americans, in order to implement a strategy aimed at triggering a change in their political attitudes ahead of the 2016 presidential election. Thisisyourdigitallife acted by promising – and keeping – the users involved a fee to undergo a personality test for which they had to answer a series of questions, also signing a release form so that their data could be used for scientific studies: generalities, interests, sexual and religious orientations, pages and people followed, in short everything that is normally declared when creating a Facebook account. With this data, Cambridge Analytica was able to create and disseminate ad-hoc advertising campaigns.
It is already clear that this kind of activity is nothing more than a violation of privacy, but there is more harm than good! The aggravating circumstance of this activity was that Cambridge Analytica’s intention was not so much to study the voting trends of the users involved, as to orient them towards one preference above all: Donald Trump. Wylie himself admitted it, but if you look at the top brass of Cambridge Analytica you come across the name of Steve Bannon, Trump’s top adviser and, in particular, head of his campaign strategy. Summing up, the organization set up in 2013 was used almost exclusively to target pro-vote social messages to particular categories of people, obtained from the information derived from the app of both individual users and their friends… so even users who had not even used the offending app.
In this marasmus, Facebook could not fail to be in the eye of the storm as the platform on which users and malicious persons have acted. The social network’s responsibility would be that of not having sufficiently protected its users, especially in view of the fact that the data breach had already been reported two years ago and no action had been taken. With the bombshell exploded in recent days, Facebook’s first counter-move was to suspend the accounts of Cambridge Analytica, its employees and also that of the witness Chris Wylie, while also announcing further investigations to shed light on the matter. Facebook, through its CEO Mark Zuckerberg, has nevertheless accepted its responsibilities, admitting that in the past not everything had worked well in the social network in terms of data management. Zuckerberg’s promise for the future is to further improve Facebook’s transparency, in particular through a number of improvements that should make the functioning and impact of third-party apps more visible to users, while also limiting data usage.
A thought occurs: if data breaches also happen to giants such as Facebook, which are expected to be adequately ‘equipped’ in terms of data protection, all the more reason for small and medium-sized companies to be easy prey. However, it is not a question of shifting all the responsibility onto the company, which, in anticipation of the GDPR coming into force in an enforceable manner, will obviously have to catch up with the requirements of the regulation itself (including employee training on the subject): it is essential that the people who release their personal data are also aware of what this procedure entails.