A Brief History (and the Future) of Social Media Data Privacy Disasters
This isn't the first time Facebook and other social media giants have misused data. Let's take a fun stroll down data security memory lane.
Join the DZone community and get the full member experience.Join For Free
Over the last week, you couldn't open a news website without seeing reference to Facebook and Cambridge Analytica. Today, we see Facebook taking out full-page ads in Sunday newspapers, titled "We have a responsibility to protect your information, if we can't, we don't deserve it." While your first thought might be, 'huh, people still read paper newspapers?' and your second, 'wow, isn't it a bit late for an apology?' The reality is that both companies are fighting a public battle that will very soon turn legal (at least if the Facebook shareholders have anything to say about it) in regard to the collection and sharing of consumer data.
It's become painfully obvious that consumer data is liquid gold to researchers, advertisers, retailers, and political campaigns, and this is merely the thin edge of the wedge. We have no real way of knowing how many decisions have been influenced by Facebook data and/or the efforts of Cambridge Analytica over the years, and we probably never will. Equally significant, the revelations over the last week are hardly isolated instances. Rather, they represent just one example of where Facebook and other social media platforms have been criticised for unethical practices that impinge on the privacy rights of their users. It's not helped by the fact that there's clearly a plethora of precedents for this kind of behavior, many of which point the finger at Facebook.
Even worse, we're not talking about situations where a company has made a decision, reflected and seen the error of their ways, and made amends. Rather, things have only changed when others have bought their ethical breaches into question. Let's take a brief foray into some of the dilemmas and disasters that social media companies have found themselves in over the last decade:
People may recall one of Facebook's earlier features, Beacon, from 2007, which notified friends of each other’s purchases. After the class-action lawsuit, Lane v. Facebook, Inc., Beacon was edited to require that any actions transmitted to the website would have to be approved by the Facebook user before being published. However, on November 29, 2007, security researcher Stefan Berteau revealed that data was still being collected and sent to Facebook despite users' opt-outs and not being logged into Facebook at the time. It was shut down in September 2009.
Facebook, MySpace et al, 2010
In 2010, an investigation by The Wall Street Journal revealed that Facebook, MySpace, and several other social-networking sites have been sending data to advertising companies that could be used to find consumers' names and other personal details, despite promises they don't share such information without consent.
In 2014, Facebook published details of a rather epic and disturbing experiment in which it manipulated information posted on 689,000 users' home pages and found it could make people feel more positive or negative through a process of "emotional contagion."
In a study with academics from Cornell and the University of California, Facebook filtered users' news feeds – including the comments, videos, pictures, and web links posted by people in their social network. There were two variances: one test reduced users' exposure to their friends' "positive emotional content," resulting in fewer positive posts of their own. Another test reduced exposure to "negative emotional content" and the opposite happened.
Google, Twitter, 2017
Then last year, The Supreme Court of India issued notices to Google and Twitter, amongst others, in reference to the public interest litigation petition filed against the Internet behemoths over data privacy concerns by advocate on record, Pallav Mongia. The petition raised concerns about the lack of control over data sharing with cross-border corporate entities, which could potentially be a violation of the Indian citizens’ right to privacy. In India, data privacy has become a focus in terms of allegations of companies such as Facebook, WhatsApp, and MonsterIndia allegedly sharing data with third parties. It's arguably a precedent to the kinds of things we may see in Europe under GDPR breaches that aren't settled out of court.
It's tempting to wonder if, for all the years we've spent seeing cybersecurity as one of the pivotal issues of the modern age, we would have been better focusing our efforts on cyber privacy. There's no evidence it's going to get better either, the growth of data is on an upward trajectory and we can expect the data monetization to pose significant challenges to consumer privacy, particularly in countries where we could foresee efforts such as GDPR are poorly enforced or their breaches rarely criminalized. I'm still predicting the evolution of a future where we exchange the convenience of free social media for something monetized to foolproof our privacy and believe it's a matter of when not if.
Opinions expressed by DZone contributors are their own.