ENTERPRISE | CONSUMER PRIVACY TIPS | DATA BREACHES & ALERTS | WHITEPAPERS

Overview of the Facebook-Cambridge Analytica Data Privacy Scandal

Don’t tell a Facebook shareholder that the American public doesn’t care about digital privacy. Shareholders saw more than $50 billion in their accounts evaporate this week as their Facebook stock dropped sharply after the news broke after Facebook shared data about 50 million users, through an academic researcher, to data analysis firm Cambridge Analytica, which also did work for the Trump Campaign. This news comes on the heels of heavy criticism against Facebook for profiting from Russian ads intended to influence the 2016 presidential election in favor of Donald J. Trump.

It remains to be seen how Facebook will weather the storm from its latest data privacy scandal. Facebook shares lost almost 7 percent in value due on Monday from the news. Facebook continued the slide throughout the week as the media blitz about its privacy practices continued and the #deletefacebook movement picked up speed. It is too early to say whether the social media giant will be able to shrug off these concerns and grow usage or advertising revenue. Yet, if the stock market reaction is to be believed, there is reason to suspect that Facebook will see challenges ahead.

This could be the result of fewer users, with some citizens concerned about privacy deciding to delete their Facebook accounts or simply stop using them. If the public has the same reaction to the latest headlines as CNBC market commentator Jim Cramer, who is simply “sick” of the stock and the negative news, then it could definitely spell trouble for the company. Facebook depends on advertising views to generate revenue and fewer users means less pageviews and less advertising.

It could be the market recognizing that more big fines are on the way from the U.S. or E.U. regulators due to Facebook’s privacy practices. The Washington Post reported yesterday that Facebook has possible exposure to fines running into the trillions of dollars if it is found to have violated the consent decree entered into with the Federal Trade Commission in 2011. Market participants may also be hyper aware of the potential for future data privacy fines because of the pending implementation of the European Union’s General Data Protection Regulation (GDPR), the world’s most comprehensive data privacy law.

Or it could be the market realizing that Facebook will have more trouble selling advertising to third-parties based on information about user interests because negative media like this one will spur the United States to adopt additional privacy protections and the European Union to strictly enforce the General Data Protection Regulation (GDPR) against it, which includes possible fines of up to 4% of annual revenue for companies that fail to comply with its data privacy protections for E.U. citizens.

socialmediabuttons

What happened?

For those that haven’t been following the news, Facebook disclosed on Friday that it suspended Cambridge Analytica and Strategic Communication Laboratories because they received data from an app in violation of the Platform Policies and did not delete the information when Facebook requested they do so. The New York Times and the Guardian subsequently published reports that Cambridge Analytica used the data to develop techniques used in President Trump’s 2016 campaign.

The Facebook user data was initially acquired by an academic researcher working at the University of Cambridge. Facebook granted access to the researcher’s app, which offered a personality quiz and initially acquired users by paying $1-2 per person on Amazon’s Mechanical Turk platform.

According to Facebook, it requested that the parties destroy the data and they certified that they did so. However, the Facebook disclosure called into question whether the data was actually deleted.

Facebook Action

On Friday before the New York Times and the Guardian published their coverage, Facebook announced that it had banned Cambridge Analytica, Strategic Communication Laboratories, Christopher Wylie of Eunoi Technologies and University of Cambridge professor Aleksandr Kogan.

Initially, Facebook sent its lawyers and a forensic auditing firm to the offices of Cambridge Analytica to conduct an investigation. However, this investigation was stopped at the request of the United Kingdom’s Information Commissioner’s Office.

Facebook will be conducting an audit of every app that accessed a large amount of data. If it determines that there was anything suspicious, they will require the developer to undergo a full forensic audit. Facebook will also be limiting the access that third-party developers have to data on the platform going forward.

Zuckerberg has recognized that it is only a matter of time before there are additional regulations on its data usage. Facebook is now open to regulation of its practices but wants to make sure that any regulation is industry-wide and not limited to Facebook.

#deletefacebook

The hashtag to cut ties with the social networking leader has gained steam in the week since the Facebook data scandal broke.

On Tuesday, the buzz picked up and got mainstream media attention after WhatsApp co-founder Brian Acton posted the #deletefacebook hashtag on Twitter with “It is time.” Acton and his co-founder sold the popular messaging app used by more than 1 billion people in over 180 countries to Facebook in 2014 for $16 billion. Acton recently left Whatsapp to start his own foundation at the intersection of nonprofit, technology and communications. He is reportedly worth $6.5 billion according to Forbes and has invested $50 million in Signal, an encrypted messaging app.

Singer Cher also posted on Twitter that she had deleted her Facebook account because there are things more important than money. Cher deleted her account despite the help that the organization provided to her charity. She later posted that she had been deleting other apps that she had stopped using.

On Friday, Elon Musk joined in by deleting the high profile Facebook pages for his two most prominent companies, Tesla and SpaceX. Both had accumulated more than 2 million likes at the time they were deleted. The link to the Facebook page was also removed from the website of SpaceX. According to Musk, they don’t advertise or pay for endorsements, so losing Facebook won’t be a huge blow. Musk said on Twitter that he was going to keep Instagram, which is also owned by Facebook, so long as it seemed to stay fairly independent.

On Wednesday, Mark Zuckerberg told the New York Times that he hadn’t seen a meaningful number of people delete their Facebook accounts. However, media coverage of the movement has definitely picked up steam after his comments and numerous news organizations have carried articles about how to delete a Facebook account or whether to continue using Facebook.

Regulatory and Enforcement Action

The Federal Trade Commission is investigating whether Facebook violated a November 2011 consent decree in its data sharing with Cambridge Analytica. The consent decree mandated that Facebook obtain user permission before data is shared beyond the privacy settings the user has established. Facebook also agreed to twenty years of privacy audits to ensure compliance with the consent decree. If the FTC determines that Facebook violated the settlement, it could fine the company up to $40,000 per violation.

The New York and the Massachusetts attorneys general announced a joint state investigation into the Cambridge Analytica data scandal. The two states have asked Facebook for all contracts, agreements and communications with the relevant parties, including Cambridge Analytica, its CEO, its parent SCL, Kogan and a former Cambridge Analytica employee, Joseph Chancellor. The states are reportedly investigating why Facebook, who said it was aware of the violation in 2015, did not report it to users or the public. Connecticut and Pennsylvania have also announced similar inquiries.

The Information Commissioner’s Office in Great Britain executed a warrant on Friday to gather evidence at the office of Cambridge Analytica on the alleged misuse of personal information by political campaigns and social media companies. Earlier in the week, the ICO told Facebook’s auditors to stop an audit by digital forensic firm Stroz Friedberg while the ICO obtained a warrant to access Cambridge Analytica’s computers and servers.

NBC News said that Britain is also investigating whether Facebook did enough to protect the data of its users. The ICO is tasked with upholding information rights through data privacy for individuals and openness by public bodies. The media often refers to it as UK’s data protection watchdog.

U.S. lawmakers on Friday also asked Facebook CEO Mark Zuckerberg to explain how its data came to be in the possession of Cambridge Analytica. Zuckerberg previously said that he would testify if he was asked and he was the right person to do so. The House Energy and Commerce Committee wrote him a detailed letter on Friday saying that he was the right person as Facebook to testify because he was the leader of the company through all of its key strategic decisions since launch.

Senator John Kennedy (R-LA) also called for Zuckerberg to testify before the Senate Judiciary Committee earlier in the week. Senator Kennedy and Senator Klobuchar (D-MN) wrote a letter to the Chair of the Senate Judiciary Committee, Senator Chuck Grassley (R-IA), calling for testimony by the CEOs of Facebook, Google and Twitter regarding the security of user data in light of the reports of misused data to influence voters. Later, Kennedy warned Zuckerberg not to send Facebook’s lawyers, like he did previously. Kennedy said that they didn’t answer the questions forthrightly and the CEO was in the best position to answer their questions.

More from Clarip:

Is your organization looking to get a handle on its data collection and sharing? Consider an automated data map for privacy with the Clarip data mapping privacy software.

Are you ready for the new CA privacy law? Start preparing compliance efforts with Clarip for the California Consumer Privacy Act. Enforcement starts January 1, 2020 so better start planning funding in your 2019 budget now.

Overview of the Facebook-Cambridge Analytica Data Privacy Scandal

Contact

888-252-5653

About

Consumers

Businesses