Author: Rusheetulya Subramanyam, ICFAI Law School, Hyderabad
ABSTRACT
Data is the real asset. It is more valuable than money. Everyone is after it and it affects everything. Widespread concerns regarding data privacy and ethical duties in the digital age have become apparent through the Facebook-Cambridge Analytica case. At the heart of the issue was the outpouring of personal data from millions of Facebook users without their explicit consent by a third-party application. Reportedly, this was used to develop detailed behavioral profiles for the purposes of political campaigning and swaying public opinion during important events such as elections and referenda. The incident highlighted weaknesses in data-sharing policies and the broader implications of such deficiencies in democratic processes. It also heated the debates on corporate responsibility, where digital platforms were to discuss the model of using user information, et cetera, and where targeted advertising becomes a boundary-stretcher. In a climate of growing scrutiny from regulators and the public, the event became the catalyst for change in public policy improvements. By making manifest the ethical problems posed by big data and analytics, it will also become a yardstick to measure the responsibilities of technology-based companies in a globally interconnected society.
INTRODUCTION
The Internet is one of the largest contributors to the National Economy of the country. Major altruist to the development of the internet is the branch of Online Social Networks. According to 2018 statistics, Facebook was the most widely utilized social network with active users of around 2.2 billion members. Founded in 2004, Facebook has grown into a billion-dollar industry with around 48 trillion Rupees. Many experts claim that Facebook has an extremely complicated privacy policy which is orchestrated in such a manner that it is efficiently raising the company’s advantages commercially. In some cases, Facebook allows access to people’s names and other related information to numerous advertising and internet tracking companies. This questionable feature of Facebook was the start of this data scandal. Subsequently, Facebook stated that the applications that communicated personal information were taken down. However, many were doubtful of the same. The scandal started when data of millions of users who used a popular personality quiz application myPersonality, created by David Stillwell, was distributed by academics at the University of Cambridge to hundreds of researchers via a website that lacked security measures, which led to it being left open to illegal access for four years. This was aggravated when firms collected information not only about the users but also about anyone who was a friend of the users on Facebook. One of such firms was Cambridge Analytica. One of the advantages attained through the data collection is that around 45 scientific publications were submitted in peer-reviewed journals. Michael Konsinski, who joined Stillwell in 2008, helped him assess Facebook users on five personality traits, the Big Five. ‘These according to research are: openness (how open you are to new experiences?), conscientiousness (how much of a perfectionist are you?), extroversion (how sociable are you?), agreeableness (how considerate and cooperative you are?) and neuroticism (are you easily upset?). They are called so based on these dimensions-OCEAN-an acronym that stands for: openness, conscientiousness, extroversion, agreeableness, neuroticism. Therefore, it becomes quite straightforward to say in general what type of personality someone has. After answering the questions, users may opt in to share their Facebook profile with the researchers. It’s an easy method that the researchers did. The survey is just an online quiz where users answer questions. The psychologists then drew the Big Five values of respondents by comparing their answers to anonymous online data based on the things they liked, posted, or shared on Facebook, or the age, gender, and place of residence they mentioned. Based on this, correlations were made by the researchers. It was astonishing to see how valid deductions could be drawn just based on online actions. Some examples: fans of Lady Gaga were most likely extroverts, while those who “liked” philosophy were likely introverts; men who “liked” the cosmetics brand MAC were most probably gay. As much as it can be argued that such collected information cannot be a true ground to gain accuracy, pooling in tens, hundreds, or thousands of such data points makes the resulting predictions pretty accurate.
Cambridge Analytica Strategy
Cambridge Analytica Ltd is a subsidiary of Strategic Communication Limited Group (GSL). It is a political consulting firm. The executive members that ran the subsidiary and the parent company were said to have close ties with the Conservative Party, Royalty, and the British Military. In 2014, Christopher Wylie, a Canadian data scientist went to work for Alexander Nix who was the former CEO of Cambridge Analytica, at a company called SGL that specialises in influencing the election results. Nix introduced Wylie to Steve Bannon who was the former Vice President of Cambridge Analytica. He was also a former White House Chief Strategist and a former head of Donald Trump’s 2016 election campaign. They came up with the strategy of influencing elections considering the voter’s opinion. However, they needed funding for this plan. Robert Mercer, an American Hedge Fund Billionaire who partly owned SGL was interested in the idea of micro-targeting which had existed in politics, and then targeting individuals not just as voters but also as personalities and eventually creating a psychological profile of each voter in a particular region on in this case the whole of United States and decided to invest $15 million in Cambridge Analytica. This can be attained only when Cambridge Analytica has sufficient data regarding the same. This is when myPersonality research came into the picture. Michal Konsinski who was one of the founders of myPersonality. Wylie approached Micheal to attain access to myPersonality database. But when negotiations failed, another psychologist and one of Konsinski’s colleagues, Aleksandr Kogan offered them a solution that would replicate Stilwell’s and Konsinski’s original research
Data Harvesting Procedure
Kogan developed an app called ‘thisisyourdigitallife’. This application paid thousands of users to take a personality test who have consented to the usage of the data for academic purposes. The results of the personality quiz were clubbed with the user’s Facebook digital footprint. The likes and other personal information of the user and their friends from Facebook were cultivated together as a comprehensive database. The conditions to access the personality test was that the user must have a Facebook Account and must be a US Voter. Within a few months of the initiation, a database of millions of US Voters was compiled. Nix claimed to have close to 5 thousand data points on each person who participated. Kogan proceeded to combine the said data with voting records and sent them to Cambridge Analytica. This was the heart of the profiling procedure. This data was utilized to strategize the Trump campaign, thereby attracting votes to the propaganda revolving around micro-targeting. Ultimately, Kogan claimed that the data was for academic purposes. Additionally, he also sold the data to Cambridge Analytica. Facebook stated that it was not a data breach as no passwords were stolen and no systems were infiltrated. However, Zuckerberg stated that it was a huge breach of trust between the users and Facebook. As the pattern followed, when the data was collected, advertisements were reflected on the profiles of the users based on psychological reflection. All these advertisements favoured the then-election contestant Donald Trump. Most of the advertisements revolved around concepts such as find-raising appeals for campaigns, buying $ 5 million in television ads, and influencing the mindset of the voters. Trump’s marketing team had all the information regarding the thoughts and ideologies of the voters. They would use it to their full advantage. Ex. If A was in favour of Abortion Rights, they would be projected with ads quoting that the opposing contestant would make legislation against these rights once they are elected. These advertisements were user-specific and were only visible to the person targeted to view them. They were programmed in such a way that they would disappear in a few hours.
FACEBOOK’S RESPONSE
Zuckerberg stated ‘We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you’. He also stated that Facebook would notify users whose data was included in the set allegedly received by Cambridge Analytica and would also investigate all apps with access to Facebook data and demand audits of any app with ‘suspicious activity’. Additionally, he stated that there would be actions to restrict developers’ data access even further to prevent other kinds of abuse. Facebook will also provide a tool “at the top of your News Feed” that will show users the apps they have used “and an easy way to revoke those apps’ permissions” to their data. Although this tool was already available in privacy settings, to make sure everyone sees it Facebook put it at the top of the news feed. Zuckerberg blamed the totality of the scandal on Aleksandr Kogan and Cambridge Analytica. When the scandal surfaced, Kogan and Cambridge Analytica were demanded to destroy the data. In 2018, Facebook learned that they might have not destroyed the said data, hence they banned Kogan and Cambridge Analytica from the platform. Conclusively, Facebook has agreed to pay a total sum of $643,000 fine to the UK’s Information Commissioner’s Office for its role in the Data scandal after more than a year of litigation and back and forth appeals between the regulator and the tech giant. Facebook faced major blowback from users, regulators and investors following reports that personal data was accessed by Cambridge Analytica. Many deleted their accounts to both safeguard their information and protest.
CONCLUSION
The Facebook and Cambridge Analytica scandal serve as critical events within the digital age, reflecting how data misuse can dramatically evolve the implications for democracy, privacy, and trust. Personal as it is, data could be harvested and weaponized to manipulate public opinions to influence elections and to destroy the very foundations of informed decision-making. It sheds light on significant gaps in regulatory frameworks about data collection and processing and ethical lapses in corporate accountability. The public debate that this moment incited was over the just imperative for stricter data protection laws, corporate practices in transparency, and user empowerment around the world. It has triggered a rethinking of organizations as keepers of such sensitive information and prompted governments to think in terms of tighter regulatory frameworks concerning their digital ecosystems. Individually, it acts as a wake-up call to remember just how diligent society must be in their online footprint but also fight for their rights on the digital stage. In this interconnected world, history reminds us of the lessons learned from the incident that have taught us the need to strike the required balance between technological advancement and ethical responsibility. It is a call to action for policymakers, corporations, and citizens alike to build a future where innovation is not achieved at the expense of privacy, trust, or democratic integrity. The case of Facebook and Cambridge Analytica is a cautionary tale that also opens a window to improve the digital landscape.
Frequently Asked Questions
- What were the Legal Consequences on Facebook?
- U.S. Federal Trade Commission (FTC):
In 2019, the FTC fined Facebook a record $5 billion for violating users’ privacy. This was part of a settlement in which Facebook also agreed to implement enhanced privacy protections and oversight mechanisms. The FTC determined that Facebook had deceived users about their ability to control personal information. - Securities and Exchange Commission (SEC):
In 2019, Facebook paid a $100 million fine to the SEC for misleading investors about the risks associated with the misuse of user data. - Class-Action Lawsuits:
Facebook faced multiple class-action lawsuits filed by users and shareholders. In one notable case, Facebook agreed to pay $725 million in December 2022 to settle claims that it allowed third parties, including Cambridge Analytica, to access user data without consent.
- Is Cambridge Analytica still Operational?
No. Cambridge Analytica shut down in 2018 following the fallout from the scandal. However, concerns remain about the practices of similar firms and their influence on politics and society
- How did the Government react to the scandal?
Governments around the world responded with investigations, hearings, and regulatory reforms. For example:
- The U.S. Congress held hearings with Mark Zuckerberg.
- The UK Information Commissioner’s Office conducted a comprehensive investigation.
- The EU accelerated enforcement of the GDPR.
- How did the regulators respond globally?
European Union: The EU accelerated the enforcement of the General Data Protection Regulation (GDPR) in 2018, providing stricter data privacy protections and significant penalties for non-compliance.
United States: Congressional hearings scrutinized Facebook’s practices, leading to calls for comprehensive federal privacy legislation (although no federal law comparable to GDPR has been enacted yet).
United Kingdom: The Information Commissioner’s Office (ICO) fined Facebook £500,000 and launched broader investigations into political campaign practices.
Other Countries: Nations such as India, Canada, and Australia launched their own investigations and began exploring privacy reforms.
- Can the loophole exploited in the scandal have been prevented?
Yes, Facebook could have prevented the scandal by:
- Restricting third-party app access to user data earlier.
- Conducting rigorous audits of apps and developers.
- Promptly notifying affected users and regulators when the misuse was discovered.
Stronger enforcement of its own policies and a proactive approach to data protection could have mitigated or avoided the breach.