Facebook and Cambridge Analytica: Statement by Jules Polonetsky, FPF CEO

|

Facebook

Yesterday, Mark Zuckerberg addressed concerns about misuse of Facebook users data by Cambridge Analytica.

I think Mark well addresses the key issues. The biggest change was made back in 2014 when Facebook altered the platform to reduce data access by apps. But did any other apps collect a suspicious amount of data back then? Facebook will conduct a full audit of any app with suspicious activity and ban apps that misused personal information. We hope those will also be reported to relevant authorities when appropriate.

Facebook will also tell people who are affected by apps that have misused their data and will build a way for people to know if their data might have been accessed via the “thisisyourdigitallife” app that provided data to Cambridge Analytica. Moving forward, if Facebook removes an app for misusing data, they will tell everyone who used it.

Facebook will also turn off access to information for unused apps, if someone hasn’t used an app for 3 months, which makes sense.

Do you ever use Login with Facebook on other apps or sites? In the next version, apps will only be able to request name, profile photo and email address, unless they get special approval.

I just checked and my Facebook profile is linked to dozens of apps. I turned a number of them off. A few are super useful – when I use TripAdvisor, I love seeing reviews by my FB friends listed first, so I can assess whether to take the review seriously! But as a Facebook power user, even I had to poke around to find the setting that displayed that information. Going forward, Facebook promises to make these choices more prominent and easier to manage.

And finally, Facebook will expand its bug bounty program to reward people who report misuses of data by app developers.

These are clearly all useful steps forward and should help shut the door on shady apps misusing Facebook data.

Thinking more broadly, it seems clear that many of the issues raised by the Cambridge Analytica controversy are not exclusive to a particular platform, data practice, or policy.

Do we need baseline, comprehensive privacy legislation in the US, with common sense data protections for users and greater certainty for companies?

Should the FTC have authority over political orgs and other non-profits to police unfair and deceptive practices? The Commission currently lacks this. And Congress is typically reluctant to pass laws that impact campaigns and political parties – the organizations that help members earn re-election.

How can new targeting capabilities – across the online ecosystem – be made more transparent for elections and issue campaigns? Do we need standards for election ads in the 21st century? Can we have data standards that are clear about what behavior is appropriate and what is not when communicating through TV, radio, in print, and online? This is an issue in the US and abroad, as the Irish Data Protection Commissioner (who handled and helped resolve a few years ago the issues of Facebook apps grabbing too much data) explains: “the micro-targeting of social media users with political ads remains an ongoing issue today.”  Although GDPR does capture the activity of political actors in Europe, guidance in the form of a Code of Conduct for political advertisers would be welcome, according to a new opinion from the European Data Protection Supervisor.

How can we support more legitimate research – for transparency about platforms and their impact, and for broader needs of society and science?  Can we have research programs managed by companies that provide more controls, a good vetting process, better informed consent for research, corporate ethics review processes?

Can we have a sophisticated conversation about the risks and mitigation strategies regarding data portability? Worries about Cambridge Analytica’s data exfiltration implicate many of the same issues raised by data portability tools and GDPR Article 20.

We are pleased to see Facebook’s response, but are looking forward to understanding how to best address the broader issues for all stakeholders.  These issues are important to discuss – they are not going away.