Facebook informed more than 80 million of its users this week whether their personal data was used by the political consulting firm Cambridge Analytica for marketing purposes. However, how exactly their data got there will remain a mystery.
Users who had one or more friends take the “This Is Your Digital Life” personality quiz on
will be notified. If you don’t see a notification in your news feed, you can go to this link to find out if any of your friends participated in the quiz that leaked user information. However, the notification simply tells users that “a friend of yours” logged into “This Is Your Digital Life,” without saying who. The quiz app mined the data of the users who took the quiz, but also harvested their Facebook friends’ data.
Facebook users have taken to Twitter to demand answers.
But the dismal truth is, it doesn’t matter whether your friends took the Cambridge Analytica quiz, said Bill Ottman, social media security expert and CEO of Minds.com. Facebook can — and still does — legally share the data of anyone on the platform. As Cambridge Analytica pointed out in an April 10 statement, no one hacked Facebook to get users’ data.
“The harsh reality is that simply by using Facebook at all you are giving away the privacy of your friends with or without using third party apps,” Ottman said. “Facebook harvests your friends’ contact data from address books, facial recognition data from photos and even creates shadow profiles of people who aren’t users of the app.”
The scandal underscores how, no matter how careful you are with your own data, your friends can compromise you easily. It doesn’t take much to get users to give away their friends’ privacy, even when given the choice. Some 98% of college students gave away their friends’ privacy in exchange for free pizza, a 2017 study from the Massachusetts Institute of Technology (MIT) found. Ironically, Facebook could be declining to share who took the quiz to protect user privacy, Ottman added, and it wouldn’t change much to know who did it regardless.
“Facebook claims they are protecting user privacy by not revealing who took the quiz,” he said. “The only benefit would be for you to go through the so-called “privacy” settings and make sure the friend that tied you to the breach is not allowed access your account,” meaning putting them on a restricted list or defriending them altogether.
Even those who did not take the quiz can be compromising friends’ security and privacy by allowing Facebook access to call and text logs or tracking friends’ locations. Facebook chief executive officer Mark Zuckerberg is testifying in front of Congress this week about what Facebook has done to lock down user data following the Cambridge Analytica scandal and future measures it’s taking to secure user data.
In late May, Facebook will have to restructure its data collection practices to comply with Europe’s new General Data Protection Regulation. It is unclear thus far how American users will be affected (A photo of Zuckerberg’s speaking notes during his Tuesday testimony showed this phrase: “Don’t say we already do what GDPR requires.”) Renewed pressure on Facebook for more transparency surrounding privacy coupled with the impending EU law are creating an interesting opportunity for Facebook, said Scott Vernick, a data privacy expert and cyber security lawyer.
“There is now a window to take the initiative, take back the narrative, and be more transparent and place more robust privacy protections in the future,” he said.