An app using Facebook Login harvested data from 50 million Facebook profiles. According to Facebook, the app created by psychologist Dr Aleksandr Kogan was used by approximately 270,000 people.
The app called thisisyourdigitallife offered a personality prediction. The data was passed to Cambridge Analytica, a firm that does political, government and military work around the globe.
This wasn’t a hack. Users knowingly shared their data with the app.
How was the data used?
Data collected by the app may have been used to influence the European Union Referendum in June 2016, and in support of the Trump Presidential campaign, later the same year.
An investigation by The Observer and its sister publication The Guardian, suggested that correlations between seemingly unrelated issues and topics provide an indicator of political affiliation that can be used as the basis of ad targeting.
When did this occur and why has it come to light now?
Facebook has known about the issue since 2015. The issue reached public attention on Sunday after newspaper reports. It resulted in Facebook suspending Cambridge Analytica and its parent Strategic Communication Laboratories (SCL) from advertising on the platform.
What’s the impact on Facebook users?
Users generally recognise that their data is used by Facebook as the basis of ad targeting. In this instance data has been proactively harvested and passed to third parties, although the agreement was on the basis the information would be used for academic research.
Facebook became aware of the matter in December 2015 and requested that the data be deleted, but did not follow up to confirm it had been beyond an exchange of legal letters. It’s not possible for users to foresee how this data might be used and the case has resulted in a breakdown in trust between users and Facebook.
Conversations about leaving and deleting Facebook accounts have trended on Google search and Twitter this week but it’s too early to say if the case will have a material impact on user numbers. Likewise Facebook’s Instagram and WhatsApp platforms are so far unaffected.
How has Facebook reacted?
Facebook has banned Cambridge Analytica and its parent Strategic Communication Laboratories (SCL) from advertising on the platform, and agreed to cooperate with UK and US investigations.
What action have brands that advertise on Facebook taken?
Advertisers have sought reassurances from Facebook about data protection. The ISBA, the UK trade association representing 3,000 advertisers in the UK, is meeting with the platform this week.
What does it mean for data security legislation?
A significant change in European legislation is already underway. The upcoming General Data Protection Regulation (GDPR) legislation calls on organisations to have robust data management and security policies from 26 May 2018. Failure to adhere to legislation could result in a fine of up to four percent of revenue.
Further information
This is a fast moving case that relates to many macro issues in brand marketing and public relations, including analytics, privacy, and trust in platforms. We’ll continue to track the situation and keep you updated.