CIO & LEADER-Issue-01-April 2018 (1)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Around The Tech<br />
Four lessons to learn from<br />
Facebook Analytica fiasco<br />
The world's biggest social network is at<br />
the center of an international scandal<br />
involving voter data, the 2<strong>01</strong>6 US presidential<br />
election and Brexit.<br />
Damaging consumer trust<br />
The latest data ‘breach’ comes amid<br />
growing discontent around how consumer<br />
behavioural data is being used<br />
to deliver controversial, harmful or<br />
extremist content to consumers not<br />
only across the Facebook platform,<br />
but also sites on such as YouTube.<br />
Data access versus targeting<br />
As brands look to increasingly<br />
hypertarget consumers through<br />
behavioural data, there are also growing<br />
community concerns about the<br />
significant influence they could have<br />
on consumers. Certainly in the political<br />
sphere, this can be seen from the<br />
alleged claims of Russian interference<br />
in the 2<strong>01</strong>6 US Presidential Election,<br />
as well as Cambridge Analytica’s<br />
impact on Brexit.<br />
This data was shared with Cambridge<br />
Analytica in breach of Facebook’s platform<br />
policies. Facebook admitted in its<br />
statement that it became aware of this<br />
unauthorized use in 2<strong>01</strong>5, and subsequently<br />
asked Cambridge Analytica to<br />
delete the data. Facebook did not see fit<br />
to alert users about this use of their data<br />
and took very limited steps to secure<br />
the data, by seeking certifications that<br />
the information had been destroyed.<br />
<strong>Issue</strong>s for data protection law<br />
This entire affair raises two important<br />
questions about data-protection laws<br />
globally, and particularly for countries<br />
like India that are in the process<br />
of framing their laws on privacy<br />
regarding data protection.<br />
First, the delayed and limited actions<br />
taken by Facebook, upon becoming<br />
aware of the unauthorized sharing of<br />
data, raise questions about how such<br />
breaches may be regulated. The claim<br />
by Facebook that this was not a data<br />
breach is premised on the other claim<br />
that data was harvested in a legitimate<br />
manner after obtaining consent from<br />
the users. This is reminiscent of several<br />
data-security incidents in India, where<br />
public collectors of data have claimed<br />
that by securing only one key point in<br />
a data ecosystem and ignoring others,<br />
they have adequately discharged their<br />
data-security obligations<br />
Rethinking privacy principles<br />
Data-protection laws emerged in a<br />
world that saw a preponderance of<br />
volunteered data. However, as the<br />
bulk of the data collected and traded<br />
is either observed or inferred, it raises<br />
serious questions about whether<br />
these traditional frameworks remain<br />
meaningful. The idea of privacy as<br />
control is what finds articulation<br />
in data-protection policies across<br />
jurisdictions beginning from the<br />
Fair Information Practice Principles<br />
(FIPP) in the United States.<br />
<strong>April</strong> 2<strong>01</strong>8 | <strong>CIO</strong>&<strong>LEADER</strong><br />
7