Facebook and Cambridge Analytica Privacy Scandal
| Facebook and Cambridge Analytica Privacy Scandal | |
|---|---|
| Short Title | Cambridge Analytica Scandal |
| Location | UK, US |
| Date | Around 2016 Presidential Election |
| Solove Harm | Aggregation, Secondary Use, Disclosure |
| Information | Behavioral, Profile Information, Facebook Activity, Facebook Friends List, Personality Traits |
| Threat Actors | Cambridge Analytica Ltd. |
| Individuals | |
| Affected | Facebook and "thisisyourdigitallife" app users |
| High Risk Groups | Facebook friends of "thisisyourdigitallife" users, Individuals who are easily influenced or manipulated |
| Tangible Harms | Change of Behavior, Change of feelings or perception, Political manipulation |
Facebook user data was harvested without explicit consent by a political consulting firm, Cambridge Analytical Ltd. The data was targeted by political advertising during the US presidential election which raised ethical, user privacy, and misuse of data concerns.
Description
Cambridge Analytica is a data analytics company, it obtained access to the the billions of Facebook users' personal information. It gained access through an app by researcher Aleksander Kogan, called "thisisyourdigitallife". It was a personality quiz revolving app that not only collected data from the app users but extracted their Facebook data and the data of their friends. It collected a vast amount of personal data, including user profiles, likes, and other information which happened without the knowledge of affected users and resulted in [Aggregation] of data without proper/explicit consent. The collected data was then utilized for a purpose beyond what was explicitly state -- personality-quiz based, but used for political manipulation, targeted political advertising, and influence campaigns based on the psychographic profiles, influencing voter behavior. This is an example of [Secondary Use] of data. Since the data was shared with a 3rd party(the app) without explicit consent of the affected individuals also resulted in [Disclosure] of data. Cambridge Analytica violated the FTC Act by deceiving users' private data; the app users were falsely told that the app wouldn't collect Facebook data from users of their friends. However, the GSRApp collected Facebook IDs which connected their profile information and friends on Facebook. In the act of 2018, the UK Data Protection Act incorporated GDPR standards, which are relevant to the data handling of this case. The GDPR, implemented in the European Union in 2018 also aims to protect the use of Facebook user data by Cambridge Analytica violated the GDPR principle. This all resulted in Cambridge Analytica going bankrupt.
Laws and Regulations
FTC Act
UK Data Protection Act
EU's General Data Protection Regulation (GDPR)
Sources
[https://jsis.washington.edu/news/facebook-data-privacy-age-cambridge-analytica/%0A%0Ahttps://www.ftc.gov/news-events/news/press-releases/2019/12/ftc-issues-opinion-order-against-cambridge-analytica-deceiving-consumers-about-collection-facebook https://jsis.washington.edu/news/facebook-data-privacy-age-cambridge-analytica/