Facebook and Cambridge Analytica’s Scandal: Misuse of personal information of 50 million Facebook users

Facebook logo

Over the past few weeks, it has been revealed that Cambridge Analytica, a marketing company, harvested the personal information of 50 million American Facebook users for political purposes.

Artículo disponible en Español | Article disponible en Français

Cambridge Analytica used the data harvested to create targeted political ads during the 2016 American elections, which were already filled with issues, such as the suspicions of Russia’s involvement and support to Trump.
The company is also suspected to have participated in voter manipulation during the Brexit campaign.

The way Cambridge Analytica accessed this information was via a personality test, which sent back all your personal data, as well as your friends’. This information was supposedly destroyed, which turned out not to be the case. Harvesting and using users data without their consent is also against Facebook’s rules.

After this information surfaced, a movement was formed, #DeleteFacebook. Thousands of people closed their Facebook accounts, with the most notable one being Elon Musk, who deleted Tesla and SpaceX’s accounts.
Let’s take a short break here: the irony in this movement is that Facebook owns many other services, such as Instagram or Whatsapp. People deleting their Facebook accounts or pages and keeping their Instagram or Whatsapp accounts have pretty much wasted their time, as they are still users/customers of Facebook.
Soon after the start of this movement, Facebook lost 7% of its value in the stock market, even though it went back up soon after.

The British Information Commissioner’s Office (ICO for short) stormed the offices of Cambridge Analytica, to seize information for the investigation that has been opened.
European data protection authorities have also rallied behind ICO.

The European Parliament has called Mark Zuckerberg, Facebook’s CEO to appear in front of the EP to explain the companies’ position in this situation, as well as how the personal data of 500 million Europeans is being used.
Facebook has recently been getting in trouble with different European governments. Some of these cases are as follow:

  • In May 2017, Facebook was fined 150 000 euros by the CNIL, the French data protection agency, for tracking its users without their consent. The same happened recently in Belgium.
  • In September 2017, Facebook was fined 1.2 million euros by the AEPD (Spanish Data Protection Agency) for breaking the rules on personal data protection. From what the AEPD said, Facebook compiled, stored and used the users’ information for advertising purposes without obtaining the users’ permission beforehand.
  • In January 2018, in Germany, Facebook was forced to modify its terms of use, found to be against German rules on personal data protection. This includes geolocation for private exchanges via the mobile app, for example. In total, 8 conditions on the terms of use were found to be contrary to German law. If Facebook doesn’t rectify the situation, they’ll have to pay 250 000 euros per illegal condition.
  • In February 2018, Facebook was found guilty of breaking Belgian rules on data protection. Facebook will have to pay 250 000 euros a day, up to 100 million, until they apply the ruling from the court. Facebook was tracking users using cookies, as well as storing this information, without telling people clearly. This involved not only Facebook users, but also users who don’t have an account, through the “Like” and “Share” buttons many websites include. The company already said they will appeal the court decision.
  • In March 2018, Facebook and Whatsapp were fined 300 000 euros each, 600 000 euros in total, by the AEPD, for not respecting both Spanish and European rules on data protection. Whatsapp is owned by Facebook since 2014, and in 2016, they modified the terms of service, introducing changes such as sharing information with Facebook. Users were not properly informed, or not even given a choice to whether they wanted to accept or refuse these updated terms.

The 25th May 2018, new rules on data protection will be enforced in the EU. These new rules, known as “EU General Data Protection Regulation” (GDPR for short), affect all companies in EU or trading with EU and dealing with “EU data subjects”, in other words, European citizens. Companies not complying with this new regulation may be fined up to 4% of their annual global turnover, up to 20 million euros.