The recent and complex scandal involving Cambridge Analytica’s use of 50 million Facebook users’ ill-gotten data has, understandably, left many with concerns about the privacy of the information they provide to social media platforms and the ability of third-party platforms to collect that data without the users’ knowledge. The aftermath of the revelation about Cambridge Analytica retaining the data (which they, according to Facebook, had promised to delete in 2015) has included apologies from Facebook founder and CEO Mark Zuckerberg, lawsuits filed against Facebook and general suspicion about the extent to which the data was employed in the Brexit campaign and the 2016 American presidential election, to name just a few things.
This controversy is, ultimately, just one microcosm of the larger debate about internet privacy, data collection and the use of users’ data to curate the content that a user sees, such as targeted ads or even campaign material designed to sway voters one way or the other. One question that lies at the heart of this debate is how much privacy someone can reasonably expect when using social media platforms such as Facebook — if they can have that expectation at all. After all, making a social media account with our personal information inherently involves a loss of some privacy in order to connect with family, friends and coworkers who also use the platform. With this in mind, we can’t necessarily expect total privacy given that we’re still putting information on a platform that is intended to facilitate communication and connections. The privacy that a user can expect is ultimately in relation to how careful the user is about tweaking their privacy settings, how much information they post on the site and whether they allow their profile to be open to the public or restrict their audience to friends or friends of friends.
On the other hand, the widespread backlash against Facebook and Cambridge Analytica indicates that many people still (rightly) believe that companies which handle users’ data have a responsibility to protect the data with which users provide them. Although this is justified, this expectation needs to be tempered with the knowledge that the act of uploading personal information to any social media site is predicated on a certain degree of trust in the site and the various other entities that use it for marketing and other research. This is a trust that needs to be earned by the platform, not freely given, based on how competently the site can protect that information from being harvested without users’ informed consent. Zuckerberg himself has, with good reason, referred to this situation as a “breach of trust” and Facebook is attempting to rectify things by shoring up users’ privacy and limiting the tools that advertisers on the platform can use to reach out to users.
Though it’s good that Facebook is attempting a mea culpa for this breach of trust, another question that needs to be answered now is whether that trust can be rebuilt, or whether users should have ever trusted the site in the first place, given the ways that third parties can and have exploited the platform. The immediate response for some might be that they can’t be trusted, and to cease using Facebook altogether, but that means giving up a trove of resources for connecting with others that many need in their daily lives. Dropping off the platform is simply not a viable option for many, such as those who may need these social media accounts to stay in touch with friends and family separated by long distances, for politicians who use social media to interact with their constituents or for businesses that try to keep a pulse on what their consumers want through those platforms, and of course to advertise.
Still, the benefits of social media shouldn’t blind their users to the dangers that their use also presents. What Cambridge Analytica did needs to serve as a warning that any information posted on a social media platform is only safe and private insofar as the platform can protect it, and that users ought to be far more careful about what personal information they provide to the site.
The burden of data protection doesn’t fall solely on the users, of course; Facebook and every other social media platform needs to take note of how valuable and vulnerable user data can be, and make securing that data (and being transparent about what data they collect and how they’re protecting it) one of their utmost priorities. Just because someone might be okay with Facebook knowing their hometown and job does not mean that they’re also okay with a bunch of third-party platforms knowing it as well, and in no circumstances should a third-party app be able to glean that information from a friend’s profile without that person’s permission. There needs to be far more focus on preserving privacy and sensitive information online than what we have seen so far. Cambridge Analytica’s breach of trust is just one of countless examples that current protections on data are insufficient and need to be improved, both by the users and the platforms with which users entrust their information.