November 1, 2018
Since its founding in 2004, Facebook has amassed a user base of 2.23 billion active users. Social media sites, such as Facebook, allow individuals to stay connected with friends and family and instantly share content within their network and online communities. Users share personal information, photos, location information, status updates, and more with their social networks never considering who else might have access to the shared content. Unfortunately, it can take an incident like the Cambridge Analytica breach to make people question how secure their online content really is.
In 2018, it was announced that Cambridge Analytica had come to possess personal data for over 50 million Facebook users through cooperation with a psychology professor from Cambridge University, Aleksander Kogan, who in 2014 developed an app that was targeted toward Facebook users. The app – thisisyourdigitallife – provided users with a personality quiz in exchange for access to their personal data and the personal data of the people in their social network. This was all possible due to the early version of Facebook’s Open Graph API which allowed third-party apps created by external developers to access a personal data as long as permission was granted by the user.
Unfortunately for Facebook, news of this breach came around the same time as the implementation of the General Data Protection Rules (GDPR) which govern how personal data belonging to citizens of the EU can be collected and processed. Among the key protections of the GDPR is the requirement to obtain affirmative consent from an individual to collect his or her personal data and the limitation for data to be collected only for well-defined purposes. Since the thisisyourdigitallife app allowed users to grant access to their friends’ personal data without their friends’ knowledge or consent it is likely that GDPR could play a role in the investigation into the Cambridge Analytica breach.
The Cambridge Analytica data breach is only one example of how personal data can be collected through social media. While social media sites work to revise their data sharing policies and better secure the information that is posted, it is crucial that users are also doing their part to protect themselves and their networks.
Some of the things a user can do to protect their online privacy include:
These materials have been prepared for informational purposes only and are not legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Internet subscribers and online readers should not act upon this information without seeking professional counsel.