Facebook and its chief executive, Mark Zuckerberg, are being criticized far and wide for the company’s lax privacy practices after it was revealed that the political data firm Cambridge Analytica had used a seemingly innocuous personality test to collect data on 87 million Facebook users, which it combined with data from other sources to develop psychological profiles that were used in support of President Trump’s 2016 campaign. A number of lawsuits have been filed against the site over privacy issues and the Cambridge Analytica incident in particular.
In response, Zuckerberg has apologized that the company had not sufficiently protected its users’ data.
“We have a responsibility to protect your data,” he wrote, “and if we can't then we don't deserve to serve you.” He also accepted personal responsibility for the misuse of the data. “It was my mistake, and I’m sorry,” he said in a statement before the Senate Judiciary and Commerce committees. “I started Facebook, I run it, and I’m responsible for what happens here.”
Zuckerberg also outlined changes that Facebook has and will take to protect its users’ privacy. One of the most significant is his announcement that the site will offer privacy controls that comply with strict new privacy rules that went into effect in Europe in May, and will offer these controls to users worldwide, not just in Europe.
You may be concerned about all of this if you have an account on Facebook or on other sites that follow similar business models of collecting users’ data (which is virtually all of them, including Google). But business owners should also be concerned about these developments and the possible consequences for their businesses.
Many sites require Facebook logins for their users. In fact, only a few years ago, requiring such logins was seen as a way to tame notoriously disorderly comments sections. By requiring such logins, is a website complicit in Facebooks’ privacy policies—and failures?
Even if websites eschew Facebook’s logins and use their own, questions remain about security of their users’ private data. What data is collected, how is it protected, and how is it used? And if a website charges for access, how secure is the users’ payment information?
This could also affect any website that has advertisements. How are the ads placed? What personal information about users is used to determine which ads appear? How much personal information do the advertisers get when their ad appears to a particular user? How much do they get if the user actually clicks on the ad?
And what platform hosts your site? Researchers recently discovered that many websites—including many of the larger news websites and platforms, such as Wordpress, that host smaller business’s sites—actually have the ability to track all of users’ keystrokes.
It’s unclear if there will be any changes in the wake of Zuckerberg’s appearance before Congress. Two senators have introduced a bill to give users more control over their data, while others have suggested adoption of some of the forthcoming European rules.
Anyone that operates online—either as a user or a provider—should stay aware of the debate over Internet privacy, and legislative attempts to address it.
Specialty Technical Publishers (STP) provides a variety of single-law and multi-law services, intended to facilitate clients’ understanding of and compliance with requirements. These include:
- Internet Law: The Complete Guide