We may be experiencing a new era in the fight against companies who fail to protect the privacy of their subscribers and the story has been all but hidden amidst the clutter of other news stories as the UK sues Facebook wave of the future?
Demanding Audits and Imposing Lawsuits
Lawmakers in the United Kingdom have leveled a maximum penalty (under their laws) of $644,000 against Facebook for failing to protect the privacy of their citizens. This suit dates back to a period between 2007 and 2014, culminating in the high publicized case of Cambridge Analytica. During the period Facebook handed over access to their data without asking Facebook users consent to do so.
It has been estimated that something like 87 million had their personal information retrieved. If you use Facebook, you might realize that the app developers had your personal information as well as your email, web site data, in some cases, telephone numbers and other information.
An individual Facebook user is by and largely powerless. We can shut down our accounts, that is true, but in the case of a breach, a corporate giant such as Facebook could say, “Oh well.” The personal data we have shared is long gone. The personal data could long after be packaged with a million or so people “like you,” and be used for advertising and marketing (the most benign) or re-purposed by nefarious operators to send you malware, telemarket with bad intentions or attempt to network through email addresses and the like to steal money, trade secrets or even proprietary information.
Facebook is unlike other social media entities. There are 2.23 billion users. To fail to do the utmost to protect users is unethical, to say the least. Make no mistake, to “us” it is a social networking tool (no matter how we define it), to Facebook, a publicly-traded company, it is a money-making enterprise. At the end of the day, it is about profit and loss – that’s what drives the stock price.
In addition to the fine levied by the British government against Facebook (literally a drop in the bucket), the European Union wants an audit of Facebook to determine how the company is safeguarding our privacy. It is long overdue. The U.S. has been slow to crack down on Facebook data usage, but the EU is demanding answers.
“Facebook failed to sufficiently protect the privacy of its users before, during and after the unlawful processing of this data,” said Elizabeth Denham, the EU information commissioner. “A company of its size and expertise should have known better and it should have done better.”
The data breach
As the Facebook data breach was brought to the light, foreign governments grew angry at the cavalier attitude in the Facebook corporate offices. Since January 2018, new laws have been put into the place by the EU. The $644,000 reflects the maximum fine that was allowed in 2017 and before, under the new penalties, Facebook could have faced a fine of as much as $1.6 billion.
There is some movement afoot in the U.S. to bring our laws in greater alignment with the EU privacy protection laws led by the State of California. This is apparently getting the attention of big tech organizations. In the end, and despite Mark Zuckerberg’s rhetoric about having to do more and do better (easy, throw-away lines gobbled up only by the Facebook faithful), when billions in fines are threatened by countries and states, that is what gets them to sit up and take notice.
Nevertheless, until they are confronted with those big fines, Facebook does not seem very contrite. Said Facebook over the measly little fine:
“While we respectfully disagree with some of their findings, we have said before that we should have done more to investigate claims about Cambridge Analytica and taken action in 2015…”
This issue, however, of countries and states against Facebook and threats of massive fines, is not about money or even privacy. It is about ethical behavior. Whether Facebook or a tiny, mom and pop company, the opportunity to commit fraud and the need to profit from that fraud can always exist.
Is Facebook by nature a fraudulent company? I think not. However, Facebook rationalized that despite its massive user base and the trillions of pieces of data it had collected, that the risk of data breaches was minimal or inconsequential compared with the opportunity to profit from their users. They were wrong and perhaps, still continuing to be wrong.
While we would like to take Facebook at its word, given the risks to your data, my suggestion is that while one person (you) may be of minimal concern to Facebook, but you must be of maximum concern to yourself. Safeguard your data and monitor what you post, what you say, and the information on your profile, because the UK sues Facebook wave of the future?