The Facebook saga reiterates the scale of how personal data is being harvested to an epidemic scale. How does an organisation that collected personal data from around 250,000 users manage to scale this up to 50m users? It is worth empathising that this is nothing new and the current crisis has now put things into real perspective.
For some many years, organisations have been capturing your cookies and mining this data to influence decisions and behaviours. This practice had been accepted for so long but eventually the public realised the value of their cookies being captured and was given the option to opt out. At least this way it was their decision on whether their cookies were captured and not the enterprises. However, cookies are only just the surface of the problem as living in a visual world means that our stories are now being captured everywhere. When was the last time you even sat down for some dinner and a photograph of your dinner was taken?
Accessing personal data on over 50m users has now taken the debate to a different level, but will it really result in change? In the short term it will as the threat of legislation force enterprises to change practices, but in the long-term, a different type of change is required. The General Data Protection Regulation (GDPR) has been heralded as the new saviour to protecting consumers, but it has been in on the European statue books now since May 2016 and people are only taking it seriously one month before the “grace” period lapses. Many organisations are still trying to understand what GDPR means for them and it will a couple of more years before the public benefit from these protection rights. In some cases, it is still cheaper for organisations to be named, shamed and be fined, rather than making fundamental changes to their data workflow management. Unfortunately, the European Union has not given the local regulators the enforcement powers to make companies like Cambridge Analytica accountable and instead are using the media to pre-warn them of forthcoming action.
The key lesson from this saga is that the public can no longer be treated as commodities by large organisations. However, the public need to think long and hard about their behaviours and the ease in which they share personal data, the value that it has and how they can maintain control of it. Yes, the #delete facebook campaign is gathering some speed but that is not the answer. It is also unlikely to keep Facebook Founder Mark Zuckerburg awake at night as much as advertisers looking to withdraw advertising revenue! And then what about Instagram, WhatsApp, Snapchat etc. – the list is endless. Millions of users enjoy the ability to connect around the world using social media apps, they want a personalized UX based on their likes and preferences and in many cases social media has revolutionized people lives and social inclusion – but users want peace of mind that their data and trust is not being abused and exploited. The issue of big data, its protection and responsible use is not going to go away – it is going to escalate. We live in a world which is increasingly and rapidly becoming more open and connected with the IoT and smart devices become more widely adopted. Personal data will be harvested from data point sources that we are yet to know exist. A fine balance is needed in the digital world we live in so that consumers get value from sharing personal data versus exploitation and irresponsible, if not illegal, use of that data. Let’s hope the regulators are given the powers they need to force change and get it right. Companies need to take heed of Facebook’s current plummeting stock value and get their act together to ensure they protect individual’s data against unauthorized use and regain consumer trust.