what responsibilities do social media companies have in regards to users and their privacy?
Allow'southward perform a small experiment. You've probably heard most haveibeenpwned.com, a webpage capable of showing whether your personal data has been leaked just by inbound an email address you use. It can be a private or a business concern one, all you lot take to do is enter it on the site's front page. It is recommended to utilize a private one because most of u.s. utilize individual emails for creating social network accounts, accounts for various sites, Steam accounts, and other digital accounts we employ. Of grade, since known companies that provide tools used by businesses – such as Dropbox – as well had their servers breached and user accounts stolen, you lot tin can as well bank check whether your business concern email was a part of a data alienation.
The chances are, you lot've probably already used the service (maybe out of marvel, like most of us), probably institute out that your personal data has been leaked, considering we live in a world dominated by digital presence, dominated by companies that base their services on the web, and dominated by new means to steal someone's personal details. The personal email address we entered showed that it has been a part of iii major data leaks – Dropbox information breach that happened in 2012, Last FM breach that also took identify in 2012, and Nexus Mods (a game modding site that covers mods for popular games such every bit Skyrim, Fallout, The Witcher three, etc.) – which is an excellent effect when nosotros take into account that the site lists 275 websites that got their users' data stolen. Our business organisation electronic mail address luckily hasn't been pwned.
Facebook and Cambridge Analytica and The Misuse of individual data of l million Facebook users
Facebook still is the most pop social network in the globe, and although it saw a steady decline of its younger users in Western markets during last year the network sees a steady rise of users in Asia, which became the network'due south largest region. No matter the fleeting numbers, Facebook still has more than 2 billion active users in the earth, and they all give admission to their private data to the company, but more than on that later.
Before delving into Facebook'southward Terms and Conditions, permit'southward talk about the latest information breach that included all kinds of private data from 50 million Facebook users. Of course, the company didn't narrate this massive scandal as a information breach, and technically information technology isn't.
You see, Facebook Terms and Atmospheric condition allow the company to gather and to store all kinds of user data. Your photos, likes, online activity while on Facebook (and while browsing the web in general), pages you visit, purchases you brand online, your contacts listing, even your location, it's all stored somewhere on Facebook's servers used for ane major purpose – to requite the network better information for advertising purposes. Names are unimportant here – all that matters is data, your age group, your gender, where yous live, which brands you like, everything but your proper noun. Metadata used by the company to serve better ads function better without names, and nosotros aren't even numbers. For Facebook (and other social networks and many online services) we are just nodes filled with lucrative data that can brand those nodes spend more money and raise the profit margin.
The human mind is quite complicated tool and personality traits don't touch behavior in high enough level to be used for controlling people's opinions.
. .
And when you know all this, it is easier to encompass the next role of the Cambridge Analytica scandal, and why it tin't be chosen a data breach. You see, Facebook allows app developers besides as folio creators to access every bit of data available to Facebook. And back in 2014 (when personal information of those l meg users was gathered), the visitor also immune developers to get personal data of users' friends, but it disabled it some time ago. This allowed app developers to know nearly anything about you, all you had to do is use Facebook Login characteristic or have one of the numerous quizzes that spring all over Facebook while you browse your News Feed.
And one of those apps was developed by Dr. Aleksandr Kogan, a psychology professor at Cambridge Academy. His app used the infamous Facebook Login characteristic and gathered data from around 270,000 users. Back in 2015 when Kogan gathered data, Facebook allowed developers admission to friends data from users' who used apps, then in full, he managed to gather data from 50 million Facebook users in total. And that highly personal data was then used for building psychometric maps (maps of users' personality traits) that could, in theory, allow researchers from Cambridge Analytica – a political data firm hired by President Trump's 2016 election entrada – to influence user behavior as well equally their political views.
. .
Access To Personal Data Has Been Denied
In practise, this is highly unlikely. The human mind is quite complicated tool and personality traits don't touch on behavior in high plenty level to exist used for controlling people'due south opinions. Only, the fact stands that one person gathered private data of 50 million people then gave the information to a political data firm, which used the information to effort influence voters, which is highly unethical and highly troublesome. And then, Kogan used data because he was immune to, just in one case he handed it over to Cambridge Analytica he violated Facebook Terms and Conditions. So, in the finish, it wasn't a data breach, it was just mishandling private user data. If y'all think well-nigh it, that'due south even worse.
It's worse considering Facebook gives access to their user data to anyone who integrates Facebook Login to their app, or has an app or a page on Facebook. In other words, not only Facebook does have your information, only numerous other individuals. And who knows how many more than of them misused data for their ill intentions, just never got defenseless? And this raises the question of moral and responsibility when you hold a huge base of operations of private information. Should y'all allow 3rd parties admission to the data, and should you let them access in such a simple fashion? All i has to do in lodge to showtime building their ain private database is to create a uncomplicated quiz/questionnaire/whatever type of simple app and that's it! Sure, your database will be a lot smaller than Facebook's but for some experiments and advertising researchers even a couple of thousand users and their individual information is more than enough. And when it is known that people at Facebook ran all kinds of social experiments on their users (some of them being highly disturbing and unethical) just imagine what it tin be washed with users' individual data if it gets into wrong hands.
User data is the oil of the 21st century
Let's talk a bit virtually selling user data to third parties. If you visit big.substitution yous will run into that the company provides a platform for selling and ownership user information. Yes, you read it correct, they enable individuals and companies to commutation their databases including all kinds of private data of their users. Sure, the site explains that the data is encrypted while kept on their servers and that anyone interested in ownership users data won't receive any personal info regarding individual users, but "behavioral data like URLs visited and search queries and sociodemo data like gender and interests."
. .
Poor Security Measures
Then, every bit we said, our names don't matter, but everything else does. Sites nosotros visit, pages we like, platforms we have accounts on, our gender and age group, and much other info that some (if not all) users would consider private. And so, even if your name or home accost won't exist used, that doesn't mean selling your data is something morally positive, but it is legal. And while information technology technically doesn't endanger your privacy, on a larger calibration this, and other practices that involve using databases from large groups of users for research, advertising, social experiments, or something else, means that we, as a humanity, live in a earth where privacy slowly becomes a remnant of the by.
Sure, the big companies don't know your name, but they don't demand it. Based on your age group, gender, location, and stuff yous practise online, they can completely customize your experience while browsing Facebook, reading the latest Tweets, or checking out Instagram. And the worst matter is, that in the case of Facebook, they have your name, on top of everything else, enabling the visitor to perform social experiments on highly specific user samples (or shall we say, unwilling participants).
And let's recall for a minute nearly how many cases of user information misconduct happened that Facebook hasn't been aware of? Kogan and his questionnaire gathered data from 50 million users, and he later handed them over to a major analytics company, and Facebook knew virtually it from the beginning. But, what if an individual creates an app, harvest data from a much smaller number of users and and then sells it to an ad company? That'due south highly possible, and considering of Facebook's immensely powerful ad targeting tools, ad companies (or experimental psychologists, for example) can just rent a developer, allow them create a simple app (in the form of a quiz or a questionnaire or something else), then target a highly specific user group – unemployed males age 20-25 living in and effectually Göttingen, Germany, who liked pro-marijuana pages – and perform a research with the collected data, or create targeted ads using the data they collected. Possibilities are endless and privacy is nowhere to be seen. It has been done for years!
And there is, of course, a black market for stolen user information. Passwords, social network accounts, information gathered via smartphone apps, medical records, credit card info, yous name it. The marketplace is huge and you can purchase practically anything you desire there. Fifty-fifty data from secure sources, such every bit Apple tree IDs, aren't safe. Private data, such as Facebook details and likes, probably isn't listed there because it tin be accessed extremely easy. But create an app, target your audience and wait for them to solve the quiz. It'due south simple, in 21st-century user information, non oil, is the thing that drives the economy forward.
Facebook isn't alone in this
While Facebook was, and withal is, the most controversial social network of them all when it comes to handling user data and using their user base in social experiments, they aren't the just social network or a large online company mishandling private data.
Google, Twitter, all kinds of online platforms, LinkedIn, Instagram (owned by Facebook), Snapchat, and many more all have access to highly sensitive individual information, which is stored on their servers and could be stolen someday at present. Some of them were victims of data breaches, similar LinkedIn, and Snapchat. More than than 360 million MySpace user credentials surfaced online. Most social networks use poor security measures and aren't even able to recognize all of the false accounts they accept on their platforms.
And many threats cannot be recognized earlier information technology's too late. That'south the case with numerous Facebook scams, Twitter bots stealing user data, Snapchat and their poor security measures allowing everyone to send you a friend request (and teens, the main portion of Snapchat users, are the ones who will nearly certainly have any friend request), and many more than social network vulnerabilities that happen all over the globe. Google uses all kinds of information from their users, and numerous apps on Android and on the spider web too have access to the information (just check out all of the permissions you gave to various apps installed on your smartphone). Then, when a breach happens, who is responsible?
. .
Keep Your Privacy to Yourself
Individual responsibility and data protection in a global hamlet where every house has dissimilar laws.
When the data breach happens, CEO's are probable to be blamed. And many of them did accept responsibility for, but penalties they face are sometimes laughable. Melissa Mayer, Yahoo CEO, got a toll cutting but still kept her chore after the biggest data alienation in history when more than billion user accounts were compromised!
And and so nosotros come to the problem of globalization. You lot see, social networks operate on a global scale yet nosotros live in more than two hundred countries, each with their own set of laws. And many of them don't take laws regarding net privacy and information breaches. Lots of countries are just trying to keep their head higher up the crushing waves of the terminal economic crisis and the sad reality of uneven distribution of goods in the modern world, with growing drinking water shortages and food scarcity, and they don't have the time or resources to hire experts to create such laws, let alone enforce them. And lots of countries, like the Usa, have some sort of consumer privacy constabulary merely they are imperfect, to say the least.
Every company that does business with citizens of Eu fellow member countries will exist required to notify government of a information breach within 72 hours of discovering the event or face stiff fines...
. .
The Eu and its General Data Protection Regulation (GDPR) is the motility in the right management when it comes to personal privacy. When GDPR goes into effect on May 25, 2018 "every visitor that does business organization with citizens of EU fellow member countries volition be required to notify authorities of a data breach within 72 hours of discovering the issue or face stiff fines. The rule applies to whatever visitor, located inside or outside the EU, that offers products or services to citizens of European union fellow member countries, and that collect, process and hold personal information of EU citizens." Russia's law on personal data asks from companies to hold user data on servers located inside the country, which is an first-class solution in theory but can lead to problems in practice. If a visitor doesn't move servers to Russia, it will be blocked by authorities, like was the case with LinkedIn. Simply, this law doesn't include measures to counter data breaches and to force companies to notify regime when a alienation happens, like GDPR does.
Overall, laws concerning personal privacy are scarce and many countries either don't have them, don't enforce them, or have them but they aren't good enough. And since we live in a global village where each house functions by its ain laws, global responsibility, where CEOs will take the blame and penalties and where companies will face charges and fines, is practically nonexistent. Nosotros will run across how GDPR will work in one case information technology goes into full issue, just even if the regulation proves to be effective, most countries won't be able to protect their residents' online privacy on a global calibration. So, what can we exercise?
It all comes down to personal responsibility
Aye, servers, where personal data is kept, are secure in many ways but tin exist hacked. Many large companies faced cyber-attacks and the trend will continue. No affair how to secure individual information is, it can be stolen. Data protection is there, only it isn't an all-powerful measure out capable of stopping everyone. NSA probably has backdoors placed within most large cyberspace companies, information technology sure had them in past. And we, the users, are oft behaving contrary to the conventionalities that well-nigh people cherish and highly appreciate their privacy.
And then, when it comes down to online privacy and protection of our ain personal data, the penultimate responsibility is on united states of america, non some CEO of some social network on which yous put your whole life on a plate for everyone to see. Our online behavior is important and if you want to keep your privacy don't fill up any lightheaded Facebook quiz, don't enter your personal information. You encounter, a person can alive without Facebook. Twitter is a great source of data simply that doesn't hateful y'all should create an account under your real name.
. .
Everything is in Our Hands
Side by side, don't visit unsecured sites. Mod browsers show when your connection is secure (a petty lock icon commonly found next to the site spider web address), so don't visit those sites that are labeled every bit unsecure, and if you decide to visit them don't go out any kind of personal information (like usernames, passwords, credit card info, etc.) on them. Utilize password managers and when you discover that a service you have an account on is compromised, change the password immediately even if your business relationship isn't part of the alienation. 2-step verifications are also extremely useful tools capable of keeping your private information safety, employ them on whatever service that offers ane.
Be responsible, your online data is equally important as your passport, your ID carte, or your medical record. Don't hand out social networks your privacy on a plate, there are already billions of people who already did that, and more will come. Don't exist one of them.
Aigerim is using Turtler in her own hiking and outdoors adventures and proud to be promoting information technology worldwide as our Marketing Director extraordinaire.
Source: https://turtler.io/news/data-privacy-in-social-media-who-takes-responsibility-and-data-protection-as-a-priority-feature