Facebook must be held to account

Under Mark Zuckerberg’s leadership, the company has suffered from a wide range of chronically unaddressed data privacy and data misuse problems

Under Mark Zuckerberg’s leadership, the company has suffered from a wide range of chronically unaddressed data privacy and data misuse problems that he and Facebook often initially underplayed, whether it be data exposure or election manipulation. Photograph: Dado Ruvic/Reuters

Under Mark Zuckerberg’s leadership, the company has suffered from a wide range of chronically unaddressed data privacy and data misuse problems that he and Facebook often initially underplayed, whether it be data exposure or election manipulation. Photograph: Dado Ruvic/Reuters

 

Anyone who believed the Cambridge Analytica/Facebook story had run its course found otherwise with this week’s further disquieting disclosures. On Wednesday, Facebook admitted that the number of users whose data was improperly shared with Cambridge Analytica was more likely to be 87 million, not 50 million.

The reason so many could be affected is that the yourdigitallife quiz app also took data from the Facebook friends of the person who installed it. Facebook said that while 97 per cent of those who used the app were Americans, as many as 45,000 Irish people may have had their data shared with Cambridge Analytica. Then, Facebook’s chief operating officer Sheryl Sandberg disclosed that the company had disabled a feature that could have allowed the public data of Facebook’s two billion users be collected by malicious users.

Such data was, she said, “public” anyway. But, as with so many of these revelations, the average Facebook user worldwide was unlikely to have understood or shared this view of what “public” means. Sandberg’s comment bypasses the fact that such data also has specific EU privacy protections. Any third-party may not scrape data without notification or consent. Facebook’s failure to protect its European users from such activity runs contrary to the principles of EU data law.

The same applies to Irish and other EU victims of Cambridge Analytica’s data gathering. The friends of those who installed the app were never notified. And the app should not have had this capability in 2013. On the basis of Austrian Max Schrems’s complaint to the Irish Office of the Data Protection Commissioner (ODPC) about how Facebook managed his data – which highlighted such undisclosed, nonconsensual third-party access – the ODPC audited Facebook twice by 2012 and identified this problem. But Facebook only removed third-party access in 2014. Had the ODPC used its enforcement powers, Cambridge Analytica would never have had the opportunity to do what they did in 2013.

Facebook as a corporate entity must also be held to better account. Certainly, the viability of Mark Zuckerberg, its chief executive and chairman, and of the board, must be scrutinised. Under Zuckerberg’s leadership, the company has suffered from a wide range of chronically unaddressed data privacy and data misuse problems that he and Facebook often initially underplayed.

Board members should have provided the oversight that ensured known problems were systematically dealt with. But the chairman of the board is Mark Zuckerberg, a problematic conjoining of chief executive and chairmanship roles that is widely considered poor governance. All of which signals little is likely to change at a company that has failed to seriously address data privacy concerns for years.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.