You might have heard this week of the big news regarding Facebook’s major privacy problems. The personal data of at least 50 million Facebook users was practically given away to a shadowy data analytics firm known as Cambridge Analytica, now known for its devious methods to influence elections and carry out blackmail operations.
That may seem like a big deal, but let’s be honest, this kind of thing probably happens far more and on a much more regular basis than anyone would like to admit. I’m willing to bet that the vast majority of ad-based tech companies have APIs and business models that are ripe for systematic privacy violations.
What’s needed is aggressive regulatory change. And it’s coming. Under the upcoming EU General Data Protection Regulation (coming into force on the 25th May), you’ll have to explicitly state which third parties you’re sending personal data to upon initial sign-up and essentially get informed consent for it if it’s not necessary to carry out legal or contractual obligations. You’ll also have to inform the user and get their informed consent even after they’ve signed up to your service if you want to send their personal data to new third parties that weren’t agreed to in the original sign-up.
Facebook and similar companies could rely on the lawful basis of “legitimate interest” instead of consent but I strongly doubt that will suffice as the ad-based marketing Facebook carries out is not at all relied on by the actual social network part of their service to operate functionally.
In short, hold on tight; we’re in for a rocky ride in the privacy world and big data in general.