On data privacy
Want to read this article later?
Just tap MyLCN+ to save it to your account
The unfolding story about Facebook and Cambridge Analytica reveals in a spectacular yet rather disappointing manner how little control we have over our data and how powerful the companies who actually control it are. It seems that data protection will gain more and more weight in the legal profession in the near future, just in time for current students to start practicing.
Cambridge Analytica is a consultancy firm that used data about 50 million Facebook users to target individuals with political advertisements tailored to their views. The data was harvested through an online survey aiming to compile psychological profiles, which users voluntarily completed in return for a small sum. However, it appears that the app not only collected data about the users that completed the survey, but about all of their Facebook friends who provided no consent. It has been revealed that the tactics used by Cambridge Analytica helped manipulate the outcomes of the 2016 US presidential election and the EU referendum, the result of which might have been different if voters’ personal data had not been exploited according to Cristopher Wylie, a whistle-blower who previously worked with the company.
The issue of consent is of crucial importance for data privacy. Although users can provide consent by ticking a box at the end of long and illegible terms and conditions, is this type of consent effective? This issue is tackled by the new General Data Protection Regulation (GDPR) enforced by the European Union that comes into force in May 2018 and aims to regulate the use of personal data. One of the key changes imposed by GDPR is the increase of the standard for obtaining consent to data sharing. The request for consent must be given in a way that is legible, simple and easy to understand, stating the purpose for which data is processed. The users will be asked to opt in rather than opt out of data sharing services and will be allowed to withdraw consent at any time.
These changes clearly contribute to progress in terms of data privacy and extending the rights of individual users. However, it is unclear whether this legislation is sufficient to avoid misuse of data. One view is that data privacy will only become effective when users have a real incentive to exercise ownership rights over their data. However, it seems like users are still far from having a common understanding of what data is and how it can be manipulated. Christopher Wylie, who contributed to creating the system used by Cambridge Analytica, reveals that data-mining is obscure even to officials who are investigating it. It cannot then be realistic to expect common Facebook users to feel entitled to exercise a right that they do not fully understand. And this lack of understanding is not the result of ignorance, but simply the proof that technological advancements are developing so fast that they outpace legislation as well as the ability of non-specialists to grasp them.
In such a scenario, where it seems that technology is one step ahead of the law and hidden behind what seems like an opaque wall to most people who have only a basic understanding of data privacy, it seems that a comprehensive and effective legal framework is yet to be created. Future lawyers - current students - can already get a sense of the issues that will dominate the way in which the legal profession will develop over time. For this reason, keeping up to date with stories such as Facebook and Cambridge Analytica’s is one way to prepare for the future landscape of legal services.