Privacy advocates are calling on all social media platforms to more responsibly handle and restrict improper access to data in the wake of Facebook’s latest controversy where it acknowledged users’ personal information had leaked through a third-party app.
Although people are shocked this happened, many experts say it didn’t happen sooner because it’s so easy to penetrate this kind of thing with social media providers.
Facebook outlines clear policies around data for third-party developers, including that developers must provide a publicly available policy that explains what data they are collecting and how they will use that data.
One rule mandates that developers must “obtain adequate consent from people before using any Facebook technology that allows us to collect and process data about them, including, for example, our SDKs and browser pixels,” according to the company Developer’s policy.
However, the Cambridge Analytica -a consulting group that has worked on several high-profile political campaigns, including that of President Donald Trump’s – who used the social media company’s platform to harvest the data of 50 million users has its incident showing that third-party app developers, such as Kogan, can easily lie about their intents for collecting data – raising questions about Facebook’s ability to enforce data protection policies. “Facebook needs to do a better job ascertaining how data is used, but it’s almost impossible to control where data goes,” SecureMySocial’s Steinberg said.
For instance, Steinberg said, companies could exist who are being sold data in a similar manner from third-party app developers – and then using that data for malicious intent – such as fielding their Facebook data for potential passwords (ie a mother’s maiden name). “[Facebook is] saying it’s not a breach, but what if instead of Cambridge Analytica that data had been sold to criminals?”
Another issue is that the company’s default privacy settings on the app automatically shares users’ data – including their email address and public profile – with the apps they interact with.
While users can protect themselves by checking their app settings and customizing what they share with apps, many are unaware that this is the case, said Gebhard.
“Users shouldn’t have to do this, they shouldn’t be settings experts and they deserve so much better.” said Gebhart. “It’s ludicrous – the defaults are terrible, and they serve the business, but not the end users. As long as the defaults confusing and complex, you can’t say that users were informed.”
Some regulations exist to attempt to regulate social media providers’ control over end user data, including a 2011 consent decree mandates that users should be notified that they explicitly gave consent that data is shared beyond the privacy settings that were established. According to reports, the US Federal Trade Commission is currently investigating whether Facebook broke these rules.
However, many social media platforms are still new enough where the government, end users, and social media platforms themselves have an adequate understanding of how to protect data privacy – and what are considered ethical practices when it comes to data security.
“In our era we now have a new model that is unprecedented in human history,” said Steinberg. “When social media is this new, it’s a problem, because it’s hard to educate people about the risks and what they can do.”