Facebook has attracted renewed attention from regulators over how it handles consumer data following revelations that the Facebook data of 50 million users was harvested without their permission in 2014. That data then ended up in the hands of Cambridge Analytica.
Cambridge Analytica is the data analytics firm which was responsible for deciding where to spend a sizeable digital advertising budget on behalf of the Trump campaign. They were also involved with the Brexit campaign, ensuring that regulators on both sides on the Atlantic now have a reason to look into the company’s data management practices.
Over the weekend both The Observer and The New York Times published investigations based on information provided by former Cambridge employee-turned-whistleblower Christopher Wylie, as well as, former Cambridge employees, associates and documents.
“We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis that the entire company was built on,” Wylie told the Observer.
The data in question was gathered via a personality test app called Thisisyourdigitallife built by academic Aleksandr Kogan. The 270,000 people who downloaded the app gave it access to their Facebook data. Reportedly the app also gained access to the data of tens of millions of the test-takers’ Facebook friends.
Ahead of publication of the investigations Facebook issued a statement saying it was kicking Cambridge and parent company Strategic Communication Laboratories (SCL) off its platform, saying they had violated its data privacy policies.
“When we learned of this violation in 2015, we removed his app from Facebook and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed. Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data,” wrote Paul Grewal, VP & Deputy General Counsel.
“Several days ago, we received reports that, contrary to the certifications we were given, not all data was deleted.”
Facebook has also come out strongly, saying it wasn’t a data breach.
“The claim that this is a data breach is completely false. Aleksandr Kogan requested and gained access to information from users who chose to sign up to his app, and everyone involved gave their consent. People knowingly provided their information, no systems were infiltrated, and no passwords or sensitive pieces of information were stolen or hacked,” Grewal wrote.
For its part, Cambridge has denied any wrongdoing.
“When it subsequently became clear that the data had not been obtained by GSR in line with Facebook’s terms of service, Cambridge Analytica deleted all data received from GSR,” a Cambridge spokesperson told Reuters. “No data from GSR was used by Cambridge Analytica as part of the services it provided to the Donald Trump 2016 presidential campaign.”
Cambridge Analytica exec in Australia
Matt Oczkowski, head of product at Cambridge Analytica and data lead on Trump’s election campaign, was in Australia 12 months ago, speaking at ADMA Data Day. His team built up the Trump campaign database, conducted polling and digital ad buying from an office in San Antonio, Texas.
Which-50 reported on Oczkowski’s presentation, which advocated the importance of first party data sources. Based on donations, sign ups, store transactions, volunteers and event attendees, access to first party data was a major advantage in its targeting, he said.
“There’s no market difference when you are all working off the same data sources,” Oczkowski said.
The regulators’ response
In response to the articles published over the weekend, Massachusetts Attorney General Maura Healey has said her office is opening an investigation into Facebook and Cambridge Analytica.
“Massachusetts residents deserve answers immediately from Facebook and Cambridge Analytica. We are launching an investigation,” Healey tweeted on the weekend.
In the UK, Britain’s information commissioner is investigating “the circumstances in which Facebook data may have been illegally acquired and used.”
“It’s part of our ongoing investigation into the use of data analytics for political purposes which was launched to consider how political parties and campaigns, data analytics companies and social media platforms in the UK are using and analysing people’s personal information to micro target voters,” said Elizabeth Denham, Information Commissioner.
“We are continuing to invoke all of our powers and are pursuing a number of live lines of inquiry. Any criminal and civil enforcement actions arising from the investigation will be pursued vigorously.”