European Parliament signals investigation of Facebook data use

EU chief Vera Jourová: reports of alleged abuse of personal data for elections horrifying

Facebook has denied that the harvesting of tens of millions of profiles by Global Science Research and Cambridge Analytica was a data breach.
Facebook has denied that the harvesting of tens of millions of profiles by Global Science Research and Cambridge Analytica was a data breach.

Pressure mounted on Facebook in Europe on Monday in the wake of reports of alleged misuse of the personal data of tens of millions of its users by Cambridge Analytica.

European Parliament president Antonio Tajani said the European Parliament would investigate the claims made in media reports at the weekend.

It was alleged that private information from the Facebook profiles of more than 50 million users was harvested without their permission in 2014 and that this ultimately enabled it to exploit social media activity of millions of American voters ahead of US president Donald Trump’s campaign in 2016.

Whistleblower Christopher Wylie alleged academic Aleksandr Kogan – through his firm Global Science Research, in collaboration with Cambridge Analytica – paid hundreds of thousands of Facebook users to take a personality test and agree to have their data collected through an app called thisisyourdigitallife.

READ MORE

The app was then able to collect data from the Facebook friends of the paid users.

Mr Tajani said: “Allegations of misuse of Facebook user data is an unacceptable violation of our citizens’ privacy rights. The European Parliament will investigate fully, calling digital platforms to account.”

Vera Jourová, Commissioner for Justice, Consumers and Gender Equality also noted the reports, tweeting: “Horrifying, if confirmed. Personal data of 50 mln #Facebook users could be so easily mishandled & used for political purpose. We don’t want this in the EU.”

Facebook was extensively audited by the Data Protection Commissioner in 2011. This followed complaints made by Austrian privacy campaigner Max Schrems in a case that ultimately led to the striking down of the EU-US Safe Harbour arrangement for transferring personal data outside the EU.

The commissioner’s office, at that time, examined how third-party applications interacted with Facebook and the data provided to the social media giant by its own users.

The audit report said Facebook “could significantly improve the manner in which it empowers users via appropriate information and tools to make a fully informed decision when granting access to their information to third party applications.

“With the thousands of third-party applications on the Facebook Platform, it is critical that the framework for the provision of data to such applications is as clear and secure as possible.”

It added that this was recognised by the company.

“It is also the case that while there are matters which are within the direct control of (Facebook Ireland), others are outside its control as they rest primarily with the third party application.”

The audit added that it was “not possible” for Facebook “to abrogate responsibility once the information is in the possession of the third party application and it does not seek to do so”.

When the 2011 audit was followed up in a review by the commissioner in 2012, the office found the company had made a “satisfactory” response to a number of recommendations in relation to third-party apps.

However, the commissioner said at that time it should be “made easier for users to make informed choices about what apps installed by friends can access”. The office recommended that Facebook should “re-examine providing choice to their users, short of turning off the ability to use apps altogether”.

Paul F Nemitz, the director responsible for fundamental rights and union citizenship in the Directorate-General Justice of the European Commission, said on Monday that if Schrems had made a complaint about the Facebook apps’ practices in 2011, then the privacy flaw was “known to #DataProtection Authorty (sic) in #Ireland and Facebook since 2011”.

Facebook has denied that the harvesting of tens of millions of profiles by Global Science Research and Cambridge Analytica was a data breach. It has said Mr Kogan “gained access to this information in a legitimate way and through the proper channels” but “did not subsequently abide by our rules” because he passed the information on to third parties.

US stocks fell on Monday, with the Nasdaq dropping more than 1 per cent, as

Facebook’s shares dropped by more than 5 per cent early in the day following the weekend reports about Cambridge Analytica.