Angharad Neagle, group managing director of Freshwater UK, highlights the importance of data protection for businesses in the wake of an international breach of privacy.
We are witnessing a ‘watershed moment’ for online data privacy. The implementation of the EU’s General Data Protection Regulation (GDPR), which promises to transform consumer data privacy online and offline, is just around the corner, and the fallout from the Facebook and Cambridge Analytica scandal continues to hit the headlines.
While we’ve known about the impending introduction of GDPR for years, the full story behind Facebook and Cambridge Analytica’s data breach has only just come to light, but it illustrates precisely why regulations around data privacy are so important.
The latest reports indicate that the Facebook data of up to 87 million people – including more than a million UK users – may have been improperly shared with political consulting firm, Cambridge Analytica, which is accused of using the information to target and influence voters during the 2016 US presidential elections.
The data was harvested through a personality quiz app for Facebook, which was installed by around 300,000 people. Owing to the way the platform worked at the time, the app could also access the data of tens of millions of the users’ friends. This data was later allegedly improperly shared by the app developer with Cambridge Analytica.
The app’s developer says he did not know how the information was subsequently used. Cambridge Analytica denies using the Facebook data during the Trump campaign. Facebook and Cambridge Analytica are now under investigation on both sides of the Atlantic.
Since this story broke, there have been other allegations regarding the Brexit referendum in June 2016 and how it could also have been influenced by third parties.
Many organisations use online services to send highly tailored communications to specific target audiences to promote a service, sell a product or encourage behavioural change. But the idea that the personal data of millions of Facebook users could be surreptitiously used to influence how people vote, and ultimately the outcome of an election, has crossed an ethical line that has left many angry and demanding change.
Apprehension about data use and protection online are not new. Google’s collection and use of data has long been in the news - with the recent developments about the Google-Nest merger further adding concerns from privacy campaigners. But the Facebook privacy scandal has woken many of us not only to the sheer volume of information we have shared online but also the value and power it yields.
In just under 50 days’ time, consumers will have the opportunity to regain some of that power when the GDPR comes into effect. The EU regulation will seek to place data control firmly back in the hands of its owners. From 25 May, companies will no longer be able to use data without legitimate reason or explicit consent, and that consent needs to be obtained through a positive opt-in from customers. Firms will need to be clear about the data they are collecting and how they intend to use it, ensuring consumers can revoke their consent, and access any data collected from them to verify that consent was given.
For many companies, preparing for GDPR will have been a hefty task requiring significant changes to the way data is obtained and stored. But, by encouraging your audience to take control of their data, you have an opportunity to earn their trust and loyalty.
What is clear, from the Facebook and Cambridge Analytica scandal, if it wasn’t already, is how crucial it is for all businesses to take data protection, transparency and security seriously. Facebook lost more than £26bn off its value following the Cambridge Analytica row showing that not only is data protection morally, ethically and legally the right thing to do, it’s also vital to protect your brand.
This article appeared in the Western Mail newspaper on 9th April 2018.