A Ping Identity survey revealed that 28% of users planned to change their social media use after the Cambridge Analytica revelations. Moreover, 54% of respondents were more concerned with protecting their personal information today than they were last year. Phil Allen, VP EMEA, Ping Identity, examines what the Cambridge Analytica revelations could tell us about security perceptions and what kind of news gets people to think about their personal data.
The Cambridge Analytica incident of 2016 has forced everyone to look up at the dark clouds gathering around privacy, social media and politics. Still, they are not without their own silver lining.
In fact, according to a recent Ping Identity survey, the fallout from the incident is changing the way people think about online privacy. We polled over 3000 consumers across the US, UK, France and Germany to learn how deep those shockwaves go.
Over half – 54% of our respondents – are more concerned with protecting their personal information today than they were last year. But more telling is that over one quarter – 28% of users – plan to change their social media use after the Cambridge Analytica revelations. The cybersecurity industry has grimly awaited an event that could shake the public out of its slumber. This may have been it.
Some believe that the data-driven tactics of Cambridge Analytica impacted the results of both the 2016 US presidential campaign and the UK’s Brexit campaign. Dragging together thousands of data sets, many of which were attained through Facebook, the firm could create highly specific psychological profiles of voters and target them accordingly. Estimates of Cambridge Analytica’s success differ wildly but by 2017, the company was claiming that it had psychological profiles on 220 million US citizens.
Since then, the ire of the international public and world governments has not just fallen on the small insurgent consulting firm, but on one of the world’s most powerful tech companies, Facebook.
At the centre of this story is Facebook’s social login, the means by which users can connect to other services and apps using their Facebook profile. What many people didn’t know was that by using Facebook Login users were also allowing the developers of those apps to see their information, as well as the information of their friends. Depending on a user’s privacy settings, that could include their public profile information, their page likes and their locations.
Much of Cambridge Analytica’s data came through this very pipe. One app in particular, called ‘This is Your Digital Life,’ provided the company with the data of over 270,000 individuals. Those downloads translated into the harvesting of rich personal data from 50 million Facebook users.
By Facebook’s own admission, the data of as many as 2.7 million Europeans may well have been exploited by the political consultancy. As a continent whose people and governments have registered particular distrust with Silicon Valley’s giant social platforms, their response will not surprise many.
Germany has taken the news particularly seriously. Our survey found that as many as 50% of German users will no longer be using Facebook social login as a direct result of the scandal. German regulators have opened an investigation into Facebook and Cambridge Analytica’s practices. Over 300,000 Germans downloaded the app which collected data for Cambridge Analytica. The social media giant should be expecting a call from the German regulator.
Users all over Europe are doing much the same. Again, our survey found that 41% of users in France will also stop using Facebook social login. France’s famous distrust of Silicon Valley has only been fortified by the news. Another survey, released shortly after the news of Cambridge Analytica’s involvement, revealed that two thirds of the French public did not trust social media companies to safely look after their data.
This could reflect a move towards French ‘Digital Sovereignty’, a wish to move away from foreign tech companies which – consciously or not – endanger the safety of French citizen’s data. In that spirit, the French National Assembly and Army ministry declared last year that they would stop using Google (with whom French and European regulators have long battled) and started to use Qwant, a European made search engine which claims to not track its users.
In the UK, 39% of respondents to our Ping Identity survey are saying that they’ll stop using Facebook Login. The number is high, but more surprising still, is that it’s not higher. UK citizens make up by the far the largest number of Europeans affected by Cambridge Analytica’s work (107,9031 according to Facebook). Furthermore, allegations of its involvement in the 2016 Brexit referendum have come to light in the British press, prompting further investigation by UK lawmakers.
How exactly the General Data Protection Regulation (GDPR) might apply here is still unclear. The violations of personal data that Facebook allowed were made safely before the May 2018 GDPR start date. The UK regulator announced in July that Facebook would be fined £500,000 – a large fine for most, but mere pennies for the social media giant. Had those violations been made after, Facebook would be looking at much larger penalties, that could reach as high as 4% of their global turnover.
The GDPR may be one of the few international regulatory devices which could have taken a sizeable bite out of even the behemoth that is Facebook. While it was devised long before anyone knew the name Cambridge Analytica, it was designed to stop these kinds of violations.
As the smoke has cleared, Facebook has promised to make wide-reaching changes which, the company assures us, will stop this from happening again. Cambridge Analytica and Facebook are currently being watched very closely in parliaments, courts and public arenas. Indeed, they’re being hounded by regulators all over the world.
But there’s another outcome here. Cybersecurity professionals have long wondered what it would take to get the general public to think about privacy and data. Whatever the final conclusion of this incident, the waves that Cambridge Analytica made in 2016, are pushing those once distant concerns ever closer to shore.