Is Our Data Safe Online?

In light of Cambridge Analytica scandal it beggars the question how safe is our data online and do we really have control over how it is used.

Tech giant Facebook and data analytics firm Cambridge Analytica are at the centre of a controversy over the harvesting and use of personal data – and whether it was used to influence the outcome of the US 2016 presidential election or the UK Brexit referendum. Both parties deny any wrongdoing.

In 2014 Facebook invited its users to take a personality test. As was the case with apps and websites at the time not only did the test harvest the users data but also the data of the users friends. This has since been changed and on Facebook you can no longer do this. It is estimated that some 50 million users data, mainly in the US, was harvested without their explicit consent via their friend networks. It is then claimed that claims the data was sold to Cambridge Analytica, which then used it to psychologically profile people and deliver pro-Trump material to them.

Atis, who is a European Lawyer and specialises in Data protection. outlined the trouble it presents to Internet users.

“The issues the case brings in my mind are exactly the issues GDPR tries to solve: transparency (disclosing purpose of data processing, who will data be transferred to etc.), adequacy of data collected and its use, as well as individuals control over the data. This case shows individuals had no control over use of their data”.

“And another thing that makes this case special is purpose – data were used not to influence economic decisions (purchases) – as we’ve already used to, – but political ones”.

“The EU Data Protection Directive (Directive 95/46/EC) requires that “Member States shall provide that any person who has suffered damage as a result of an unlawful processing operation or of any act incompatible with the national provisions adopted pursuant to this Directive is entitled to receive compensation from the controller for the damage suffered.” Tricky part is proving actual damage – meaning financial loss or actual suffering from data being misused”.

Many might have predicted an incident like this. In December 2015 the EU parliament announced that they were introducing the General Data Protection Regulation (GDPR). It will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. The main objective was to give citizens back control of their personal data. However the compliance date is set for May 2018.

‘The GDPR will change this as it does not require proof of “damage” in form of financial loss or personal suffering, but presupposes that if there is misuse of data, individual (data subject) shall be compensated and misuse of data is “damage” ‘per se’. Important aspects in this case are what exactly is misuse of data here and who breached the law? As you can only claim compensation from the person that is in fault”.

I also spoke to Russ Schrader who is executive director at the National Cyber Security Alliance. The National Cyber Security Alliance’s mission is to educate and empower our global digital society to use the Internet safely and securely.

‘The 50 million Facebook profiles harvested for Cambridge Analytica should concern users of Facebook and other social media sites. It’s always difficult when people’s information is shared in a way that is not expected by them and used for different purposes than they wanted”.

Russ also expressed that we might see the last of incidents like this. “Data has always been used for political gain, going back to when you register as Republican or Democrat or whatever. That registration information has always been available to help campaigns do mailing and outreach. It helps decide what neighbourhoods to target, what TV shows to advertise in, etc. The difference now is that the data is more granular, more easily accessible and can be used to create more detailed insight in a faster way”.

“Data storage is not necessarily the issue with Facebook, but data use and sharing. I think sites will continue to use the cloud and data tags so they’re able to trace where a piece of data came from and where it’s going”.

In light of this Russ gave some tips to keep your data safe online.

We urge all Internet users to follow these STOP. THINK. CONNECT. Tips:

  • Personal information is like money. Value it. Protect it.: Be thoughtful about who gets that information and how it is collected.
  • Own your online presence: Set the privacy and security settings to your comfort level for information sharing. It’s OK to limit how and with whom you share information.
  • Lock down your login: Choose at least one account and turn on the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.
  • Keep a clean machine: Update your security software, web browser and operating system to have the best defense against viruses, malware and other online threats.
  • Share with care: What you post can last a lifetime. Before posting something about yourself or others online, think about how it might be perceived now and in the future and who might see it.
  • Secure your devices: Use secure passwords and turn on strong authentication to lock your devices. These security measures can help protect your information if your devices are lost or stolen and keep prying eyes out.
  • Think before you app: Information about you, such as the games you like to play, your contacts list, where you shop and your location, has tremendous value. Be thoughtful about who gets that information and understand how it’s collected through apps.

In this era of technological advancement it remains unknown if you really can have full control of how your data is used online. But steps can be taken to prevent situations like this happening again.

 

Ben Rees

Leave a Reply

Your email address will not be published.