Last month’s Cambridge Analytica scandal reignited concerns over Facebook’s hold on our private information, resulting in advertisers pulling ads from platform, class action lawsuits against the media giant and users beginning the #DeleteFacebook campaign.
Cambridge Analytica, a British consulting firm, is accused of illegally obtaining the data of more than 50 million Facebook users in an attempt to influence political outcomes.
In the wake of the scandal, the Ryersonian spoke to one of the world’s leading privacy experts about the data breach, what the consequences for Facebook should be and how well Ontario fares when it comes to data privacy and online security.
Ann Cavoukian is the former Information and Privacy Commissioner of Ontario. As commissioner, she developed Privacy by Design, a framework that tries to proactively embed privacy into the design specification of technologies, infrastructure and policy to protect privacy from its origination. After serving three consecutive terms as commissioner, Cavoukian now leads Ryerson University’s Privacy by Design Centre of Excellence, as a distinguished expert-in-residence.
Why should students care about the Facebook-Cambridge Analytica fiasco?
Students should care about it because if they’ve got Facebook accounts, their information is going to countless unknown third parties without their knowledge or consent. And this should not be the case; that’s why Facebook is being slammed so hard by regulators in multiple jurisdictions. They’re violating a number of agreements.
I think people need to be in control of the information that they put on social media and Facebook said that you could control it, that you could restrict access to your data – and now it’s clear that’s not what they’re doing.
What are the chances Canadians were caught up in the 50 million accounts that were compromised?
I’m sure Canadians were caught up in there. I don’t know the numbers, but that’s one of the reasons why the federal privacy commissioner, Daniel Therrien, launched an official investigation into this. He’s very concerned about it and he thinks it’s outrageous that (Facebook) is not holding up to their agreements.
I think of course some Canadians will be impacted. The whole movement, the hashtag #DeleteFacebook is growing dramatically. And I think the consequences for Facebook are going to be severe.
If you were still commissioner, what do you think an appropriate consequence for Facebook would be?
It would depend on the extent of the damages that he (Daniel Therrien) finds.
But, for example in the U.S., Facebook signed a consent agreement with the Federal Trade Commission (FTC) in 2011 – the FTC regulates privacy down there – and the FTC said to Facebook: ‘You’re not honouring the commitments you made to users.’
You have to abide by the terms (of) the consent decree, which says you have to honour their request for privacy. (Last week), the FTC said they’re going to launch an investigation into this. Here’s why it’s such a big deal: their ruling was a landmark decision in 2011. The consequences for violating the consent decree? $40,000 a day per violation – multiply that by 50 million.
Two trillion dollars in one day.
Yes. They’re taking it very seriously. The financial consequences of this will be very significant. And there’s already class action lawsuits that have been initiated. But I think even worse than the financial hit – they’ve already taken a 13 per cent hit to their stock – greater than that could be the mass exodus of their customers.
Is it really reasonable to think that there will be a mass exodus though? Facebook’s so deeply ingrained in how we operate online.
It will depend on what other instruments arise, social media platforms that people can migrate to. The old adage “too big to fail” is so yesterday. When Facebook came in, MySpace was huge. I don’t know if you remember MySpace but that was a platform that was huge and within a year or two, Facebook totally took over and MySpace is gone. Nobody’s on Myspace. So, I want to suggest that they have to take this very seriously.
And if people don’t want to leave Facebook, people at least need to revisit their privacy settings and set them all anew. Because I can tell you right now, they’re going to be taken very seriously.
What’s the state of Ontario’s data privacy and online security? Are we doing okay?
We’re doing great. The reason we’re doing great is first, we have independent oversight – privacy commissioners. I never reported to the government of the day; I reported to the legislative committee through the Speaker [of the House], so I had a lot more freedom. I criticized the government a lot in my reports and if I reported to the government of the day, they would’ve fired me.
We’ve also been doing Privacy by Design for years, to complement our regulatory compliance, our privacy laws. Privacy by Design is all about trying to proactively protect data right at the beginning to try and prevent the privacy harms for arising. You want to prevent the harm, not deal with the aftermath.
We’ve been leading in this area. In 2010, Privacy by Design was unanimously passed as an international standard by the International Assembly of Privacy Commissioners and it’s been translated in 40 languages, so it has a real global presence.
Related: The future of Facebook at Ryerson
This interview has been edited for clarity and length.