Who’s responsible for misuse of online personal data?

Facebook hit our newsfeeds again when yet another data breach occurred at the end of September when over 50 million accounts were hacked. This was already the second time this year that the technology behemoth rose to the news because of data safety issues – the previous time was in March, when 50 million Americans’ personal data was used to benefit Trump’s presidential campaign. This information, collected by a British company named Cambridge Analytica, was used to create a programme that profiled a potential Trump supporter and targeted him/her with tailored political advertising. The information was collected through a seemingly harmless personality test application, by using which the users gave their consent for the developer to share their personal information with a third party. To improve user experience, Facebook also allowed the application to access the data of not only the person who downloaded the personality test, but also that of their Facebook contacts. It is illegal to sell this data to a third party or use it for marketing. The case broke data security laws bluntly and kick started a discussion about Facebook and data safety – and not in a positive tone.

Facebook’s top management tweeted that Facebook had not been part of a data security breach because people downloading the app had given their consent to share their personal information with a third party. Therefore, the breach was done by Cambridge Analytica, the company collecting this information, as it did not honour the contract between Facebook or its users.

The tweets caused an angry uproar: many thought that Facebook ought to monitor and protect its userbase from this kind of companies, but obviously it couldn’t be trusted.

Why is data collected in the first place?

Today, data is collected by everyone: loyalty and bonus programmes, website cookies, mobile applications, search engines and browsers, to name a few. Often this is justified: for instance, an application may need information from the user to function, such as a journey planner requiring location data to guide the user to the right bus stop and to improve its routes.

The purpose of collecting information is to create aggregate data, information on the masses. Examining and profiling individuals is not legal, nor even productive. Studying mass behaviour allows for identifying trends and purchase patterns and create appropriately targeted marketing. Collecting information also helps in product and service development without having to contact every single user through enquiry studies.

GDPR to protect consumers

In May, EU General Data Protection Regulation, or GDPR, came into effect. The regulation provides more protection for the consumer and adds to the responsibilities of a company wishing to collect data. The responsibilities the regulation brings are binding in all EU nations. One of these obligations is that a company is legally liable for notifying all its registered users in case of a data breach. Depending on the seriousness of a misconduct, a company can get away with just a warning, or may incur bans or fines.

Read more about GDPR and what it actually means from our blog post here.

Marketing regulations

Consumers have the right to trust marketers to obey the law, act in good faith and follow widely accepted moral principles. The legislation aims to prevent any acts misleading or harming the consumer. In addition to the legal framework, Europe has a strong self-regulating system based on the premise that marketing must be honest, legal, and follow good business practices. This framework defines the ethical rules regarding practices with customers, competitors and the society in general. People working in the field ought to be familiar with the laws and rules.

What should we think about all the buzz around data safety? Should companies constantly be on their tiptoes and be overcareful not to use user information? Going this far does not benefit anyone, but, of course, users, laws and moral values should be honoured. When planning social media marketing businesses can trust their partners to obey the regulations and respect the users.

Common ground rules are in everyone’s favour, as it makes collaboration easier, more effective, and simply more comfortable for all of us.