Facebook is under fire after the social media giant admitted it didn’t prevent data from as many as 50 million users getting to political data firm Cambridge Analytica, which it used to develop precise targeting to help Donald J. Trump win the U.S. presidency.
According to Jörg Pohle, a researcher at the Humboldt Institute for Internet and Society, the negative press surrounding Cambridge Analytica, “to say it bluntly: [is] because of Donald Trump.”
The data firm is also under scrutiny for its psychometric testing. How far is too far in this new world which gives insight into behavior, attitudes and intentions?
Cambridge Analytica has denied wrongdoing but has suspended its chief executive. Authorities and Facebook are investigating how the company obtained psychometric data on openness, conscientiousness, extraversion, agreeableness and neuroticism (OCEAN) from Cambridge University which had exploited agreements with Facebook on academic research.
WikiTribune spoke to experts to better understand how Cambridge Analytica may have used the personal data of tens of millions of private citizens and to discuss the ethics of “Big Data”.
We talked to:
- Frederike Kaltheuner, head of non-profit Privacy International’s Data Exploitation programme.
- Andrej Zwitter, an expert in Big Data governance and professor of international relations and ethics at the University of Groningen, Netherlands.
- Brent Mittelstadt, a research fellow and British Academy postdoctoral fellow in data ethics at the Oxford Internet Institute.
- Joe McNamee, executive director at European Digital Rights.
- Jörg Pohle, researcher in global constitutionalism and the internet at the Humboldt Institute for Internet and Society, Germany.
The “big nudge”
WikiTribune: Profiling of users based on their data is widespread. Why is Cambridge Analytica under fire and when did it cross ethical lines?
Kaltheuner: They’re being investigated for how they obtained data, and that’s why they’re under fire … But micro-targeting ads, also based on psychometric data, is something that is actually done by quite a lot of companies. [Privacy International] is generally concerned about any industry that feeds off exploitation of people’s data.
Zwitter: The ethical problem begins when one profiles for themes that are sensitive regarding individual and group data protection, such as political affiliation, sexual orientation, or health, i.e. information that can be misused for political or criminal ends, and that was collected without the consent of the subject. Cambridge Analytica went beyond profiling and employed what is called “Big Nudging.”
The term comes from Nudge Marketing. One uses “nudges” that can be conscious or subconscious triggers to elicit a certain response in people. It’s one thing when you know that you’re being nudged. It’s another if it’s used to manipulate people by using unconscious desires and psychological mechanisms undermining their personal freedom of choice.
‘This eruption now is pretty much the product of double standards’ – Pohle, Humboldt Institute
Mittelstadt: Profiling … it’s sort of a shortcut to know what sort of person you are, what person you’re being perceived as. Whereas with [psychometrics], it seems to be going a step further, in the sense that companies are going to actively try to change your behaviour for a very, very specific end. It’s pushing you to take an action that would undermine one of your fundamental rights as a citizen to elect who represents you. And so I think it’s what it’s trying to push you towards, what it is they’re trying to influence, that makes this distinct from just normal profiling.
Pohle: [on why CA is under fire] To say it bluntly: because of Donald Trump. When Barack Obama and his team started … using social media data, user-generated content and meta-data on personal interactions and social relationships for targeting people in their election campaigns, almost everyone was cheering and applauding them for using these very data … to better political micro-target voters. So, all in all, I would say, this eruption now is pretty much the product of double standards.
Can we really expect politicians to crack down on companies such as Facebook when they too rely on such data to get ahead?
Pohle: Not really. But on the other hand, that very much depends on the amount of public uproar. If the public outcry is loud enough, politicians might be pressured into cracking down on these companies even against their own interests.
‘It’s hard not to use these tools, if other politicians use them too’ – Zwitter, Groningen
Kaltheuner: It’s really important that politicians set an example by promoting data protection. They should also be using data in a way that complies with the law — the fact that the UK’s Information Commissioner’s Office is looking into political parties and campaigns shows that this is, sadly, not a given. It’s also important to keep in mind that this isn’t about the big social media platforms — data brokers, data analytics companies should all be part of this conversation [too]. Because these are not consumer-facing, they get less attention than they should.
At the same time we are experiencing the devastating effects of this development already: the gradual loss of credibility of information, news and of scientific facts. How can we still make democratic choices if we cannot trust the information we receive?
Mittelstad: Of course, political campaigning will be much more data-driven now: a new standard has been set. That doesn’t mean that the politicians will be directly reliant on Facebook to supply the relevant data. There’s also the question of what stand will be taken by governments and politicians towards big tech companies. When a bad story comes out about a tech company, then everybody’s happy to jump on the bandwagon and vilify that particular company. But to affect real change in the sector, you need a concerted, broad-reaching approach, not ad hoc reactions. It will be interesting to see what role the GDPR plays in all of this going forward.
Will people change their online behaviour because of scandals like this?
Kaltheuner: I think it’s very good that this case is making people think about things like privacy and data protection and how companies are monitoring, tracking and profiling you without your knowledge or consent. However, I strongly believe that we shouldn’t place the burden on individuals. Companies need to protect privacy by default.
Mittelstadt: People will often not care about privacy … until they have a reason to. A perceived lack of concern for privacy is not a justification to violate it. There’s terminology being thrown around here [with the Cambridge Analytica issue] – whether this was manipulation or persuasion of voters. If it’s presented as persuasion, that comes off as much more acceptable. If it’s manipulation, there’s a psychological component to it, where something about you is being exploited in order to get you to take a preferred action … it depends on how people will perceive this sort of profiling.
I think the more interesting response to look at, though, will be the people that end up engaging less and less with [Facebook] over time, or sharing less and less information about themselves, as opposed to just deactivating their accounts.
McNamee: Yes. According to the National Telecommunications and Information Administration (NTIA), they have already started. This is the start of society understanding what profiling actually means. It is logical for people to think that if they give Facebook five pieces of data, they are just giving Facebook five pieces of data. Profiling involves giving Facebook five pieces of data, Facebook comparing these five pieces of data with similar data from a billion other people and generating five new pieces of data about them, that they will never have access to, and using this data to manipulate your economic, social or political choices.
Scandals like this are crucial for this fundamental and essential change in people’s perception of their privacy, security and protection of their data.
Pohle: No. The amount of people who changed their online behaviour after the Snowden revelations was really small, and the same can be expected after this Cambridge Analytica case.
How will Europe’s data protection rules, the GDPR, change this?
Kaltheuner: So in this particular case, the only reason why we’re talking about data protection, is that Cambridge Analytica is based in the UK (that’s why the Data Protection Act 1998 applies to them). The U.S. doesn’t have data protection laws in the sense that we have them in Europe. GDPR won’t change that. GDPR changes the extra-territorial reach and the consent permission is stronger, the transparency position is stronger.
Mittelstadt: On the GDPR, I think it is very much a step in the right direction. If all this had happened after the GDPR had been in force, then it would be a much more interesting conversation about how supervisory authorities in Europe respond, for example by levying significant fines against Facebook for, essentially, letting users’ data be re-purposed without explicit and specific consent. The extent to which the stronger powers given by the GDPR will actually be used by regulators to fine or control tech companies is a very interesting question, too. We just don’t know yet.
These interviews have been edited for clarity and readability.
See WikiTribune related articles
- European Union forces pace on protection of individual data on the internet
- WikiProject: World business prepares for EU data protection rule
- Europe’s new General Data Protection Regulation explained
- WikiProject: Facebook, data collection, and you
- Google says it had 2.4 million ‘right to be forgotten’ requests
- Facebook says ‘outraged’ by investigation into misuse of data