Facebook Scandal: Preventing data breaches

Interested in a particular topic? Click the links to read more information

1. Facebook personal data scandal and the implications

2. How to prevent personal data breaches

3. Personal data and the six GDPR principles

4.EU baseline regulations pave the way

Would you like to share the name of the hotel you stayed in last night?
Would you share the names of all the people you have been messaging this week?

Two of the many questions from Senator Durbin which were answered by Mark Zuckerberg with the most likely answer, no! The same answer a large percentage of Facebook users would have also answered with if they had known that the information they were inputting into a personality quiz via Facebook would be shared with third party company Cambridge Analytica.

Facebook personal data scandal and the implications
A right to privacy, limits to privacy and how much is given away by Facebook was under scrutiny as Mark Zuckerberg faced the US Senate following the recent Facebook data scandal featuring Cambridge Analytica.After inappropriately acquiring access to 50 million US Facebook users’ data, Cambridge Analytica allegedly used this information to benefit its political client Donald Trump resulting in his election in 2016. It has been said that over 87 million users across the US, UK, Philippines and Indonesia had data harvested by Cambridge Analytica, all of whom have now been informed via the Facebook platform.

How to prevent personal data breaches
Back in 2015 the personality quiz app (thisisyourlife) was built and rolled out across social media channel Facebook.
This application prompted Facebook users to input personal data about themselves.
Sounds like the everyday apps you find on most social media channels, right?
Here’s what you didn’t know: the information collated from the (thisisyourlife) app was then shared with Cambridge Analytica via app creator Aleksandr Kogan’s company Global Science Research.
If that’s not enough to make you think about where you input your personal data, then consider the fact that not only was your own information shared but your unsuspecting Facebook friends also had their data shared as a by-product of this.

So, what can you do in the future to prevent your personal data from being breached?

1.Consider the apps you are connected to and if you are happy to be sharing data.
2.Check privacy settings on all connected apps and revoke access where necessary.
3.Only share what is necessary/non-sensitive data.
4.Use incognito mode when using internet browsers.
5.Consider removing Facebook-owned apps on your smartphone.
6.Log out of social media platforms when you are not using them.

Personal data and the six GDPR principles
Now that you know 6 key tips to help prevent personal data breaches, here are the 6 GDPR (General Data Protection Regulation) protection principles, which all EU companies must conform to when processing, collecting and storing personal data in order to comply with the GDPR legislation due to be enforced on the 25th May 2018:

1. Lawfulness, fairness and transparency
Organisation data practices need to comply with the law by making sure they are not hiding information from its data subjects. This can be done by stating the data you collect and the reasons for collecting it within your privacy policy.

2. Purpose limitation
Personal data should only be collected for specific reasons, stating what the reason is and only storing the data for the time needed to complete your goal.

3. Data minimisation
Organisations can only process the personal data required to achieve its end goal.
In the event of a data breach, the personal data harvest will be limited and secondly, it makes it easier for personal data to be more up to date and accurate.

4. Accuracy
One of the fundamental principles is for organisations to have accurate personal data and be able to take the steps needed to rectify or remove incorrect data.
In the event of a request, organisations need to have the ability to provide data subjects with incomplete or inaccurate personal data.

5. Storage limitation
All organisations need to be able to remove personal data when it is no longer needed.
The time in which a data subject is considered a customer may change depending on the sector. TSG suggest contacting a legal professional to find out the specific personal data time restrictions for your sector.

6. Integrity and confidentiality
All personal data should be processed in a way that ensures security, this includes accidental loss, damage or destruction, protection against unlawful processing and the use of organisational or technical measures.
As technology and organisational laws continuously change, it is difficult for GDPR to pinpoint the specific best practices, however, organisations are advised to encrypt and pseudonymise personal data.

EU baseline regulations pave the way
Recently changing its terms of service, Facebook now leaves 1.5 billion of its members unprotected under strict privacy protections throughout Europe.
The protection of fundamental rights and the establishment of baseline regulations tends to be something where the EU leads and the rest of the world follows. Although Facebook may attempt to minimise the impact of GDPR in the short term, in the medium term countries like the US will want to create their own equivalent regulation and will not want to be seen to be noticeably weaker than EU law.
Although Facebook is taking steps to reduce its legal exposure to GDPR, it is making all the enhanced privacy features of the platform available to all users regardless of where they live. In this sense, the EU is setting the product standards for the whole planet – not just EU citizens!