Facebook Privacy Issues and GDPR

Executive Summary

This report is on the subject of social media platforms. It covers popular social media platforms, social media usage statistics, the history of social media platforms, a brief outline of advantages and disadvantages of social media, the introduction of GDPR, the repercussions of failing to comply with the GDPR, data privacy issues relating to “Facebook”, the use of micro-targeting, and the use of cookies. Some conclusions and recommendations will also be drawn.

Social Media Platforms

Introduction

“Privacy is dead, and social media holds the smoking gun.” (Pete Cashmore, Mashable CEO, 2009). It is 2018, and modern Ireland and is feeling the full effect of this statement. Although made 9 years ago, this statement is very relevant in today’s society, especially with the introduction of General Data Protection Regulations in May of this year.

Popular Social Media Platforms

Humans are social creatures; we thrive on social interactions. Social media taps into these primal needs of human beings. Some of the most popular platforms which take advantage of these needs include: ‘Facebook’, ‘Instagram’, ‘YouTube’, ‘WhatsApp’, ‘Facebook Messenger’, ‘Twitter’ and ‘Snap Chat’.

Social Media Usage

With approximately 2.6 billion active users, (Statista, 2018), these sites are becoming a major influence on our contemporized world. They have become an aspect of our everyday lives, and their presence is becoming ever more prominent. In 2012, the average daily time spent on social networks by internet users worldwide was 90 minutes, and had grown to 135 minutes by 2017, (Statista, 2017). This figure has increased year on year, and is projected to continue to increase, showing a possible climbing dependency on social media platforms.

History of Social Media Platforms and Privacy

The youth of today have grown up with certain social media platforms, for example, ‘Facebook’ and ‘Snapchat’. Many of this generation do not know what it would be like to be without them. Numerous social media platforms have come and gone prior to those which are popular today.

• 1978 saw the creation of the first social media. The, ‘Bulletin Board System’ and was used to announce meetings and to share information. This marked the beginning of virtual communities.
• 19 years later, ‘Six Degrees’ was launched. This platform was more similar to those of today. It had the basics of allowing users to create a profile and become friends with other users. The site has been shut down since, but had approximately 1 million users at its peak. This was excellent for the time as there was very limited access to internet and computers.
• The concept of blogging became popular in the late 1990’s, and so ‘Blogger’ and ‘LiveJournal’ were created. Users could write, publish, and share their own blogs and journals online.
• At the start of the millennium, platforms such as, ‘Friendster’, ‘MySpace’, and ‘LinkedIn’ were launched. Different platforms were created to target different markets, for example, ‘LinkedIn’ was created for business oriented users. These platforms led to new advancements in user experiences and technology. Platforms started to resemble platforms which we are familiar with today.
• From 2004 onwards, social media networks which are widely recognised today started being created.

(DG Traffic, 2018)

Outline of Advantages and Disadvantages of Social Media

Figure 2 Advantages and Disadvantages of Social Media (Source Bilal Ahmad, 2016)

Advantages of Social Media

• Education – You can follow anyone to learn from him/her and enhance your knowledge about any field, without paying for it.
• Connectivity – People from anywhere can connect with anyone. Regardless of the location and religion
• Information and Updates – You update yourself from the latest happenings around in the world through social media.
• Promotion – Advertising and promotion expenses for a business can be decreased by constantly and regularly involving on social media to connect with the right audience.

(Bilal Ahmad, 2016)

Disadvantages of Social Media

• Cyberbullying – Since anyone can create a fake account and do anything without being traced, it has become quite easy for anyone to bully on the Internet.
• Hacking – Personal data and privacy can easily be hacked and shared on the Internet. Which can make financial losses and loss to personal life.
• Addiction – The addiction of social media leads to people getting involved very extensively eventually being cut off from society. 
• Fraud and Scams – The top 5 scams prevalent on social media include: hidden urls, cash grabs, phishing requests, hidden charges and chain letters.
• Security Issues – Now a day’s security agencies have access to personal accounts. You never know when you are visited by any investigation officer regarding any issue that you mistakenly or unknowingly discussed over the internet.

(Bilal Ahmad, 2016)

GDPR and Facebook Privacy Issues

“The digital future of Europe can only be built on trust. With solid common standards for data protection, people can be sure they are in control of their personal information.” — Andrus Ansip, vice-president for the Digital Single Market, 2015.

On the 25th of May of this year, new EU regulations were brought into force regarding user’s personal data.

The reforms were given the name, ‘GDPR’; standing for General Data Protection Regulations. Essentially, they are new regulations designed to give citizens of the EU more control over their personal data. These reforms bring laws and obligations, specifically those around personal data, privacy and consent, across Europe up to speed for our digital age. (Danny Palmer, 2018)

We are an internet connected world. Almost everything we do involves the collection of some personal data. This data is then analysed, and possibly stored. Examples of personal data include your name, email address, credit card information, IP address, photos. Under GDPR, organisations have to ensure any personal data about subjects from the EU will have to be gathered in a strict and legal fashion. Those who collect and manage this personal data will have to prevent it from being misused or exploited. The rights of data owners will have to be recognised and respected, otherwise huge penalties may be incurred. (Danny Palmer, 2018)

Failure to Comply with GDPR

Failure to comply with GDPR results in extortionate repercussions.

• The maximum fine amount is 20 million euros, or up to 4% of the company’s annual global turnover; whichever is greater. (www.eugdpr.org , 2018). For social media giants such as, ‘Facebook’, with annual revenues of billions, that 4% represents a tremendous amount of money.
• These fines are assessed by Data Protection Authorities. These are the supervisory authorities in each member state which are appointed to implement and enforce the privacy laws. They are authorised to hear claims brought by data subjects, investigate alleged violations of the regulations, and to institute legal proceedings against violators. They are also required to keep records of their activities, and to publish reports of such activities. (Debra Shinder, 2017)
• The purpose of the GDPR is to protect the privacy of personal data, not to hand out harsh punishments, but if organisations collect any sort of personal information, they cannot afford to ignore it.

Data Privacy Issues Case Study – ‘Facebook’

Corporate giant, ‘Facebook’, has suffered from data breaches and misuse of personal data. Prior to GDPR regulations, they did not receive severe repercussions for violating the rights of data subjects.

In 2014, researcher ‘Aleksandr Kogan’, developed a personality quiz application for ‘Facebook’. Approximately 270,000 users installed this application onto their account. Like any ‘Facebook’ developer at that time, he could access data about those users, and their friends. Instead of immediately deleting this data when the application asked users for it, it was saved onto a private database. Kogan provided that private database to voter profiling company, ‘Cambridge Analytica‘. This database contained the information of 50 million users. ‘Cambridge Analytica’ then used this information to make millions of profiles about voters. Facebook were fined $660,000 as a result. (Robinson Meyer, 2018).

This was an obvious and immense misuse of data. ‘Facebook’ failed to comply with the most fundamental data protection principle – they were not upfront about what they were doing with people’s data. ‘Facebook’ were only fined $660,000 for this offense, as it was the largest possible fine at the time. If GDPR were in place, they would have faced severe repercussions, not just fined a sum of mere pocket money to them.

NY Times article

On the 28^th of September 2018, The New York Times reported on another scandal in relation to ‘Facebook’ and data security. ‘Facebook’ itself released a statement reporting that an attack on its computer network had exposed the personal data of 50 million users. The breach was reported as the largest in the company’s history. (Mike Isaac, Sheera Frankel, 2018)

Attackers exploited a feature of the platform’s code to gain access to user accounts and potentially take control of them. 3 software flaws in the system allowed the intruders to break into user’s accounts, including founder and CEO, Mark Zuckerberg’s. Once in, attackers could have gained access to hundreds of applications that offer users a way to log in to their systems through ‘Facebook’. Facebook reported that it fixed the vulnerabilities and notified law enforcement officials. (Mike Isaac, Sheera Frankel, 2018).

The investigation is still in its beginning stages, but it is believed that ‘Facebook’ could be facing a fine of billions a result of the breach and the introduction of GDPR. It is hoped that potentially severe repercussions caused by not respecting data regulations may induce social media giants like ‘Facebook’ to treat data protection issues with more concern.

Micro Targeting

The majority of social media platforms, including, ‘Facebook’, make use of micro targeting in order to provide themselves with a form of revenue, as most of these sites are free for users to join.

According to the Data Protection Commission (2018), Micro targeting is a form of online targeted advertising, which analyses user’s personal data. The function of this is to identify the interests of a specific audience in order to influence their actions.

For example, if a user ‘likes’ the ‘Facebook’ page of a certain political party, personalised advertisements relating to that party may come up on the user’s newsfeed. This works through the use of ‘cookies’.

Cookies

“Cookies are mentioned only once in the GDPR, but the repercussions are significant for any organisation that uses them to track users’ browsing activity.” (Luke Irwin, 2017).

Cookies track a user’s browsing habits, likes, and social interactions across social media platforms, and the wider internet, to build a profile about that user. This is how social media platforms tailor advertisements to user’s specific interests. (Richard Beaumont, 2018)

Under GDPR, organisations must ask for the user’s consent to operate this. This is the pop up notification that appears when a user first clicks onto a website. Most users opt-in to this notification as they wish to make it disappear off the webpage. A user can limit micro targeting like this through the settings and account settings on the application or webpage.

Under GDPR, consent to operate ‘cookies’ must be given through a “clear, affirmative action such as clicking an opt-in box. If there is no genuine and free choice, then there is no valid consent. It must be as easy to withdraw consent as it is to give it. Sites will need an opt out option. Even after getting valid consent, sites must give users the option to change their minds. Users must always be able to return to a menu to adjust their preferences”. (Richard Beaumont, 2016).

Cookies track a great deal of user’s personal data, and so it is important that they are addressed by GDPR, and the regulations regarding the use of them adhered to and respected.

Conclusion on GDPR Protections for Social Media Privacy Issues

Privacy is well and truly deceased, and the eruption of social media platforms is to blame. The need for the introduction of General Data Protection Regulations showcases this, as virtually none of a user’s personal data is held solely by them in today’s world.

Recommendations

In my opinion, data privacy and internet safety needs to be introduced into school curriculums. As seen by the history of social media platforms, they are ever expanding and becoming more complex. The youth of today need to be made aware of the amount of data that is collected about them, and how to control this data. They also need to be made aware of the array of disadvantages relating to social media.

Data privacy issues and cases need to be taken seriously by social media giants, and every case should result in large fines. New platforms may emerge, resulting in people having a larger online presence, and so they need to be educated on about matters like what not to put online.

One should opt out of the use of cookies where possible, as I believe they track far too many of our online habits, to the stage where companies may know more about you than some of your friends. Having an online presence is ever becoming riskier and more intrusive, but not enough is being done about it.

There are many advantages and disadvantages of social media. In my opinion, the disadvantages outweigh the advantages. We are becoming ever more reliant on platforms, and they are a basic element of many people’s lives nowadays, but when will they become too much?

Bibliography on Facebook Privacy Issues and GDPR

A-M Sources

• Ahmad, Bilal (2016), Techmaish, 10 Advantages and Disadvantages of Social Media for Society, (March 10, 2016) Available at https://www.techmaish.com/advantages-&-disadvantages-of-social-media-for-society/, (Accessed 26^th November 2018)
• Beaumont, Richard (2016), Optanon by One Trust, GDPR Compliance Means Cookie Notices Must Change, (November 3, 2016) Available at https://www.cookielaw.org/blog/2016/11/3/gdpr-compliance-means-cookie-notices-must-change/, (Accessed 10 November 2018)
• Cashmore, P. (2009), CNN, Privacy is Dead, and Social Media Hold Smoking Gun. (October 28, 2009)Available at http://edition.cnn.com/2009/OPINION/10/28/cashmore.online.privacy/ (Accessed 10 November 2018).
• Data Protection Commission (2018), Tailoring Your Social Media Privacy and Advertising Preferences, Available at https://dataprotection.ie/documents/P&APrefs.pdf, (Accessed 10 November 2018).
• DG Traffic (2018), DG Traffic, A Brief History of Social Media, (February 18, 2016)Available at https://www.dgtraffic.com/a-brief-history-of-social-media/ (Accessed 10 November 2018)
• EU GDPR (2018), GDPR FAQs, Available at https://eugdpr.org/the-regulation/gdpr-faqs/ , (Accessed 10 November 2018)
• Irwin, Luke (2017), IT Governance, How the GDPR Affects Cookie Policies, (September 15 2017) Available at https://www.itgovernance.eu/blog/en/how-the-gdpr-affects-cookie-policies, (Accessed 10 November 2018)
• Isaac, Mike and Frankel, Sheera (2018), The New York Times, Facebook Security Breach Exposes Accounts of 50 Million Users, (September 28, 2018) Available at https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html, (Accessed 10 November 2018).

P-Z Sources

• Meyer, Robinson (2018), The Atlantic, The Cambridge Analytica Sc&al, in Three Paragraphs, (March 20, 2018) Available at https://www.theatlantic.com/technology/archive/2018/03/the-cambridge-analytica-sc&al-in-three-paragraphs/556046/, (Accessed 10 November 2018).
• Palmer, Danny (2018), ZDNet, What is GDPR? Everything You Need to Know About the New General Data Protection Regulations,(May 23, 2018) Available at https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/ (Accessed 10 November 2018)
• Shinder, Debra (2017), TechTalk, Consequences of Non-compliance With GDPR, (November 23, 2017) Available at https://techtalk.gfi.com/consequences-of-non-compliance-with-gdpr/, (Accessed 10 November 2018)
• Statista (2017), Statista, Number of Social Network Users Worldwide From 2010 to 2021 (in Billions). https://www.statista.com/statistics/278414/number-of-worldwide-social-network-users/ Available at (Accessed 10 November 2018)
• Statista (2017),Statista, Daily Time Spent on Social Networking by Internet Users Worldwide From 2012 to 2017 (in minutes). Available at https://www.statista.com/statistics/433871/daily-social-media-usage-worldwide/ (Accessed 10 November 2018)
• Statista (2018), Statista, Number of Monthly Active Facebook Users Worldwide as of 3rd Quarter 2018 (in Millions, Available at https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/, (Accessed 10 November 2018).