Chris Hughes, a co-founder of Facebook, recently noted that the public scrutiny of Facebook is “very much overdue,” declaring that “it’s shocking to me that they didn’t have to answer more of these questions earlier on.” Leaders in the information technology sector, especially in Europe, have been warning of the abuses by Facebook (and other portals) for years. Their insights and practical recommendations are especially urgent now.
Facebook CEO Mark Zuckerberg’s testimony before the US Senate did little to shore up public confidence in a company that traffics in its users’ personal data. The most telling moment of testimony came when Illinois Senator Richard Durbin asked whether Zuckerberg would be comfortable sharing the name of his hotel and the people he had messaged that week, exactly the kind of data tracked and used by Facebook. Zuckerberg replied that he would not be comfortable providing the information. “I think that may be what this is all about,” Durbin said. “Your right to privacy.”
Critics of Facebook have been making this point for years. Stefano Quintarelli, one of Europe’s top IT experts and a leading advocate for online privacy (and, until recently, a member of the Italian Parliament), has been a persistent and prophetic critic of Facebook’s abuse of its market position and misuse of online personal data. He has long championed a powerful idea: that each of us should retain control of our online profile, which should be readily transferable across portals. If we decide we don’t like Facebook, we should be able to shift to a competitor without losing the links to contacts who remain on Facebook.
For Quintarelli, Cambridge Analytica’s abuse of data acquired from Facebook was an inevitable consequence of Facebook’s irresponsible business model. Facebook has now acknowledged that Cambridge Analytica is not alone in having exploited personal profiles acquired from Facebook.
In personal communications with me, Quintarelli says that the European Union’s General Data Protection Regulation, which takes effect on May 25, following six years of preparation and debate, “can serve as guidance in some aspects.” Under the GDPR, he notes, “non-compliant organizations can face heavy fines, up to 4% of their revenues. Had the GDPR already been in place, Facebook, in order to avoid such fines, would have had to notify the authorities of the data leak as soon as the company became aware of it, well in advance of the last US election.”
Quintarelli emphasizes that, “Effective competition is a powerful tool to increase and defend biodiversity in the digital space.” And here, the GDPR should help, because it “introduces the concept of profile portability, whereby a user can move her profile from one service provider to another, like we do when porting our telephone profile – the mobile phone number – from one operator to another.”
But “this form of ownership of one’s own profile data,” Quintarelli continues, “is certainly not enough.” Just as important is “interconnection: the operator to which we port our profile should be interconnected to the source operator so that we don’t lose contact with our online friends. This is possible today thanks to technologies like IPFS and Solid, developed by the web inventor Tim Berners-Lee.”
Sarah Spiekermann, a professor at the Vienna University of Economics and Business (WU), and Chair of its Institute for Management Information Systems, is another pioneer of online privacy who has long warned about the type of abuses seen with Facebook. Spiekermann, a global authority on the trafficking of our online identities for purposes of targeted advertising, political propaganda, public and private surveillance, or other nefarious purposes, emphasizes the need to crack down on “personal data markets.”
“Ever since the World Economic Forum started to discuss personal data as a new asset class in 2011,” she told me, “personal data markets have thrived on the idea that personal data might be the ‘new oil’ of the digital economy as well as – so it seems – of politics.” As a result, “more than a thousand companies are now involved in a digital information value chain that harvests data from any online activity and delivers targeted content to online or mobile users within roughly 36 seconds of their entry into the digital realm.” Nor is it “just Facebook and Google, Apple or Amazon that harvest and use our data for any purpose one might think of,” Spiekermann says. “‘Data management platforms’ such as those operated by Acxiom or Oracle BlueKai possess thousands of personal attributes and socio-psychological profiles about hundreds of millions of users.” While Spiekermann thinks “personal data markets and the use of the data within them should be forbidden in their current form,” she thinks the GDPR “is a good motivator for companies around the world to question their personal data sharing practices.” She also notes that “a rich ecosystem of privacy-friendly online services is starting to be up and running.” A study by a class of WU graduate students “benchmarked the data collection practices of our top online services (such as Google, Facebook or Apple) and compared them to their new privacy-friendly competitors.” The study, she says, “gives everyone a chance to switch services on the spot.”
Facebook’s immense lobbying power has so far mostly fended off the practical ideas of Quintarelli, Spiekermann, and their fellow campaigners. The recent scandal, however, has opened the public’s eyes to the threat that inaction poses to democracy itself.
The EU has taken the lead in responding, thanks to its new privacy standards and proposed greater taxation of Facebook and other peddlers of online personal data. Yet more is needed and feasible. Quintarelli, Spiekermann, and their fellow champions of online ethics offer us a practical path to an Internet that is transparent, fair, democratic, and respectful of personal rights.