/ Technology

Update: has Facebook lost your trust?

30
Profile photo of Kate Bevan Kate Bevan Editor of Which? Computing
Comments 30

Facebook is facing a £500,000 fine and the parent company of Cambridge Analytica has been put on notice that it faces a criminal prosecution. Can we still trust the social giant?

Update 18/02/19: Facebook Regulation

MPs are calling for the urgent regulation of Facebook following the House of Commons’ report into fake news.

The Cambridge Analytica scandal, which we explained below back in July, formed a key part of the evidence in the Digital, Culture, Media and Sport Committee’s report.

Original Convo 11/07/18

Facebook has been put on notice by the Information Commissioner’s Office that it could face a fine of £500,000 after its investigation concluded that Facebook broke the law by failing to look after the information of its users.

This is one of the results of the investigation by ICO, which is the data protection regulator in the UK, into the use of data analytics in political campaigns.

Maximum fine

It’s a measure of how seriously the ICO takes its findings that this is the first time it has said it intends to impose that maximum. The only other firm to have been fined that much is TalkTalk, which has been fined twice by the ICO for data breaches, with both fines together totalling £500,000.

The information commissioner, Elizabeth Denham, said on Wednesday that her office was also going to bring a criminal action against SCL Elections, the now defunct parent company of Cambridge Analytica.

How all this plays out is anyone’s guess – experts have raised some reservations about what the eventual outcomes might actually be – but there’s no doubt that the ICO takes what went on with Facebook and Cambridge Analytica very seriously.

It’s worth pointing out that Facebook has taken steps to make sure what happened with Cambridge Analytica can’t happen again: in 2014 it shut down the ability of third-party apps to access the data of the friends of people who had installed the app, and more recently Mark Zuckerberg said that an app’s developers wouldn’t be able to access your information if you hadn’t used the app for three months or more.

Access to data

As well as the news from the data protection regulator today, news also broke that some apps had more access to the data of users’ friends than had been previously thought – and, according to an allegation in Wired, one of those apps was Mail.ru, a Russian internet giant.

Mark Zuckerberg had flagged up in evidence to US lawmakers that some apps had had their access to the data of third parties extended by Facebook to give them time to comply with the new, tighter, rules. Plus, according to Wired, the Russian group was given access beyond the end of that official cut-off point in order to allow them to comply.

Given the concern about potential Russian government hacking, the news that Russian organisations were given access to third party data until May 2015 and beyond the cut-off point is, to say the least, concerning.

Facebook told Wired that Mail.ru’s apps haven’t had access to other people’s data since May 2015.

Stories like this remind us that it’s very difficult to know not only how Facebook uses and looks after your data, but also how third parties who have access to that data safeguard it. So it wasn’t a surprise when the research for our recent report, Control, Alt or Delete? found that most of us don’t have a clear or detailed understanding of how our data is used, and that many were actively shocked when they found out about the extensive ecosystem built on the data we provide in return for services such as Facebook.

How do you feel about Facebook now we know that the ICO has concluded that it broke the law? Do you think the safeguards put in place by Facebook since they first found out about what had happened with Cambridge Analytica are good enough? How do you think Facebook could do better?

Comments
30
Phil says:
11 July 2018

Facebook hasn’t lost my trust because I never had any trust it to begin with.

The fine is derisory.

7
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
duncan lucas says:
11 July 2018

Quite agree Phil did you see the derisory and arrogant attitude of its owner in the face of Congress AND an EU probe ? He treated the UK like dirt by ignoring a call for a meeting in the UK , this country “doesn’t count ” in his view of who counts in this world.

0
Vote up  |  Vote down   Reply    Report
Share   
Phil says:
11 July 2018

Yes; I also heard him describe his customers as “dumbf*cks”.

Facebook should’ve collapsed overnight after that.

3
Vote up  |  Vote down   Reply    Report
Share   
Kate Bevan says:
11 July 2018

The fine is the maximum the ICO could impose under the 1998 Data Protection Act, which was in force when this happened. And it’s the first time the ICO has ever imposed the maximum. It might not be a huge sum of money for Facebook, but it’s a significant censure.

0
Vote up  |  Vote down   Reply    Report
Share   
Phil says:
12 July 2018

I appreciate that Kate but a £500,000 fine to a company that made a profit of $4.3 is hardly going to hurt and I don’t get the impression that Zuckerberg is going to be overly upset.

0
Vote up  |  Vote down   Reply    Report
Share   
wavechange says:
12 July 2018

I agree. I would rather see people removed from office and banned from holding any position of responsibility in future.

2
Vote up  |  Vote down   Reply    Report
Share   
Ian says:
12 July 2018

FB is one of the new breed of ‘Transnats’, the term coined by Kim Stanley Robinson in his Mars Trilogy. Twitter, Apple, M$ and others are examples of companies that make so much money and are so huge that no single country can exert adequate control.

Robinson (and other SciFi authors) saw the Transnats effectively becoming global governments without the benevolence associated with some democracies. I suspect FB is a good example of that development.

They herald a new era for the human race, I believe. Whether this will be an era with positive benefits remains to be seen but the various theories of Capitalism all seem to agree on the need to keep the consumer base at least alive and with sufficient funds to permit wealth to accrue. But I’m unsure if that can be maintained indefinitely.

3
Vote up  |  Vote down   Reply    Report
Share   
malcolm r says:
12 July 2018

I understand the maximum fine now is 4% of turnover, If that were imposed it might have more of a deterrent effect. How we assess turnover (just in the UK?) and how we would extract the money I don’t know.

I would like to see similar penalties applied to Amazon, for example, for participating in the promotion and sales of illegal and dangerous products – CO alarms and 2-pin plugs on products for example – and Whirlpool for the appalling way they dealt with dangerous tumble dryers.. But they are probably too big to upset. Which? seem quite unwilling to tackle these problems in an effective way.

2
Vote up  |  Vote down   Reply    Report
Share   
Kate Bevan says:
12 July 2018

Yes, in theory, that’s the maximum possible fine. I doubt though that we’ll see fines approaching anything like that kind of level in future from the ICO, though. Liz Denham, the commissioner, has been very clear about that: they fine as a last resort. Also, remember that this is the only time they’ve ever imposed the maximum fine under the old Data Protection Act. It’s worth having a read of her blog post on this https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/08/blog-gdpr-sorting-the-fact-from-the-fiction/

0
Vote up  |  Vote down   Reply    Report
Share   
wavechange says:
12 July 2018

As you have pointed out Kate, Facebook faces a £500k fine in the UK. It will be interesting to see what is paid after they have had the opportunity to appeal. I recall that earlier in the year there was mention of the possibility that Facebook could face somewhat larger fines: https://www.cnbc.com/2018/04/10/facebook-could-face-huge-fines-in-theory-trillions-of-dollars.html I’m not entirely convinced that this will happen.

0
Vote up  |  Vote down   Reply    Report
Share   
John Ward says:
12 July 2018

I assumed it was the maximum fine per offence. Has Facebook committed only one offence?

A £100k fine per offence would seem appropriate in this instance [plus the usual victim support surcharge of course].

1
Vote up  |  Vote down   Reply    Report
Share   
malcolm r says:
12 July 2018

Quite right. When you commit a burglary I assume you can get fined/incarcerated for parking on the double yellows, damaging property when you break in, theft, speeding when you flee resisting arrest .when caught and swearing at a police lady. All part of the one event. 🙁

The victims should benefit from the FB penalty. I suggest that the overall penalty should cover all the costs of the investigation, a large fine (enough to deter) and a fixed sum to each person affected. Lets say £100 each in redress. Apparently “it emerged that an app had harvested 50 million Facebook users’ data without their knowledge or permission. which would be £5bn – plus the fine and costs. Seems a reasonable way to deter future misdemeanours, even if FB went bust. Would we miss them? Not me.

2
Vote up  |  Vote down   Reply    Report
Share   
John Ward says:
12 July 2018

If fining is the Information Commissioner’s last resort, what are the first, second and third resorts that the ICO has attempted – but failed – to pin on Facebook? No longer likey, perhaps? I’ll stop following you, MZ? Won’t be your friend any more? Pathetic.

3
Vote up  |  Vote down   Reply    Report
Share   
alfa says:
12 July 2018

Transnats?

Transgnats would be more appropriate.

And I also never trusted FB in the first place.

1
Vote up  |  Vote down   Reply    Report
Share   
Ian says:
12 July 2018

Indeed. It took a lot for me to even consider starting a FB group.

0
Vote up  |  Vote down   Reply    Report
Share   
Patrick Taylor says:
11 July 2018

“As first noted by The New Scientist and Animal New York, Facebook’s data scientists manipulated the News Feeds of 689,003 users, removing either all of the positive posts or all of the negative posts to see how it affected their moods. If there was a week in January 2012 where you were only seeing photos of dead dogs or incredibly cute babies, you may have been part of the study. Now that the experiment is public, people’s mood about the study itself would best be described as “disturbed.”
Atlantic

Congratulations to all those media outlets who leapt onto the Facebook wagon and gave it a legitimacy that it had never earned or deserved. After being sanctioned by the likes of the BBC and Which? it is hardly surprising that people assumed it was a respectable organisation.

4
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
Patrick Taylor says:
11 July 2018

The report seems to have some very good substance …
which.co.uk/policy/digitisation/2659/control-alt-or-delete-the-future-of-consumer-data-main-report

and I will read it in detail later.

Unfortunately Which? itself has embarked on something similar to this :
” The commercial context to opacity
Businesses have allowed, even encouraged, consumer ignorance and confusion
about how their data is collected and used, as their business practices have
quietly tested the boundaries of ethics, legality and consumer acceptance. ”

If this seems an extravagant connection look at how hard it is to find Which? pricing all in one place, the 9 years plus it took to tell subscribers that Which? was earning money from pricerunner.com/amazon – though of course not how much. The use of Best Buy in a rather indiscriminate way when other bodies understand the meaning of “Best” as an absolute, and use Recommend or Good Choice for the bulk of the good stuff. I realise that Which? makes money from selling the Best Buy logo but it is an indefensible practice.

If a charity is to take a hard look at people being kept in ignorance then perhaps it should make sure it lives the behaviours that consumers need.

Having said that anytime Which? provides some serious output I am pleased that there flickers a flame of the Consumers’ Association.

2
Vote up  |  Vote down   Reply    Report
Share   
duncan lucas says:
11 July 2018

Websites are paid on a PPC -IE- each-time a person clicks on an ad the website gets a few cents but just think of the number of clicks , providing your email customers with “special deals ” increases your income , some advertiser by on a PPC basis others on the total number of visitors to the website . Reviewing commercial products can create a big income and if you buy the product to test it , I think its tax deductible but saying bad things has its downfall financially . Do what Which have done –offer a membership /Premium content , set up a Webinar -owner of goods onsite promoting product , it just goes on . As I have said many times I am not against Which making money but as a charity its a thin border line .

0
Vote up  |  Vote down   Reply    Report
Share   
malcolm r says:
12 July 2018

I think when you have a virtually-guaranteed income of £100m a year from subscriptions you have a pretty sound financial base on which to do the work Which? should be doing. Putting that at risk by using dubious (in)competency at playing with money making schemes is irresponsible, as is the pay structure at senior level that makes the name “charity” a joke.

I see that Which? Mortgage Advisers pays bonuses of up to 50% to its staff. It bothers me when I see incentives like this for people just doing their job – it can distort their approach. In fact I dislike substantial bonuses generally.

What I’d like to see is Which?’s efforts being invested in building up a greater membership to further increase its annual income and its following.

What this has to do with FB I’m not sure though 🙁

2
Vote up  |  Vote down   Reply    Report
Share   
duncan lucas says:
12 July 2018

As we are talking “trust ” guess what countries public out of thirty three EU countries has the lowest faith in the press AND the media — the UK this is according to the EBU figures out for -2017 after all the criticism yes I can supply a link for those not able to get the info themselves .

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
Ian says:
12 July 2018

Why not include the link at the outset?

1
Vote up  |  Vote down   Reply    Report
Share   
Phil says:
12 July 2018

I’m not sure what point Dunan is trying to make, I think a degree of cynicism towards the media is a good thing. I’d be worried if people had total faith in it.

Whilst faith in the traditional media is low it is improving whilst that for social media platforms such as Facebook is even lower and, deservedly, getting worse.

https://www.ebu.ch/news/2018/02/trust-in-traditional-media-increases-across-europe

0
Vote up  |  Vote down   Reply    Report
Share   
wavechange says:
12 July 2018

I wonder if the Facebook issue might trigger the start of real efforts to stop organisations collecting information that is not strictly necessary to provide us with a service.

3
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
John Ward says:
12 July 2018

Does anyone really need Facebook? Does any user not realise their personal data and contacts will be exploited? It’s their choice. I know peer pressure drives it, and quitting is not so easy as it sounds for the committed, but all fads have their time and then expire. Let’s take back control.

3
Vote up  |  Vote down   Reply    Report
Share   
malcolm r says:
12 July 2018

FBexit then.

3
Vote up  |  Vote down   Reply    Report
Share   
duncan lucas says:
21 July 2018

Well “blow me down with a feather ” Facebook has been “at it again ” this time its a company contracted to it Crimson Hexagon supplying the US SS/ Homeland Security/ and seemingly a Russian company with customers information – whitewashing has started already but I have heard the same many times and a year later —its millions https://variety.com/2018/digital/news/facebook-suspends-crimson-hexagon-user-data-russia-1202879577/ excuse the advert in the next link as I am showing you what CH is for those that dont know https://www.facebook.com/crimsonhexagon?_fb_noscript=1 notice the wording -Social INTELLIGENCE –well they did give a warning didnt they ? here is CNN,s report https://money.cnn.com/2018/07/20/technology/crimson-hexagon-facebook-suspension/index.html good convo Kate !

0
Vote up  |  Vote down   Reply    Report
Share   
duncan lucas says:
28 September 2018

It never ends with Facebook , their shares have fallen due to the latest admission but–Facebook has confirmed it does in fact use phone numbers that users provided it for security purposes to also target them with ads.

Specifically a phone number handed over for two factor authentication (2FA) a security technique that adds a second layer of authentication to help keep accounts secure. While its been if not clear, then at least evident for a number of years that Facebook uses contact details of individuals who never personally provided their information for ad targeting purposes (harvesting people personal data by other means, such as other users mobile phone contact books which the Facebook app uploads), the revelation that numbers provided to Facebook by users in good faith, for the purpose of 2FA, are also, in its view, fair game for ads has not been so explicitly fessed up to before.Some months ago Facebook did say that users who were getting spammed with Facebook notifications to the number
they provided for 2FA was a bug. The last thing we want is for people to avoid helpful security features because they fear they will receive unrelated notifications, Facebook then-CSO Alex Stamos wrote in a blog post at the time.Apparently not thinking to mention the rather pertinent additional side-detail that it nonetheless happy to repurpose the same security feature for ad targeting.

Because $$$s, presumably.

0
Vote up  |  Vote down   Reply    Report
Share   
Hide replies ∧
DerekP says:
29 September 2018

Duncan – I found your text on

techcrunch.com/2018/09/27/yes-facebook-is-using-your-2fa-phone-number-to-target-you-with-ads/?guccounter=1

Which begins with:

“Before you continue…

TechCrunch is now part of the Oath family. We (Oath) and our partners need your consent to access your device, set cookies, and use your data, including your location, to understand your interests, provide relevant ads and measure their effectiveness. Oath will also provide relevant ads to you on our partners’ products.”

So pretty much a nice example of the pot calling the kettle black there 😉

0
Vote up  |  Vote down   Reply    Report
Share   
David Waller says:
19 February 2019

I place no trust in an organisation which encourages you to reveal much about yourself and then sells that knowledge to people who bombard you with targeted advertising and spam.
I also don’t trust their right wing politics or their community standards, which are breathtakingly hypocritical. I won’t post anything that I wouldn’t want broadcast.

0
Vote up  |  Vote down   Reply    Report
Share   
Sylvia says:
19 February 2019

I lost trust when I heard the news last year having read up Facebook security and personal data that they hold about each registered member at the time of becoming a member .Also had and have agreed to their privacy about us and they swear by their commitment as we had to the same to Facebook (Google) .This year I undone my registration with Google apps like Facebook ,Twitter ,UTube ect: So you can see how ifelt about all this (discussed )

0
Vote up  |  Vote down   Reply    Report
Share   
 

Related discussions