Worldwide, 4.2 billion people use the internet daily. Of all these people, over 2.2 have a Facebook account, about 1.5 billion frequently use WhatsApp and more than 800 million people share pictures via Instagram . A day probably does not go by that you are not using an online platform yourself, whether you use it to look up how to get a red wine stain out of your shirt or just to keep in touch with your friends. Until a few weeks ago, many other people also did so without thinking twice about it. Due to the recent scandal around data company Cambridge Analytica, people have become aware that ‘just’ clicking that like-button comes with more consequences than was thought in advance. Do we know what actually happens with the data we share on the internet, and what should we consider before posting on Facebook?
Cambridge Analytica is the data company that was connected to the Trump campaign. The company promised useful tools that could identify the American voters based on their behaviour and find resourceful ways to influence that voting behaviour, to influence a political campaign. What it did not have, was enough data to implement these tools. That is where Facebook came into play. The firm bought personal information of millions of Facebook users without their permission or knowledge. An illegal transfer, since this kind of information is only allowed to be used for academic purposes. The actual number of leaks was estimated at 50 million breached accounts, but Facebook later admitted that it was rather somewhere around 87 million accounts. Either way, it is a data leak bigger than any before. Later on, the social media platform admitted that ‘most’, and thus probably all, of its users have been exposed to having their profile information harvested by data and advertising companies. Facebook CEO Mark Zuckerberg apologized publicly for the breach and Facebook came out with new regulations to better protect data in the future, promising to make it harder for companies to access user data and to alter their search systems in such a way that profiles are not as easily found as before. However, the damage had already been done. Many users lost faith in their favourite online platform and American, British and European lawmakers demand answers. The Federal Trade Commission – a US agency with the main purpose of protecting the consumer – is currently investigating if this breach violated an 2011 agreement that should protect users’ privacy. If Facebook is found guilty of that and would be fined according to the decree, it would cost Facebook “more money than there is on the planet” (read more on that here)
But why the big shock? Well, even though we are warned every day that ‘internet is forever’ and that we should be careful about what we put out there, the actual consequences of sharing our data never showed to be so substantial. When we use services like Google and Facebook, we only see the customer-friendly interface, but we get no feel of what is going on behind the scenes. The only notices you get of online services obtaining your data is when a website asks you to agree to its terms and conditions, and when it asks you to accept its cookies – something you have probably done many times without considering what they actually are. When you accept a website’s cookies, you basically agree to giving hundreds of companies access to your data. This does not happen simply ‘just like that’. A cookie is a piece of text that allows a website to store information on a user’s computer and retrieve this information when the user directs back to this website. This makes surfing the web much easier, as websites also store personal preferences and information to speed up the process of obtaining a page. On the other hand, cookies are a highly debated tool since they could be considered invisible ‘spies’ that store personal information. For example, a website stores the products you have looked at and which pages you have looked at and for how long. All this information is then attached to the ID that has been generated for you. This information can then be sold to other companies that might have similar intentions. In this way, cookies are essentially the fuel for targeted marketing. However, the information that cookies store is your behaviour on one website only. Google and Facebook have taken tracking data to the next level. On thousands of websites, you will find Google ‘trackers’ that not only store your behaviour on that one site, but track everything you do on the web. The tiny like-button found on many pages allows Facebook to do the exact same thing, whether you have an account yourself or not. Platforms like Facebook and Google have the means to track your movements across the web, as they themselves are networks that expand further than the domain of one webpage. The technology behind these tracking processes advances further and further, allowing such online services to track its users in even greater detail. Google and Facebook are already able to recognize a particular user by the specific browser they use and do not stop watching if you turn off your laptop and continue scrolling down your timeline on your phone.
How these online services make profit
What are websites like Google and Facebook actually doing with all this stored information? Because the tracking cookies of Facebook and Google are active on a large number of pages on the internet, these services are able to put together a log of all the websites a user visits and start building a user profile by combining all information gathered across multiple sites. This generates very detailed and personal profiles. It will contain information like gender and age, but also festivals you have visited and the brand of shampoo you always buy. Besides that, Google Maps stores where you have been, where you’ve parked your car and so on. Because these profiles are so specific, advertisement can be personalized, making it more effective. It is important to note that these personal details should stay within the borders of Google and Facebook. The data that marketing companies receive is rather based on simple cookies than on the advanced trackers, and could for example show that you were recently interested in specific products. Conventionally, they do not contain the personal details that have continuously been added to your profile over the years, as marketing companies are not to use this data. Then again, the Cambridge Analytica scandal makes clear that it is already quite dangerous that Facebook and Google are in possession of all this information. In case of a breach, all these personal datasets are there for the taking.
In essence, personalised advertisement is not such a bad thing. Yes, it might trick people into buying more than they actually want, but that is the whole point of marketing. Furthermore, marketing companies do not even need as many details to generate an efficient advertisement. The big problem will occur once these datasets are going to be used for decisions other than which advertisement to show. Of course, these profiles built by Google will show whether you have recently looked up symptoms of a disease. It would not be fair if, based on these facts, one person would have to pay more insurance premium. Or if someone linked to a family member with tremendous debts would no longer be able to get a loan. This is not yet the case, but so far, nothing has been established to prevent this from happening in the future. The way Cambridge Analytica used the data they obtained was already outside of the boundaries of simple advertisement; they used it to influence a political campaign. If these datasets fall into the hands of third parties with bad intentions, it could have troubling implications. Personalizations on such fronts other than marketing might already be happening right now, without our notice. It is not allowed to do so, but it is very hard to control.
Is there a way to be safer on the internet?
It is almost impossible to keep all your information off the radar. Even though you might not have a Facebook account, friends and family members will have one and therefore, Facebook can also obtain information about you. Besides, being able to go without Google nowadays probably means you are well over eighty and do not know the better of it. Google trackers store your internet behaviour and you cannot outrun cookies on websites – if you do not accept them, you cannot use the online service. This is because these online services are not entirely for ‘free’. Not in the sense of money; using Facebook will not cost you any money. This is rather in the sense that you can only use them in exchange for access to your data. You have little influence on the data they gather, but most services offer specific privacy settings that you can set in such a way that most data is secure. You can check what information social media platforms have already obtained by downloading your profile (for Facebook, you can use this method) .
Quite alarming is that some people found out that Facebook did not only log what happened on their platform, but also stored call and message history from the users’ phones. It also stored every IP address you ever logged in from, together with an estimated location. So even if you set all privacy settings to be very protective, you and the people you are connected with are still not off the grid. If you would really want to be safe from the Facebook tracking tools, you would have to delete your account, and therefore also your Instagram and Whatsapp, since these belong to Facebook as well. Then again, it could be that information of your call history with your best friend is stored on their Facebook account. In a world such as today, it seems an impossible job to keep all your data to yourself. Therefore, it is important new regulations are established. Not only new Facebook policies, but also new laws and rules from governments in order to regulate what happens to the data and in which way abuse of personal information will be sanctioned. The European Union has already made some huge steps on this front by introducing the GDPR – the General Data Protection Regulation. These regulations have to protect the privacy of all individuals within the European Union and are more in sync with the current flow of datastreams (Dutch readers can find out more about the GDPR (AVG) here). However, the United States do not know such up-to-date regulations yet. Because the USA is such an international stronghold, it might be wise for them to speed up the process of establishing new rules, as Facebook keeps on growing and the data profiles are being extended to even more harmful sizes.
All these facts considered, we can not solely rely on governments and online platforms themselves adjusting their policies. The main share of information that appears on the internet is still put out there by people themselves. Though you might not be able to influence all, realising the consequences of sharing something before you do is the first step to changing the way we think about social media. Yes, personal data was leaked and caused a big scandal. But in a way, we gave access to this data. So besides policies and regulations having to change, the core thing that we might need to start with is the ease with which we put ourselves out there on the web.
This article is written by Sabina Kamerling.