Privacy under the spotlight: Facebook and Cambridge Analytica
Many of us probably became aware about the importance of the amount of personal information we leave every day on the internet in March 2018, when the Facebook, Cambridge Analytica and U.S. presidential election scandal exploded.
If you don't remember the details very well, here's a brief summary: this case exposed a series of questionable practices surrounding the collection and use of Facebook users' personal data without their explicit consent.
Cambridge Analytica was a British data analytics company working for political campaigns, known for its focus on data modeling and electoral influence. This company acquired the data of up to 87 million Facebook users through a personality quiz app called "thisisyourdigitallife". About 270,000 people downloaded and consented to the app accessing their data.
The British company used the data collected to build detailed psychographic profiles of U.S. voters. These profiles were then used to target disinformation campaigns and highly personalized political advertising on the Facebook platform, most notably during the 2016 U.S. presidential campaign.
The scandal resulted in intense public criticism of Facebook for its handling of data privacy and its policies. We all remember the image of Mark Zuckerberg testifying in the U.S. Parliament. As a result, in 2019 Facebook was fined $5 billion by the Federal Trade Commission (FTC), the largest fine ever imposed by the FTC. The company also agreed to implement a new privacy structure.
This case was all over the media and was a turning point in the collective awareness of online data privacy. It spurred debates on the regulation of social media platforms and the protection of user privacy. But the issue was not born there; work on the topic had been ongoing in Europe since the beginning of the 21st century.
What are cookies and how do they affect us?
Every time you visit a website, the page leaves a small text file stored in your browser: this is a "cookie". Cookies were created to improve the user experience, such as not having to log in every time you visit your most frequently visited pages, or having the site remember your preferred browsing language. Cookies also collect data about how users interact with a website, which helps developers understand user behavior, improve site design and optimize content.
Later on, that personal information started to be used for advertising and even malicious purposes. For example, session hijacking, where an attacker obtains your login cookie on a site and with it can pretend to be you, accessing your accounts and private information.
I was one of those who thought that I had no problem with companies using the information they collected about me and that, on the contrary, I benefited from more advertising for products I was interested in and less advertising for things that had nothing to do with me.
But, over time, I changed my mind, because I was learning from technology disseminators, such as Santiago Bilinkis. This week I saw one of his videos in which he told how an app we use to move around the city took the battery percentage left on your phone as a determining factor to calculate the fare you were going to charge for your trip. If it detected that you were close to running out of battery, you were probably desperate to get that ride quickly, then the cost of that ride would skyrocket. Anyway, they've changed the algorithm and it doesn't happen today, but it got me thinking.
Legislation on the use of cookies
At first, companies tracked cookies without the user's knowledge, but legislation changed and better practices were imposed. Now, fortunately, we have to deal with annoying pop-ups to accept the use of cookies when we first visit a site.
Talk about online privacy concerns and cookies began in the 1990s, when cookies were increasingly used to track user behavior on the internet. However, laws to regulate this did not come until 2002 in the European Union, with the 2002 ePrivacy Directive (updated in 2009) and the 2018 General Data Protection Regulation (GDPR) setting strict rules on the use of cookies and user consent.
With this 2018 regulation, the aim is for users to have more control over their data and how their online behavior is tracked. In addition, websites must inform users about the use of cookies and obtain their consent before collecting data.
For advertisers, the rule hindered the ability to target specific audiences based on their past browsing behavior, so they sought alternative methods to collect data and target advertising. One method is to inform and ask for consent about data collection.
Another way to target advertising stimuli to the right people is "fingerprinting," which collects browser and device information to create a unique user profile. In my view, this technique, while it does better protect people's digital identities, is not very different from the use of cookies.
For its part, within its Privacy Sandbox initiative, Google is developing technologies aimed at enabling personalized advertising without compromising individual privacy, replacing third-party cookies with solutions such as FLoC (Federated Learning of Cohorts).
What can we do to protect our privacy online?
The most important point is that there is a growing awareness of the implications of giving out personal information at every moment.
If, like me, you want to start taking a little more care of your privacy, I share with you below a series of habits that I am trying to implement:
- Configure privacy settings in the browser you use to block or limit third-party cookies and other forms of tracking.
- Install browser extensions. There are some designed to enhance privacy, such as ad blockers, cookie managers and anti-tracking tools.
- Keep your browser and operating system up to date, because updates are constantly being released to improve security and privacy.
- Log out of websites after using them. I know it's annoying, but this habit can help you prevent session hijacking. In fact, I try not to browse any sites that require login on computers other than my own.
- Beware of public wifi. Although we hear all the time about the precautions to be taken when using public networks, there are many people who think "it won't happen to me"; I thought so too. We have to be aware of the security risks when using public networks and avoid sensitive activities, such as accessing your home banking using those connections. There is a lot of publicity about VPN tools that protect you in those cases, but I don't know how reliable they are. If anyone has experience in this regard and would like to share it in the comments, it would be very valuable for everyone.
- Follow a technology popularizer you like to stay up to date on safe online practices and be aware of security threats we don't know about.
I am fortunate to work in a company that, among other things, is dedicated to cybersecurity, and so I can pass this article on to you and ask for your expert recommendations. In the in the next article I will share their comments with you.
By Santiago Pennino, CMO of Quantik.
Santiago has a degree in Advertising and extensive experience in media agencies and the travel industry. He currently serves as CMO of Quantik Group.
During his professional career, he has held leadership roles at Despegar.com and various advertising agencies, focusing on assisting companies in their digital transformation and brand development.
