515s- Cambridge Analytica: Privacy Scandal & Regulatory Nightmare Discussion
Name
Institutional Affiliation
515s- Cambridge Analytica: Privacy Scandal & Regulatory Nightmare Discussion
Question 1
Cambridge Analytica misused data obtained from Facebook to build voter profiles. Cambridge Analytica obtained personal information from millions of Facebook users without their consent and sold the analytics to the Donald Trump political campaigns. These data were collected through an app created by Cambridge academics, and it consisted of a series of questions. These questions were disguised to be of educational use, and so, Facebook users would agree to complete a survey for payment. The app also collected personal information on Facebook friends of the participants of the study through Facebook open graph platform. President Trump’s 2016 campaign used the data to create psychographic profiles for political advertising. The ads were categorized into distinct categories based on whether the user was a Trump supporter or not. His supporters received triumphant visuals of him while swing voters received malicious graphics of his opponent. Information on the data breach was uncovered after a former employee at Cambridge Analytica came forward as a whistleblower. The Federal Trade Commission (FTC) investigated the incidence and fined Facebook for contravening the law for failing to protect its user’s data privacy. Facebook publicly apologized and promised to ensure compliance.
Question 2
The US Privacy Act would prevent the Facebook / Cambridge Analytica scandal from happening in the future. The Act establishes a code appropriate information practice governing the collection, use, dissemination, storage, and maintenance of personally identifiable data about individuals. The Act defines personal information as anything capable of being associated with a particular household or individual. Examples include a postal address, name, IP address, social security number, biometric data, and passport number. According to the US Privacy Act, organizations cannot obtain or share information about individuals without obtaining their consent. Thus, organizations can not deceptive and unscrupulous means to get data from unsuspecting individuals.
As per the Act, consumers can request organizations to disclose the categories of personal information they collect, including types that are shared to third parties. This provision reminds the organizations that they are being watched .as a result, they use the obtained personal data only for the specified purposes, and they ensure that the data is not stored for longer than intended. The Act recommends that organizations perform due diligence when partnering with third parties. The reason is that organizations found using third party data obtained from breaches would be in violation of this Act.
Question 3
In my view, data protection is critical for exercise if the right to privacy. The right to privacy is internationally recognized as a fundamental human right as it allows individuals to be free from public scrutiny and allows personal autonomy. Thus, organizations and individuals processing personally identifiable information data are obligated to take measures to mitigate interference with this right. In the fundamental right to privacy, governments ought to regulate the processing of personal data and organizations need to give individuals rights over their data. Regulations are an effective means to ensure the right to privacy as an organization found in violation can face possible legal charges for the offence. Also, punishment for violating the law would act as a form of deterrence that would discourage other organizations from failing to comply with data protection regulations. Giving individuals rights over their data would ensure that personal data is processed for specified purposes based on consent. The purpose for which information is used would be established, and personal data would only be disclosed, used, and retained for the original use.