Cambridge Analytica – the leaky façade of personal data handling

As the world digests the content of Mark Zuckerberg’s testimony over two days of grilling by the US Senate and the US Congress, many are wondering, what is social media, why do we have our data out in the world and how is private data being exploited?

The age of analytics has long been heralded as the frontier for modern societal progress, where vast deposits of personal data are anticipated as “the oil of the digital economy”. Yet the notion of data supporting the interests of society is perhaps to little more than a façade following reports of mishandling and exploitation amongst multinational online conglomerates.

Turmoil has arisen following claims that personal data harvested from 50 million Facebook users in 2014 has been used as a device for political persuasion and influence by British political consulting firm Cambridge Analytica. This incident highlights the lack of governance surrounding personal data security as well as the concern of analytical influence within our digital lives.

The personal information tied to this investigation was first obtained by University of Cambridge academic, Aleksandre Kogan, who used an app within the Facebook platform to collect personality test data from American users. However, against Facebook policy and the explicit consent of associated users, Kogan released the information for commercial use through his company Global Science Research. It is inferred that the data eventuated in the hands of Cambridge Analytica, a firm who pride themselves on an ability to combine data analysis and behavioural research into strategic online electoral campaigns.

The impact of this misconduct is believed to have been experienced most recently during the contentious US elections. Throughout Donald Trump’s campaign, Cambridge Analytica provided expertise to target the most persuadable voters via messaging situated around the issues they cared most about. While the methodologies for this are ingrained in science, issues arise as the personal data utilised in this movement stemmed from malpractice and exploitation.

In the wake of these allegations, questions have unsurprisingly arisen to expose the means by which the arrangements unfolded. Ultimately, these wrongdoings are a product of the insatiable demand that technology conglomerates place upon data mining paired with outdated regulatory supervision.

We live in a world where digital practices are governed by analogue laws. For individuals and businesses, the reality of this antiquated system is that we face a constant barrage of cunning acts seeking to push the boundaries of data collection and its application. While inquiries and regulation emerge to surround these matters, history ultimately reminds us that new rules will only be as effective as their enforcement.

Self-regulation cannot be expected or relied upon from within these technology conglomerates as their financial viability hinges on the exploitation of user data for advertising. Change that advocates these platforms turning away from data collection would appear about as likely as a tobacco company halting their sales of cigarettes.

Ultimately, two questions arise from this debacle. The first is what steps will the private and public sector take to protect the privacy and security of our personal data? The second is more complicated and involves asking to what extent should analytics be able to micro-target individuals with invasive and persuasive signals regardless of the consent given on their data?