Security news that informs and inspires

Data Brokers, Social Media, User Privacy

By

Facebook is cutting ties with third-party data brokers. What does this mean for user privacy?

The fact that some of the largest technology companies collect a lot of user data and sell them to advertisers is not a secret. Even so, the revelation that Cambridge Analytica reportedly accessed information about 50 million Facebook users without their knowledge, had most people reeling with shock and dismay. Apparently, they hadn't realized just how much of their information was out of their control.

Facebook CEO Mark Zuckerberg called how user data was shared "a breach of trust between Facebook and the people who share their data with us and expect us to protect it." While he promised some fixes, don't expect any company to relinquish control over user information, the most valuable currency in 21st century commerce. Data collection will continue.

The "news about Facebook and Cambridge Analytica has shown that our worst fears were more or less correct," wrote Andrés Arrieta, a technology projects manager at the Electronic Frontier Foundation. "Now users are looking for answers about what went wrong and what they can do to protect themselves online."

End data-sharing

Facebook said it was ending partnerships with large data brokers, companies such as Experian, Oracle Data Cloud, TransUnion, and Acxiom, who have reams of personal, financial, and health information. Data brokers have a treasure trove of user information, aggregated from various databases such as voter rolls, property records, purchase histories, loyalty card programs, consumer surveys, and car dealership records. With Facebook's Partner Categories feature, advertisers can use that information to target specific sets of Facebook users with their ads.

People have gotten used to seeing ads for products they searched for online follow them around the Internet. Facebook's partnership with data brokers meant a person who bought a coffee maker at a brick-and-mortar store with the store's loyalty card would see ads on Facebook for espresso beans from a local company. The information from the data broke is paired with the Facebook profile data to put the person in very targeted advertising categories based on gender, age, personal preferences, and geographic location.

"A breach of trust between Facebook and the people who share their data with us and expect us to protect it."

Ending the partnership will "help improve people's privacy on Facebook," the company said, but it's not clear how things will change for consumers. Facebook is promising it will be stricter about who has access to its data, but none of its promises have to do with less data collection.

Facebook still has to make money, and advertising is still part of its revenue model. Ending the partnership can impact how advertisers spend their ad dollars on Facebook, so it's pretty likely Facebook is going to explore ways to expand how its own data is used. The Washington Post cited privacy experts who believe the company is going to charge advertisers directly for access to the information it already has on its users.

“We don't know enough about Facebook's data trove to know whether their abandonment of Partner Categories helps users avoid privacy invasions,” Frank Pasquale, a University of Maryland professor who specializes in algorithms and privacy, told The Washington Post.

Use available tools

Facebook promised is to make it easier for users to find and use its privacy and security tools. Users will have more control over the amount of personal information the company keeps, such as political preferences and hobbies, manage how the information is used to show ads, and be able to delete things they've already shared.

Users should take a look so that they know what kind of data the company has, and make changes or remove information as they feel necessary. Making the information easier to find is a good first step.

"Now users are looking for answers about what went wrong and what they can do to protect themselves online."

This kind of data sharing and targeted advertising is accepted industry practice, and not unique to Facebook. Google oversees the collection of an even more comprehensive set of data about what users do online and makes that information available to advertisers. Take a look at what kind of information is being collected by each of the companies.

Facebook has already promised a full audit of all the apps on the platform that were allowed to get user information. Developers will also be restricted in how much user data they can access through their apps. Zuckerberg is also expected to appear before Congress to answer questions about what Facebook does with user data. Perhaps other tech companies with robust app ecosystems follow suit, just to make it look like they are keeping up.

The EFF developed a tool called Privacy Badger to reduce the scope of tracking by Facebook and hundreds of other online tracking companies.

If the news about companies mishandling user data has taught us anything, it is that users care deeply about their privacy but are far from having the control they deserve," EFF's Arrieta wrote. "Having a choice in what we share—and who we share it with—is paramount to healthy social and civic interaction among individuals and organizations.