Irish Data Protection Commissioner will not conduct fresh Facebook investigation as international controversy continues
Shares at the technology giant tumbled following allegations user data was exploited by political consultants
The Irish Data Protection Commissioner (DPC) will not conduct a fresh investigation into Facebook’s data practices following new revelations about how users’ data was exploited in the US by political consultants.
As international controversy continues to grow over how a British-owned political consultancy firm sought to influence the 2016 US presidential election by mining the personal information of up to 50 million people, the office of Irish Data Protection Commissioner Helen Dixon says that the events at the centre of the furore occurred before new rules set by her office came into place.
“The DPC conducted an audit and re-audit of Facebook in 2011 and 2012,” said a spokesman.
“Recommendations were made by the DPC in this regard and they were implemented by Facebook in April 2014 with a platform change. Access is now restricted for app developers to, at most, friends lists and generally only to in-app friends lists.”
A spokeswoman for Facebook Ireland told Independent.ie that the controversy involving the UK data firm Cambridge Analytica primarily affected US Facebook users’ data.
Independent.ie understands that less than 1pc of the 270,000 accounts involved in the Cambridge Analytica data-mining affair were European, with less than 0.1pc being Irish.
The controversy occurs as the marketing and political targeting techniques of campaigning organisations online come under greater scrutiny.
Some campaigners in the upcoming abortion referendum have voiced concern about unaccountable sources using social media companies such as Facebook to try to influence voters in the referendum.
UK authorities have also begun to ramp up investigations as to whether Facebook was used by foreign political interests to influence the 2016 Brexit referendum in the UK.
However, Facebook has promised to “aggressively” conduct an audit that would involve “complete access” to the “servers and systems” of Cambridge Analytica and the researchers it employed during the controversy.
“When developers create apps that ask for certain information from people, we conduct a robust review to identify potential policy violations and to assess whether the app has a legitimate use for the data,” said a spokeswoman for Facebook. “We actually reject a significant number of apps, [Aleksandr] Kogan’s app would not be permitted access to detailed friends’ data today.”
The controversy has hit Facebook’s pocket, with the company’s shares falling by 7pc on Monday, a sum equivalent to approximately €32bn, as investors worried that new legislation could damage the company’s lucrative advertising business.
All your questions about the controversy answered:
What’s this Facebook ‘data breach’ all about?
A researcher for a British political consultancy firm called Cambridge Analytica created an app that collected ‘likes’ and other personal data of 270,000 Facebook users and their friends, reaching 50 million people in total. They then used this personal information to target people politically for the US presidential election.
How did they do it?
They created an app based on a ‘personality test’ of the type we regularly see on Facebook. Anyone who did the personality test on Facebook ‘consented’ to the use of their personal details and even those of their friends. Ultimately, these were used to target them politically.
How could these details be used to target people politically?
The data boffins looked at information such as ‘likes’, comments and preferences and used that to come up with personality profiles based on research and algorithms they had already developed. It is alleged that they then used this to target certain voters in swing US states with varying messages that would appeal to different personality types.
And Facebook was okay with this?
Facebook says it initially did not know the information being mined was for political purposes and that the company doing it claimed it was for academic research. Once it found out, it asked for all of the mined data to be deleted.
But what about the 270,000 people who downloaded the personality test app, how did their friends get sucked in, taking the total closer to 50 million?
Under Facebook’s rules at the time, a certain amount of friends’ basic data could be “scraped” by services which had apparently obtained the consent of the users. Facebook says that this was permissible, as the friends who were affected would have had their privacy settings adjusted to allow this to happen.
Were any Irish people caught up in it?
Almost none, according to sources close to Facebook. It was almost all Americans.
Are companies still doing this on Facebook and, if so, can I prevent my own personal information being harvested in this way?
Facebook is now a mainstream political campaigning tool, so if you use the service, it’s unlikely that you will manage to plug out completely from seeing political ads there.
However, you can exercise some control in Facebook’s privacy settings over what happens to your personal data.