Andrea Martin-Swaby | Social media shake-up: data privacy aroused
The jewel of social media has come under heavy fire with the recent Cambridge Analytica saga. It was first reported that the data leak affected 37 million Facebook (FB) users; then it was increased to 87 million.
Regardless of the figure, the elephant in the room is arguably the alleged mismanagement of the personal data of millions of FB users, and the subsequent leakage of their data to the private corporation.
It is correct to say that technology allows private companies to collect and make use of personal data at an unprecedented scale because personal data is critical in the arena of electronic transactions and digital marketing. Yes, it is good for business. However, what about the data subject? Should he retain some level of control of how these organisations process his personal data, and should these data processors be bound by regulations which govern the management of data processing?
You may ask why the crowned jewel now sits restlessly in the naughty corner. Well, it is said that in 2014, a quiz app was launched that posed a list of questions to Facebook users. As the users filled out the questionnaire, this app collected their private personal information that was stored on FB, as well as the personal information of their friends and followers. It was this data that was allegedly subsequently leaked to Cambridge Analytica.
The users of this social media site seem not to have been aware that the data was even being collected by the social media giant when they filled out the fateful questionnaire in 2014, nor were they aware of its subsequent leakage to third parties. This is what has fuelled the outrage of many, and has aroused the concern of onlookers.
The Rights of Data Subjects
Today, data privacy and protection has become a real concern in the digital arena. Personal identifiable information is being collected daily by private organisations all around the world. Credit card and debit card numbers, digital signatures, email addresses, and telephone numbers are just a few of the bits of personal data that are collected and stored.
This data sits on servers that are managed by private corporations who collect such data for their own business pursuits.
Constitutions in most democratic societies proudly trumpet rights to privacy. It is a right that precedes the rise of the machines. Undoubtedly, the recognition and protection of privacy must transcend all possible evolutions, whether it is motivated by technology or otherwise.
In the technology age, data protection and data privacy are a necessities. In many territories where data protection and privacy laws have been passed, there are generous portions of the script that outline in detail several rights that accrue to data subjects. These rights include rights of erasure, and rectification of data, and give the data subject the right to manage his own personal data while they sit on the servers managed by data controllers. Additionally, these regulations place serious obligations on data controllers as regards their management of the data they process.
European Union Regulations 2016
When we peruse the opening paragraphs of the European Union General Data Protection Regulations 2016, which become effective on May 25, 2018, it is stated forcefully that the protection of natural persons in relation to the processing of personal data is not a privilege but, rather, a fundamental right.
The recent incident surrounding Cambridge Analytica underscores the importance of data protection and privacy. The data subject must be assured that data controllers are subject to rules and regulations that protect the sensitive data they process.
- Andrea Martin-Swaby, deputy director of public prosecutions, is head of the Cybercrime Unit. The views expressed are those of the author and do not necessarily reflect the official policy or position of the Office of the Director of Public Prosecutions. Email feedback to firstname.lastname@example.org.