Why Facebook’s data scandal has not become a wider crisis
By Richard Waters
It is nearly four weeks since the Cambridge Analytica scandal erupted, and something surprising has happened.
Or rather, not happened. The biggest political crisis stemming from the mass collection of personal data has remained exclusively a Facebook affair. Google, the other great data aggregator, has not been drawn into the melee — even though Mark Zuckerberg, for one, spent part of his time in Washington this week encouraging legislators to take a broader look at all the companies that rely on mass data collection.
The Facebook data leak is exactly the kind of thing privacy campaigners have warned about for years. But it has failed to ignite a deeper crisis for what critics disparage as the “surveillance economy”.
There is one very obvious reason for this lack of contagion. Facebook’s failure was a product of what, until recently, was a uniquely promiscuous approach to handing out the personal data of its users. That was allied with the power of the company’s “social graph” — the web of personal connections on which its network rests. Even so, that this has yet to spark a wider debate has been telling.
One sign was the bewildering range of issues brought up by the nearly 100 politicians who faced off against Mr Zuckerberg in two marathon Congressional hearings this week. They had many concerns but there was no dominant line of questioning that pointed to anything even close to a coherent legislative response.
Put another way: when it comes to the supposed abuse of personal data by the biggest internet platforms, it has been hard to come up with a compelling theory of harm. Many people sense there is something amiss but have trouble putting their finger on it.
One reason the Cambridge Analytica case has ignited such a firestorm around Facebook is that it does, indeed, point to clear harm. Data leakage on such a scale is shocking. And while there is no proof yet that the leaked information was used to help elect President Trump or support the “Vote Leave” campaign for Brexit, even the suspicion that it played a role in such important events has brought home how much is at stake.
But if Facebook itself is to be believed, this particular stable door was bolted years ago. It no longer ships user data, wholesale, to app developers like this. Since the scandal broke, it has also come up with extra controls and more transparency that should go a long way towards dealing with remaining app-related worries.
There were plenty of other issues that surfaced during Mr Zuckerberg’s appearances in Washington. Many revolved around Facebook’s influence as a dominant communications and media platform — everything from its market power and claims of undue political influence and bias to its failure to block certain types of content.
But it was harder to pin down the core question raised by the Cambridge Analytica case: what specific harms flow from the mass collection of personal data?
This points to a problem that privacy advocates have long faced when taking on companies such Facebook and Google. They have had some success in getting internet users to understand that they have, in a sense, become the unwitting “product” that companies sell to advertisers. But when US senators challenged Mr Zuckerberg on “selling his users’ data”, he had an easy defence. Facebook doesn’t sell data: it uses it to make its own targeted advertising more effective.
It has been equally difficult to enumerate the specific harms in this type of targeting. Consider Privacy International’s attempt to spell out the dangers this week: “The more you know about someone the better you can persuade, influence and target them.” That sounds like a description of the very purpose of advertising, and trying to restrict access to the kind of data now available to the biggest internet platforms is like trying to put the genie back in the bottle.
The visceral anger in Washington over Russian election meddling — and concern about the power of the online platforms — is undeniable. Something has to give. The big internet companies are resigned to regulation: the only question is what form it will take.
But based on this week’s hearings in Washington, it is a safe bet there will be no broad privacy rules to control the collection and use of personal data. Americans looking for that kind of comprehensive framework will instead have to trust Mr Zuckerberg: he promised this week to extend the protections enshrined in Europe’s General Data Protection Regulation to Facebook’s users globally.
It would once have been unimaginable for American legislators to welcome that kind of external regulatory support. But with no obvious answers of their own, it has suddenly come to seem a welcome crutch.