Malware in the media – Same old song with a different meaning?
No, we are not going to talk about the classic Motown song out of the sixties performed by the Four Tops. This month’s blog is about Mark Zuckerberg’s promise, GDPR, Facebook’s new data leak and politicians putting their money where their mouth is. The question is, will that money be put on privacy or security?
The same old song
Only three months ago, the NY Times, Guardian and Observer reported a massive data breach by Cambridge Analytica involving millions of Facebook users. When the press and politicians dived into this scandal it turned out that sensitive privacy data of 87 million Facebook users was misused.
After the incident picked up media attention, Mark Zuckerberg, the CEO of Facebook apologized to press and US and EU politicians and promised to take measures to prevent this from ever happening again. After the meetings Facebook announced to improve its security and privacy settings.
With a different meaning?
Well we are sad to say not really. On the 27th this month the Norwegian Consumer Council Forbrukerradet published a report ‘deceived by design’ in which tech companies like Google and Facebook are accused of applying misleading ‘dark patterns’. These ‘dark patterns’ trick users in choosing less secure and private settings in favour of user tracking and advertising.
When these ‘dark patterns’ have the claimed effect on user privacy, these documented practices should trigger the attention of GDPR policy keepers. The goal of the GDPR is to protect the privacy of EU-citizens.
Mark Zuckerberg faced EU-parliament three days before the GDPR became effective. This explains why he only faced the (toothless) EU for 90 minutes while spending two full days to explain himself to the US-senate.
To make things worse, on the 28th this month Facebook came under fire again, because ‘Name Test’, a popular Facebook Quiz app, had exposed privacy sensitive data of 120 million Facebook users.
Put your money on privacy or security?
The ‘deceive by design’ report and the recent Facebook data breach seemingly make a strong case for a further investigation on Facebook’s GDPR’s compliance. Not complying with GDPR-standards can lead to fines up to 20 million euro or four percent of the world-wide turnover of a company (whatever is more). Facebook’s revenue surpassed 40 billion dollars in 2017.
Why is nobody mentioning the GDPR in relation to recent Facebook data breaches? Such a law case would make a great show case for privacy. Image what EU-projects and policies could be affected with a 1.6-billion-dollar budget (four percent of Facebook’s annual turnover).
To answer our own question, both press and politics have shifted their attention to other issues. The press seems to focus on US and EU immigration issues and politicians seem to be preparing the US and the EU on a future cyber war.