Following reports on Cambridge Analytica’s harvesting of 50 million personal profiles, Paul Grewal, a vice president and deputy general counsel at Facebook, wrote that “the claim that this is a data breach is completely false.” Zeynep Tufekci writes:
Grewal is right: This wasn’t a breach in the technical sense. It is something even more troubling: an all-too-natural consequence of Facebook’s business model, which involves having people go to the site for social interaction, only to be quietly subjected to an enormous level of surveillance. The results of that surveillance are used to fuel a sophisticated and opaque system for narrowly targeting advertisements and other wares to Facebook’s users.
Facebook makes money, in other words, by profiling us and then selling our attention to advertisers, political actors and others. These are Facebook’s true customers, whom it works hard to please.
Facebook doesn’t just record every click and “like” on the site. It also collects browsing histories. It also purchases “external” data like financial information about users (though European nations have some regulations that block some of this). Facebook recently announced its intent to merge “offline” data — things you do in the physical world, such as making purchases in a brick-and-mortar store — with its vast online databases.
Facebook even creates “shadow profiles” of nonusers. That is, even if you are not on Facebook, the company may well have compiled a profile of you, inferred from data provided by your friends or from other data. This is an involuntary dossier from which you cannot opt out in the United States.
Despite Facebook’s claims to the contrary, everyone involved in the Cambridge Analytica data-siphoning incident did not give his or her “consent” — at least not in any meaningful sense of the word. It is true that if you found and read all the fine print on the site, you might have noticed that in 2014, your Facebook friends had the right to turn over all your data through such apps. (Facebook has since turned off this feature.) If you had managed to make your way through a bewildering array of options, you might have even discovered how to turn the feature off.
This wasn’t informed consent. This was the exploitation of user data and user trust. [Continue reading…]