sdecoret - stock.adobe.com
Facebook data scandal a game changer, says ICO
Facebook’s controversial data sharing with London-based data mining firm Cambridge Analytica is a game changer, according to the UK’s privacy watchdog
The response to Facebook’s data exploitation scandal, which involves the data of nearly 1.1 million Britons out of a total of 87 million users affected, has demonstrated that data protection and privacy are now more important to the UK public than ever before, according to information commissioner Elizabeth Denham.
She was speaking ahead of the announcement of a major public awareness campaign which will seek to improve people’s trust and confidence in how organisations handle their personal information.
The Information Commissioner’s Office (ICO) recently revealed that Facebook is among 30 organisations under investigation as part of a probe into the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors.
Cambridge Analytica, which allegedly used the data for Donald Trump’s 2016 presidential election campaign, and AggregateIQ (AIQ) – a Canadian data company that reportedly played a role in the Vote Leave campaign in the UK referendum on leaving the European Union – have also been named by the ICO as being involved in the investigation.
At the weekend, Facebook announced that it had suspended AIQ, adding Cambridge Analytica and other partners it has suspended in the wake of the scandal, because it may have improperly received users’ data and because of reported links with the parent company of Cambridge Analytica, reports the BBC. But AIQ denies ever being part of CA, its parent company SCL or accessing improperly obtained Facebook data.
In a keynote speech at the ICO’s 11th annual Data Protection Practitioners’ Conference (DPPC) in Manchester on 9 April, Denham will tell more than 800 delegates: “It has been hard to miss the exposé of Cambridge Analytica’s alleged use of personal data in election campaigns, including information gathered from Facebook.
“Our ongoing investigation into the use of personal data analytics for political purposes by campaigns, parties, social media companies and others will be measured, thorough and independent. Only when we reach our conclusions based on the evidence will we decide if enforcement action is warranted.
“The dramatic revelations of the past few weeks can be seen as a game changer in data protection. Suddenly, everyone is paying attention. Our public information campaign, Your data matters, will help raise awareness but also, I hope, increase trust in our data-driven world.”
Read more about Facebook and privacy
- Business should note Facebook data sharing, say security advisers.
- Facebook announces more privacy control updates.
- Facebook could be hit with $2tn fine after FTC inquiry.
- Apple CEO calls for better privacy regulations.
- Privacy International calls for UK response to data exploitation.
In the US, Facebook CEO Mark Zuckerberg is set to meet US lawmakers ahead of Congressional hearings on the Cambridge Analytica, according to Reuters. Zuckerberg is scheduled to appear before a joint-hearing of the US Senate Judiciary and Commerce committees on 10 April and the US House Energy and Commerce Committee on 11 April.
Zuckerberg is expected in his testimony to recognise a need to take responsibility and acknowledge an initial failure to understand how many people were affected, Reuters quoted a person briefed on the matter as saying. The social networking firm said it will start notifying all users affected through detailed messages on their news feeds from 9 April.
While Facebook has been cooperating with the ICO, Denham said recently that it is too early to say whether the changes the social networking firm is making are sufficient under the law, adding that this an “important time” for privacy rights.
Other speakers at the DPPC event in Manchester will include Margot James, minister for digital and the creative industries, along with experts and innovators from the public, private and academic sectors.
ICO staff will be outlining the regulator’s current and future work in areas including enforcement and regulatory action, technology policy and international engagement.
Drop-in centres will offer one-to-one advice on various areas of data protection law, particularly aspects of the General Data Protection Regulation (GDPR) ahead of the compliance deadline on 25 May.
“The proper use of personal data can achieve remarkable things,” said Denham. “It can improve, ease and enrich our lives. Now, more than ever, the role of data protection practitioner is not just as a guardian of privacy, but as an ambassador for the appropriate use of personal data in line with the law.”
Award recognises importance of DPOs
Recognising the increasingly vital role played by professionals working in the sector, the inaugural ICO Practitioner Award for Excellence in Data Protection will be presented to Esther Watt, data protection officer (DPO) at North Kesteven Council in Lincolnshire, who was chosen by an independent panel of five judges from more than 100 nominations.
Watt said: “DPOs are increasingly important on the front line of the new digital society, ensuring the rights of the public are protected, while also making sure their organisations are legally compliant.”
Panel member Paul Jordan, managing director Europe for the International Association of Privacy Professionals, said: “Esther [Watt] has clearly embraced her role as she was swiftly acknowledged as the chief architect for organisational change, which is possibly harder to achieve in the public sector as constraints can be harder to circumvent. Her initiatives have clearly been central to ensuring the organisation’s smooth and positive transition towards GDPR compliance.”
Jon Baines, chair of the National Association of Data Protection Officers and data protection adviser at legal firm Mishcon de Reya, said: “The DPO is recognised as a cornerstone of accountability. The protection of personal data is recognised as a fundamental right and the DPO will be crucial to ensuring that this right is respected, and in allowing data subjects to understand and exercise that right.”
Peter Carey, CEO of PDP Group, said: “Selecting a winner from a thoroughly deserving set of finalists was challenging as all were highly proactive, great communicators and experts on the requirements of data protection law – essential attributes for great DPOs.”
Read more about the GDPR
- Public education important in new data protection era, says ICO
- How to be prepared for GDPR by 25 May.
- Almost a quarter of London businesses unaware of GDPR.
- Why GDPR is great for SMEs.
Ardi Kola of Reading University’s Henley Business School, said: “The achievements of all the nominees were extremely impressive and reflected their commitment to maintaining the highest standards and dedication to maintaining their own education and training, a massive factor in the success of a DPO.”
Ashley Winton, information rights lawyer and chairman of trade association the Data Protection Forum, said: “Unsurprisingly, the GDPR is bringing the importance of an effective DPO into sharp relief, a welcome systemic change for our profession.”
In February, the International Association of Privacy Professionals (IAPP) told Computer Weekly that the GDPR is having a positive effect on the privacy profession.
“People are definitely paying attention to privacy as the GDPR compliance date approaches,” said Sam Pfeifle, content director at the IAPP.
Membership of the IAPP more than doubled in 2017 with 12,000 new members, and 1,000 privacy professionals achieving certification in January 2018 alone, he said.
There has been a marked increase in the number of privacy professionals, said Pfeifle, as organisations seek to operationalise their GDPR plans and strategies.
At this point, he said, it is important privacy professionals and IT professionals engage with each other to guide each other to ensure the most effective technology is deployed to deliver the most critical privacy outcomes.
“With the deadline of 25 May so close, it is more important than ever that IT and privacy teams work together to get it right so that the organisation as a whole is able to do now what is required to ensure the best possible protection for personal data,” he added.