By Peter Coroneos*, CyAN Head of APAC Region
– The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy or position of CyAN –
The perfectly pitched PR piece that was Mark Zuckerberg’s testimony before the Judiciary Committee will leave many dissatisfied and distrustful.
Like the leopard promising to be more mindful of its prey, the fundamental question remains unanswered and unanswerable.
How, when your fundamental business model relies on the analysis and sale of user data, can you promise to do better on privacy. At the margins, perhaps. But at the core, I don’t think so.
To blame third party app developers is cute, but unconvincing. If you give them the platform and share the revenue, as undoubtedly occurs, it’s not so easy to wash you hands of it all. The US legislators may understand this. Their European counterparts certainly do.
How Facebook will extricate itself from this self created mess is hard to see. But the surprising thing is how persistent now are the forces that seek to expose and exploit Facebook’s dilemma and how the public reaction is not abating. My last three social engagements have all seen this issue surface in conversation. As any politician will tell you, when your blunders become the stuff of barbeque banter, you’ve got a problem.
This disaster was 20 years in the making. Long before Facebook even existed, back when the internet was first taking hold, it was already clear that privacy was an issue that would appear time and again.
We’ve seen our kids being reckless with their data, always concerned that what they choose to publish could compromise their safety or future job prospects.
But the game changer was the use of algorithmic extraction of user data and the profiling which, when combined with advanced AI could just make Scott McNealy’s early proclamation — your privacy’s dead, get over it — a reality. At the time we all cried out in horror and said never would we allow ourselves to lose control. But your choices become restricted when the control mechanism itself becomes opaque. Even with the GDPR rapidly approaching it’s hard to see how social media companies will give control back to the users now that users are coming to see how little they’ve really had.
The recent revelations of the Facebook health initiative look even more disturbing in the light of the Cambridge Analytica saga. Here we are told of exploratory discussions with teaching hospitals whom Facebook courted to support its plan to cross match user data with existing health records to predict imminent health breakdowns. Sounds nice in theory. But consider the downside. It’s long been understood that health records are perhaps the most highly sensitive user data you can obtain. The forums you inhabit, the searches you do, the medication you take, the consultations you seek. Put all these together and you have unbelievable insights a person’s most vulnerable aspects.
I imagine we are finally at the tipping point where the user backlash will prompt more regulation. But is it too late? How do you enforce laws against global internet behemoths who can move data to the least regulated jurisdictions or hide behind First Amendment protections. Local laws are well and good, but it will take international treaties with teeth, legislated and enforced pretty much everywhere, to really bring accountability. Treaties take years to negotiate and we don’t have that time.
A quicker response will be market driven. A competitor may emerge with a service which puts true privacy control front and centre. A new model that’s not ad driven, a subscription based service perhaps where, for a small monthly fee, you get all the social interaction, but with privacy baked in.
I’ve always said that online trust is fragile. It’s the conditional grant of your users. You don’t own their trust, they loan it to you. More than ever companies must embrace ethical, transparent and permission-based data practices where user control isn’t just a buzzword to appease regulators, but is committed to in both spirit and substance.
* As CEO of the Internet Industry Association from 1997-2011, Peter Coroneos has championed best practice across a range of issues, from privacy to cybersecurity to child protection. By ministerial appointment he served two terms on the Privacy Advisory Committee, a panel of experts advising government on emerging social and technological threats to privacy. Peter was a prime mover in the passage of Australia’s anti-spam laws, heralded as the strongest in the world, which removed Australia from the top 20 list of spamming nations. He also helped secure major amendments to the Privacy Act which brought the private sector under its remit. He twice represented industry at APEC on standards for privacy protection throughout the Asia Pacific. Peter was twice invited to the White House to advise the Obama Administration on cybersecurity policy. He is now Regional Head for the global Cybersecurity Advisors Network.(www.cyan.international)