The Great Hack: Documentary reflects on data abuse and privacy boundaries
The new Netflix documentary, The Great Hack, delves into the story behind the Cambridge Analytica Scandal, which involved the misuse of 87 million US Facebook users’ personal data. The revelations took down Cambridge Analytica, a British data intelligence company working on hefty political campaigns all over the world, and forced Facebook’s founder and CEO Mark Zuckerberg to testify in court.
The film follows the experience of US college professor David Carroll, who enters a legal battle to recover his personal data from Cambridge Analytica after the scandal breaks. Led by Alexander Nix, Cambridge Analytica was headquartered in London, and throughout its existence worked on political campaigns in many countries using its data expertise to target voters.
The storyline encompasses one of the greatest challenges of this day and age and calls into question the power of big tech companies, as well as their lack of accountability in harmful data abuse cases. The business model of social media companies like Facebook, where access and services seem to be free at the point of use, is actually a cash cow leveraging on information about its users that can be commercialised to anyone willing to pay the right price.
Cambridge Analytica claimed to have created a profile for virtually every voter in the US, each one containing 5,000 data points. As these data points were collated from information gathered via Facebook user interactions, the main question emerging is: are users aware of how their data is exploited?
While judgements on the conduct of Cambridge Analytica’s CEO Alexander Nix and the ‘propaganda machine’ deployed by his team require further reflections, the documentary plainly shows the wide array of data that technology companies have access to, and the dearth of ethical protocol around how they intend to use it. It confronts us with the uncomfortable realisation that we are constantly being watched, and that our own behaviour can be used to manipulate our decisions.
The Cambridge Analytica scandal marked a turning point in the history of big tech: before the scandal, the big tech companies had an image of being cool, made by young people who enable connectivity and free information to billions. Since the revelations, however, this feeling of awe has started to dissipate, alongside a general realisation that the alleged free services provided by social media and technology companies actually come at a price. If, on the one hand, hyper-connectivity can bring us closer and provide fast and unpaid access to information, a quick flip of the coin shows us the other side, where users feel cheated and violated.
The scandal prompted a wake-up call for users and authorities alike, raising questions over the kind of regulations needed in a time when data has become the most valuable asset on the planet. The real question arising from the scandal was about how much information people are giving away to social media and technology companies without their consent or even knowledge.
Still, despite the important message it endeavours to get across, the documentary neither offers us real solutions towards finding justice, nor suggests any alternative with which to fight the big tech companies that have invaded every aspect of our lives. There is a clear urgency in recognising data rights, establishing boundaries between public and private, and clarifying terms and conditions for users so that, when using social media, they can be fully aware of the information they would be giving away.
If nothing else, the Cambridge Analytica scandal has highlighted the need to set up an inclusive, comprehensive and global regulatory framework to regulate uses of data and establish stricter privacy rules.
“Data protection is a structural problem. We don’t have effective ways to hold companies accountable and to enforce when they commit data crimes because we don’t even have a way to define, let alone prosecute, these data crimes. We can see that the existing tools we have are not succeeding at what they’re supposed to do,” said professor Carroll in an interview for Business Insider on the documentary and the aim of raising awareness about the blurred lines between privacy and use of social media.
The reality is indeed worrying and the clock is ticking. The debate about data rights, privacy and accountability is long overdue.
John Marshall, CEO of World Ethical Data Forum (WEDF), the only platform to embrace the full range of interrelated issues around the use and future of data, commented : “We’re fortunate such excellent work has been done since the outcry over Facebook and Cambridge Analytica to bring the issues around data and privacy to public awareness. The civil liberties implications of the new data technologies are very serious, and rightly or wrongly Cambridge has come to symbolise a tendency we may have caught just in time. But these questions go deep. We need to explore the ethical and practical questions arising from the uses and control of information quite generally too. It’s very easy to overlook the fact that we’re still struggling with the ethical implications of even apparently very basic technology, such as the press, let alone what Zuboff calls ‘behavioural futures markets.’ How we decide these questions will define our epoch.”
By addressing these concerns and encouraging the collaboration of apparently competing worlds, from technology and big business, government and security agencies, policy makers and the media, to human rights lawyers, whistleblowers, and privacy and transparency advocates, the World Ethical Data Forum offers a unique and crucial perspective for the future.
GDPR: The ground-breaking data regulation
The European Union is a pioneer in establishing data regulations. The implementation of the General Data Protection Regulation (GDPR) in May 2018 sparked a global conversation about data ownership, consent and use, as the ruling imposes a number of obligations on individuals and entities collecting personal data from EU residents. The GDPR, even in its early days, has established itself as an exemplary set of regulations and a good place to start a serious conversation about protecting user privacy.
“In the charter of human rights that founded the EU, data protection rights are listed as a fundamental right that’s equivalent to freedom of speech, freedom to marry, all these other basic human rights. That’s why Europe has a 20-year lead on creating the infrastructure for businesses to provide for these rights,” said Carroll, highlighting the lack of protections in the US, for example, where the major technology companies are headquartered.
The first-year of GDPR reports show that many companies have problems handling data in a responsible manner. In a nine-month summary of the effects of GDPR, the European Data Protection Board said that as of March 2019, there were 206,326 complaints raised, of which nearly 100,000 related to data privacy. GDPR supervisory agencies in 11 countries issued fines, totalling €55,955,871 (over $6.3 million). The Netherlands recorded the most data breach reports per capita, followed by Ireland and Denmark. The biggest European economies — UK, Germany and France — rank tenth, eleventh and twenty-first respectively. Greece, Italy and Romania have reported the fewest breaches per capita.
Despite the regulation being new, compliance has been a problem, which can lead to breaches and damage to users. One year after its implementation, a survey by the International Association of Privacy Professionals (IAPP) shows that more than half of all companies are still not GDPR compliant, while 20 percent said they did not believe full compliance was even possible.
If you are interested in the next WEDF event taking place in London next July 2020, please get in touch with us at: Cassiopeia@worldethicaldata.org