[BreachExchange] What You Must Learn From Facebook's Mistakes With User Data
Audrey McNeil
audrey at riskbasedsecurity.com
Fri Apr 27 18:13:57 EDT 2018
https://beyondphilosophy.com/what-you-must-learn-from-
facebooks-mistakes-with-user-data/
Facebook is in hot water with their users regarding the use of personal
data. No matter where you are as a Facebook user—or not, as the case may
be—we can all learn three crucial lessons from Facebook’s mistakes.
To summarize, the Facebook Cambridge Analytica scandal broke in March.
Cambridge Analytica, a data firm that helped Trump win the 2016 election,
had the personal data of around 87 million Facebook users. When compounded
with allegations that Facebook allowed Russian propaganda and phony
headlines to reach and ostensibly influence voters, this news invited
scrutiny on how the social media site uses personal data.
(For a more robust summary of Facebook and Cambridge Analytica, this
article covers it well.)
Facebook did nothing illegal. At the time I am writing this, no charges are
pending against anyone at Facebook relative to this scandal. However,
illegal and wrong are not the same things.
Facebook CEO Mark Zuckerberg testified on Capitol Hill in April, facing a
joint session of the Senate Commerce and judiciary committees and a lot of
tough questions. Zuckerberg apologized for not taking a “broad enough view”
of Facebook’s responsibility. The Senate leaders want to change how data is
used, whether it is voluntary or mandatory.
What We Can Learn from Facebook’s Mistakes
Facebook did not properly control users’ data from app developers. What’s
worse, Facebook was not transparent with users about it. It shows a lack of
maturity by Facebook and damages Facebook’s relationship with their users.
I use Facebook for business and personal. I keep these two accounts
separate. However, it has always surprised me how often I get a
recommendation to friend business people for my personal account and vice
versa. I was also surprised to learn that Facebook’s Messenger App uploads
all of the contacts you have on your phone. I also discovered in my
research for this article that you might delete things from your Facebook
account, but they aren’t removed. My colleague rightly said, “Facebook
never forgets.”
All that said, I am not going to delete my accounts, but I am more aware
than I have ever been about what I am telling them. For me, this scandal
comes down to three substantial issues:
If anyone sells user data, it should be the user.
Making it easy to retain privacy makes it easy to retain trust.
Remember if you use something for free, YOU are the product.
If Anyone Sells the Data, It Should Be the User
Now, collecting data on people is nothing new. Businesses do it all the
time. It is, frankly, something I encourage my clients to do. In our global
customer experience consultancy, we see the value in knowing for the future
how customers feel and what they do as a result of those feelings. We also
want to know how much customers’ personalities influence their decisions.
We often create segments of customers to help train front-line employees on
how to deliver an excellent Customer Experience that works for each
segment’s personal preferences.
We collect customer data to earn more of their business and foster loyalty.
The best way to do that is to understand how psychological drivers help
people make decisions. We use what data customers give us to discover how
they think (psychological drivers) and then give customers more of what
they want.
However, we don’t sell the customer’s data nor do we collect it without the
customer’s knowledge. Facebook does both. In my view, the user should own
the data, not Facebook, and if the user wants to sell it, the user should
sell it to the highest bidder—not give it away for free. But more on that
later.
Making it Easy to Retain Privacy Makes it Easy to Retain Trust
Protecting your privacy as a customer should be easy. Period.
Every so often, a status update will appear in my personal account’s feed
of some way to change your privacy settings so that the wrong eyeballs
can’t see it. This grass roots communication about protecting your privacy
on Facebook should be unnecessary.
Facebook is not transparent on how to protect your privacy, nor do they
make it easy. It’s understandable when you consider what they do with the
data they do have. It’s a huge selling point for them to advertisers. It is
also a huge mistake.
Facebook collects data in a convoluted way. Also, the intricate process
needed to protect your privacy from changing audiences on the types of
posts (e.g., tagging vs. timelines, etc.) to navigating between different
settings menus, (i.e., one is on the profile and another on the upper right
of the home page) builds mistrust. Therefore, when Facebook uses your data
in a way that does not feel above board, you trust Facebook less, and,
presumably, use them less.
We all should make it easy for customers to keep their data private. In
fact, I would even have it be something that it is always private unless
they opt to have their data viewed. Moreover, I would have regular
reminders sent to customers to check their privacy settings along with an
easy-to-follow instructional how to do it. To be fair, Facebook has been
doing that of late.
Remember You Are the Product
Here is a crucial concept everyone should understand: If something is free,
then YOU are the product.
People were not aware of the depth and breadth of the data Facebook
collected. If you want to download what they have on you, please click
here. All of this information is what Facebook sells, to advertisers, to
app developers, and to foreign governments, enabling these entities to
target you with their message.
If the results of that download exercise alarmed you, consider the
footprint you make with your phone—such as your location, down to a few
feet. But it isn’t only your location; it is also what you type, where you
visit, and even what you say. Hey Siri, Hey Google, and Amazon Alexa
activate when you call on them. To do this, it means they are also
listening. All the time. To every word you say.
People are naïve if they think that some things in life are free. Everyone
should understand that nothing is free. In the case of Facebook, you are
paying with your privacy. (For those of you feeling sympathetic to the
#DeleteFacebook movement, you can Deactivate your Account in the General
Account Settings.
Facebook’s use of user data needs improvement, a sentiment shared by Senate
committees, users everywhere, and even the CEO of Facebook himself. What we
have discovered over the past few months about how our data is used can
teach us all a lot about how we should use our customer’s data as well.
Customers should own their data, and it should be easy for them to protect
it. We should also understand that nothing in life is free and we should
know what the price is for a free service. In Facebook’s case, it is a
little bit of your privacy. Users will decide if it was worth it or not.
With reference to ‘Facebook never forgets’, I would also say that once a
customer feels that you have taken advantage of their data, they will never
forget either.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180427/ee7d98d6/attachment.html>
More information about the BreachExchange
mailing list