Recently Facebook published latest (Q3) user and revenue update, having the overall users base drop (in Europe and US, mainly).
While the drop of users, when compared to total numbers, is small, it is strong signal that users in Europe are not happy with some of Facebook’s practices. More specifically, the drop-in user count is attributed mostly to the Facebook–Cambridge Analytica data scandal in early 2018 when it was revealed Cambridge Analytica had harvested the personal data of millions of people’s Facebook profiles without their consent and used it for political purposes. It has been described as a watershed moment in the public understanding of personal data usage and precipitated a massive fall in Facebook’s stock price and calls for tighter regulation of tech companies’ use of data. This serious breach of privacy no doubt caused some users to simply stop using Facebook.
Besides Cambridge Analytica data scandal there was cyber-attack last month that questioned data security practices of Facebook and their role as “identity providers” for many social media apps and websites (you can use Facebook to log into other websites). And of course ongoing discussions about “shadow profiles“, use of security data for marketing and similar use of data that many consider unethical.
Also, we can’t underestimate the effect of GDPR coming into force. It significantly raised overall awareness and knowledge about privacy and data protection. To comply with GDPR, Facebook introduced data access tool so any user can see the vast amount of data Facebook has collected about them and re-evaluate their use of the service.
The takeaways of the news:
- For companies:
- Be ethical about your data usage. Even if the use may seem legal, users may think otherwise, especially if data usage is unexpected for them. Data protection impact assessments (DPIAs) would be a tool to understand and address such risks.
- Be cautious about your partners and how they use data you provide. Partner’s misuse of your data or security fails may hurt your reputation. Therefore, evaluation of partners is important.
- Less is more. Keep data collection and usage to necessary minimum – less data you have, the better. Customers have right to access all data you hold on them, so they may and will question how and why you collect and use data.
- For rest of us – while GDPR requires companies to secure your data, the reality is that you should take it into your own hands:
- Be mindful of what services you use and what data you provide or give access to apps and services. Avoid apps and services that require data that would not be reasonably necessary.
- Follow acceptable security practices – for example, always use unique and strong passwords, use two factor authentication where available, immediately change passwords if they might be compromised, delete accounts you don’t use anymore. And always check privacy settings of each app or service to avoid data sharing or use without your knowledge.
EU based lawyer and data protection officer with more than 10 years experience in privacy and data protection.