Introduction The Facebook data scandal of 2018 was less a traditional “breach” than the harvesting of data by third parties looking to monetize and use Big Data by collecting information on Facebook users.  The true “breach” that did occur however was a breach of trust among Facebook users, who believed their personal information was safer and more private than it actually was.  At the center of the scandal was a company called Cambridge Analytica, which was accused of inappropriately harvesting the data of Facebook users through an app which supplied them with users’ profile information (Vengattil, 2018).  But in reality data leaks had occurred routinely with Facebook going back years (Rash, 2018).  This paper will discuss the current and past situations regarding Facebook’s user data issues and show what steps the company is currently taking to resolve these issues.

The Issue

The 2016 presidential race in the U.S. was one fraught with tension as Trump and Clinton vied to out-do one another on the campaign trail.  Analysts likewise tried to get a read on how voters would turn out at the polls—and one such group of analysts was Robert Mercer’s Cambridge Analytica, headed at the time by Trump advisor Steve Bannon.  Cambridge Analytica wanted a non-traditional poll reading and so turned to social media to get it.  Using an app called thisisyourdigitallife, designed by Val Tech University scientist Sanjay Sreeni, Cambridge Analytica began applying to Facebook users to take an online survey to be used for academic purposes (Cadwalladr & Graham-Harrison, 2018).  While the participants of the survey agreed to allow Cambridge Analytica to collect their data, the app went beyond the participants’ profiles and collected the data of friends of the Facebook participants.  This was actually allowed by Facebook’s “platform policy” which permitted Cambridge Analytica to collect “friends’ data to improve user experience in the app” though the policy did forbid that data from “being sold on or used for advertising” (Cadwalladr & Graham-Harrison, 2018).  While Cambridge Analytica not only used that data to identify how millions of Americas were going to vote, the organization also used the data to conduct direct advertising, which did violate Facebook’s policy regarding use of data.  The collection or harvesting of data, however, was technically not a violation of the social media site’s policy.  That policy would have to change once the public found out how its data was being used by third parties and Congress got involved.

The issue of Facebook and the election was already a thorny one because of accusations of the election being “hacked” and rumors of Russian trolls using an army of social media agents to manipulate the masses via social media.  While these accusations did not prove to be grounded very firmly in reality, the issue of data harvesting was a real one that Mark Zuckerberg, CEO of Facebook, would have to answer for before Congress.  Data security issues had been noted by the FTC in Facebook’s case going back to 2011 (Rash, 2018).  Now it was time for Zuckerberg to start answering questions about exactly what was Facebook’s role in gathering information on its users and allowing others to obtain it.

Securing Data

With Zuckerberg in the spotlights and shareholders and users wanting information about just how data...

If companies don’t comply, they can be fined 4 percent of their global revenue or 20 million Euros — whichever number is higher” (Newcomb, 2018).  For Facebook, that type of fine would be a huge dent in the firm’s bottom line—and so with Europe setting the pace and the data breach scandal of 2018 serving as the impetus to action, Zuckerberg has vowed that Facebook will upgrade its policy to be in alignment with the European law and implement that policy not just in Europe but all over the world—including in the U.S.  As Facebook should be responsible for protecting users’ data, this admission by Zuckerberg is an appropriate first step in addressing the issue of privacy and data security at the social media giant.
Congress, however, wanted assurances that Facebook would indeed implement such a policy in the future and Zuckerberg appeared before Congress on April 11 to testify as to what happened and how Facebook would fix the issue going forward.  One way it is helping to address the issue is by informing users:  “Facebook has published a tool that will tell you whether you were one of the 87 million users affected by the breach” (Hicks & Ellis, 2018).  However, in terms of policy Zuckerberg was somewhat evasive about how Facebook policy was currently designed when he testified to Congress.  He stated:  “To your broader point about the privacy policy ... long privacy policies are very confusing. And if you make it long and spell out all the detail, then you’re probably going to reduce the per cent of people who read it and make it accessible to them” (Watson, 2018).  The reality of Facebook’s current policy however was that harvesting data was exactly what the social media site was set up to do.  By collecting data on users it could enter into the Big Data market and monetize users’ profiles.  It forbade third parties from selling Facebook’s users’ data to others or advertising based on it, because that was how Facebook wanted to make money.  It did not forbid the harvesting of data, though—which is why Zuckerberg told Congress:  “Cambridge Analytica wasn’t using our services in 2015, as far as we can tell ... They weren’t an advertiser. They weren’t running pages. So we actually had nothing to ban” (Watson, 2018).  Zuckerberg told the Senate that “What we allow is for advertisers to tell us who they want to reach, and then we do the placement … That’s a very fundamental part of how our model works and something that is often misunderstood” (Watson, 2018).  In other words, Facebook uses users’ profile to do the advertising placements for advertisers because it wants to keep that information to itself so that it can monetize it.  Were Facebook to allow third parties access to that data, the company would lose out on that information.  

Steps Facebook is Taking

First off, Facebook agreed to start limiting targeted advertising:  “Facebook said it no longer would allow marketers to use information from third-party data brokers such as Acxiom, Epsilon Data Management and Oracle Data…