For decades, Wall Street has been viewed as an antagonist of the American people. Banks are continuously under scrutiny for irresponsible money management, with the notorious Public Eye “Award” dishonors frequently being bestowed upon them. This narrative was only solidified by the 2008 subprime mortgage crisis, largely credited to the Street’s blend of inadequate due diligence and austere greed. But now, data is the currency of our business world, and it is one that we pay forward to use free services like social media. Tech companies have taken on the pressure that was once placed on Wall Street, and are now under the spotlight with an even larger obligation: using our credit card, address, contact info, social network, and purchase data responsibly.
One of the largest offenders of data irresponsibility is Facebook. While it is most known for its Cambridge Analytica data scandal, there is far more that may have missed major headlines. Let’s take a deep dive into what has happened over a tumultuous 12 months in Facebook’s rocky relationship with user data privacy:
March 2018: Facebook suspended Cambridge Analytica, a data analysis firm, when they violated Facebook rules by collecting 87 million Americans’ data for hyper-targeted advertising, and lied to Facebook about deleting the data. Facebook had learned about the data collection back in 2015, but did not follow-up on the data deletion until 2018. The three-week aftermath of the news? An 18 percent drop in its stock price, the stepping down of former Security Chief Alex Stamos, and an FTC investigation. Although #deleteFacebook started trending nationwide, many started to realize that #TooBigToFail also applies to tech companies.
April 2018: “Senator, we run ads.” As Facebook’s stock began to recover, Facebook co-founder Mark Zuckerberg’s testimony in front of the Senate was filled with apologies and optimism for the firm. The company began taking action, too, revamping its privacy tools to allow users easy insight into the comprehensive data that Facebook has from them. The bad news? Zuckerberg isn’t the only one with problems on his hands. Regulators have a hefty task of figuring out how to create legislation that can reign in an entity more powerful and complex than Congress itself.
Late April-May 2018: Deleting about 200 suspicious apps, 800 plus million spam posts and rolling out an apology ad during the NBA Playoffs, Facebook began cleaning up its act. Apologies turned from words to action, as Facebook agreed to comply with the European Union’s revolutionary data-privacy General Data Protection Regulation law.
June 2018: Spring cleaning, however, didn’t last long. June began with a New York Times accusation of Facebook sharing excessive user data with device manufacturers like Apple, Microsoft, Samsung and BlackBerry. When users accessed Facebook on these devices, tech manufacturing firms allegedly gained access to Facebook user data as well as users’ friends’ data. And when it rains, it pours: Days later, Facebook found a software bug that caused about 14 million private accounts to become public.
July 2018: Privacy stayed center stage for Facebook. The month kicked off with yet another apology from Zuckerberg, as a six-day software bug that allowed blocked users to temporarily access and view the accounts of those who had blocked them. To wrap up the month, when dismal second quarter earnings revealed shockingly low revenue growth, Facebook saw the largest one-day loss in stock market history. The record-breaking abuse of data privacy had finally caught up to the company in a serious way.
October 2018: October wasted no time in spooking Facebook. News surfaced that hackers were able to access information from roughly 29 million accounts — including Zuckerberg’s very own. Just six months after the Cambridge Analytica disaster, Facebook had once again found itself at odds with user data privacy. In hopes of making progress through tumult, Facebook made a bold move in their playbook a week later, launching Facebook Portal: an in-home hardware device that functions like FaceTime, but with a wider screen and a camera that follows users during the call. With the chronic misuse of data preceding the launch, many viewed the in-home device with skepticism. And while still dealing with the data breach from the start of the month, Facebook announced a few days after the Portal launch that they had fixed a bug found in August that had allowed hackers to hijack users’ WhatsApp accounts when they answered an incoming video call. By mid-October, major investors expressed their exhaustion with the company’s irresponsibility, and called for Zuckerberg to step down from the company’s Board of Directors.
December 2018: Facebook wrapped up the year solidifying itself as the enemy of responsible data utility when the Parliament of the United Kingdom released a slew of internal Facebook documents, revealing that Facebook created an entire marketplace with its user data. It gave companies such as Netflix, Microsoft and Amazon special access to Facebook user data, while limiting this database access to Facebook’s own competitors. Mid-December, Facebook continued what began to feel like empty apologies when they released news that a bug may have exposed unshared photos of roughly 7 million users to up to 1,500 third-party apps. A few days after, Facebook received news that the Washington, D.C. attorney general, was finally suing the firm for the Cambridge Analytica data scandal.
January 2019: Mark Zuckerberg rang in the New Year with one resolution: fixing Facebook. But toward the end of the month, news broke that Facebook had been secretly paying people between the ages of 13 and 35 to install a “Facebook Research” VPN, letting the company acquire the entirety of a user’s web activity. The compensation? $20 per month. Within hours of the news breaking, Facebook shut down the iOS Facebook Research app. Despite the uneasy news, January concluded with a strong earnings report, sending the stock up nearly 12 percent.
February 2019: Facebook turned 15, but leaders worldwide were doing everything but celebrating. German antitrust officials wielded their gavels and ordered Facebook to stop merging the data it collects on users’ activities across the internet without their consent. Weeks later, the UK Parliament released a 100 plus page document accusing Facebook of their beyond-the-law behavior and recommended that the UK create a watchdog to oversee tech companies. Soon thereafter, New Zealand hinted at taxing multinational internet companies up to 3 percent.
March 2019: This month, while Facebook Coin is stirring conversation among cryptocurrency skeptics, Facebook made a colossal change to their blueprint that may just redefine the company as we know it: pivoting their strategy toward private communication. After a long year of broken privacy promises, this may look like a hollow tactic at face value. However, Zuckerberg’s lengthy blog post begs to differ. He is revamping the company on one big bet: the movement from public posting to small-group sharing. What does this really mean? Perfecting the art of encrypted messaging.
While action is yet to follow his words, this new strategy ultimately means leveraging its less-than-ideal reputation in privacy, and strengthening it to the point of focal purpose. How do we know that this is the real deal? Just last Friday, Chris Cox, Facebook’s chief product officer, stepped down, calling the shift a “big project” that demands leaders who are “excited to see the new direction through.” As one of Facebook’s first 15 engineers, it sounds like encryption didn’t sit too well with the executive.
The year 2018 was everything but kind to Facebook users, but the U.S. government is yet to properly penalize the tech mogul. While data privacy is a direct issue that all users equitably seek resolve from, the fact of the matter is that lawmakers and the FTC do not have the resources to suitably regulate companies of such massive size. The FTC’s largest fine to date is $22.5 million, charged back in 2011 to Google after the company tracked users on Apple Safari without their consent. For a multi-billion dollar company, this is less than a slap on the wrist.
For now, users and legislators can only hold out hope that the move to private communication is a move toward data responsibility on Facebook’s chessboard.