Security

Facebook data misuse firm snubs UK watchdog’s legal order

Comment

Image Credits: Brais G. Rouco/SOPA Images/LightRocket via Getty Images /

The company at the center of a major Facebook data misuse scandal has failed to respond to a legal order issued by the U.K.’s data protection watchdog to provide a U.S. voter with all the personal information it holds on him.

An enforcement notice was served on Cambridge Analytica affiliate SCL Elections last month and the deadline for a response passed without it providing a response today.

The enforcement order followed a complaint by the U.S. academic, professor David Carroll, that the original Subject Access Request (SAR) he made under European law seeking to obtain his personal data had not been satisfactorily fulfilled.

The academic has spent more than a year trying to obtain the data Cambridge Analytica/SCL held on him after learning the company had built psychographic profiles of U.S. voters for the 2016 presidential election, when it was working for the Trump campaign.

Speaking in front of the EU parliament’s justice, civil liberties and home affairs (LIBE) committee today, Carroll said: “We have heard nothing [from SCL in response to the ICO’s enforcement order]. So they have not respected the regulator. They have not co-operated with the regulator. They are not respecting the law, in my opinion. So that’s very troubling — because they seem to be trying to use liquidation to evade their responsibility as far as we can tell.”

While he is not a U.K. citizen, Carroll discovered his personal data had been processed in the U.K. so he decided to bring a test case under U.K. law. The ICO supported his complaint — and last month ordered Cambridge Analytica/SCL Elections to hand over everything it holds on him, warning that failure to comply with the order is a criminal offense that can carry an unlimited fine.

At the same time — and pretty much at the height of a storm of publicity around the data misuse scandal — Cambridge Analytica and SCL Elections announced insolvency proceedings, blaming what they described as “unfairly negative media coverage.”

Its Twitter account has been silent ever since. Though company directors, senior management and investors were quickly spotted attaching themselves to yet another data company. So the bankruptcy proceedings look rather more like an exit strategy to try to escape the snowballing scandal and cover any associated data trails.

There are a lot of data trails though. Back in April Facebook admitted that data on as many as 87 million of its users had been passed to Cambridge Analytica without most of the people’s knowledge or consent.

“I expected to help set precedents of data sovereignty in this case. But I did not expect to be trying to also set rules of liquidation as a way to avoid responsibility for potential data crimes,” Carroll also told the LIBE committee. “So now that this is seeming to becoming a criminal matter we are now in uncharted waters.

“I’m seeking full disclosure… so that I can evaluate if my opinions were influenced for the presidential election. I suspect that they were, I suspect that I was exposed to malicious information that was trying to [influence my vote] — whether it did is a different question.”

He added that he intends to continue to pursue a claim for full disclosure via the courts, arguing that the only way to assess whether psychographic models can successfully be matched to online profiles for the purposes of manipulating political opinions — which is what Cambridge Analytica/SCL stands accused of misusing Facebook data for — is to see how the company structured and processed the information it sucked out of Facebook’s platform.

“If the predictions of my personality are in 80-90% then we can understand that their model has the potential to affect a population — even if it’s just a tiny slice of the population. Because in the US only about 70,000 voters in three states decided the election,” he added.

What comes after Cambridge Analytica?

The LIBE committee hearing in the European Union’s parliament is the first of a series of planned sessions focused on digging into the Cambridge Analytica Facebook scandal and “setting out a way forward,” as committee chair Claude Moraes put it.

Today’s hearing took evidence from former Facebook employee turned whistleblower Sandy Parakilas; investigative journalist Carole Cadwalladr; Cambridge Analytica whistleblower Chris Wylie; and the U.K.’s ICO Elizabeth Denham, along with her deputy, James Dipple-Johnstone.

The Information Commissioner’s Office has been running a more-than-year-long investigation into political ad targeting on online platforms — which now of course encompasses the Cambridge Analytica scandal and much more besides.

Denham described it today as “unprecedented in scale” — and likely the largest investigation ever undertaken by a data protection agency in Europe.

The inquiry is looking at “exactly what data went where; from whom; and how that flowed through the system; how that data was combined with other data from other data brokers; what were the algorithms that were processed,” explained Dipple-Johnstone, who is leading the investigation for the ICO.

“We’re presently working through a huge volume — many hundreds of terabytes of data — to follow that audit trail and we’re committed to getting to the bottom of that,” he added. “We are looking at over 30 organizations as part of this investigation and the actions of dozens of key individuals. We’re investigating social media platforms, data brokers, analytics firms, political parties and campaign groups across all spectrums and academic institutions.

“We are looking at both regulatory and criminal breaches, and we are working with other regulators, EU data protection colleagues and law enforcement in the U.K. and abroad.”

He said the ICO’s report is now expected to be published at the end of this month.

Denham previously told a U.K. parliamentary committee she’s leaning toward recommending a code of conduct for the use of social media in political campaigns to avoid the risk of political uses of the technology getting ahead of the law — a point she reiterated today.

“Beyond data protection I expect my report will be relevant to other regulators overseeing electoral processes and also overseeing academic research,” she said, emphasizing that the recommendations will be relevant “well beyond the borders of the U.K.”

“What is clear is that work will need to be done to strengthen information-sharing and closer working across these areas,” she added.

Many MEPs asked the witnesses for their views on whether the EU’s new data protection framework, the GDPR, is sufficient to curb the kinds of data abuse and misuse that has been so publicly foregrounded by the Cambridge Analytica-Facebook scandal — or whether additional regulations are required?

On this Denham made a plea for GDPR to be “given some time to work.” “I think the GDPR is an important step, it’s one step but remember the GDPR is the law that’s written on paper — and what really matters now is the enforcement of the law,” she said.

“So it’s the activities that data protection authorities are willing to do. It’s the sanctions that we look at. It’s the users and the citizens who understand their rights enough to take action — because we don’t have thousands of inspectors that are going to go around and look at every system. But we do have millions of users and millions of citizens that can exercise their rights. So it’s the enforcement and the administration of the law. It’s going to take a village to change the scenario.

“You asked me if I thought this kind of activity which we’re speaking about today — involving Cambridge Analytica and Facebook — is happening on other platforms or if there’s other applications or if there’s misuse and misselling of personal data. I would say yes,” she said in response to another question from an MEP.

“Even in the political arena there are other political consultancies that are pairing up with data brokers and other data analytics companies. I think there is a lack of transparency for users across many platforms.”

Parakilas, a former Facebook platform operations manager — and the closest stand in for the company in the room — fielded many of the questions from MEPs, including being asked for suggestions for a legislative framework that “wouldn’t put breaks on the development of healthy companies” and also not be unduly burdensome on smaller companies.

He urged EU lawmakers to think about ways to incentivize a commercial ecosystem that works to encourage rather than undermine data protection and privacy, as well as ensuring regulators are properly resourced to enforce the law.

“I think the GDPR is a really important first step,” he added. “What I would say beyond that is there’s going to have to be a lot of thinking that is done about the next generation of technologies — and so while I think GDPR does a admirable job of addressing some of the issues with current technologies the stuff that’s coming is, frankly, when you think about the bad cases is terrifying.

“Things like deepfakes. The ability to create on-demand content that’s completely fabricated but looks real… Things like artificial intelligence which can predict user actions before those actions are actually done. And in fact Facebook is just one company that’s working on this — but the fact that they have a business model where they could potentially sell the ability to influence future actions using these predictions. There’s a lot of thinking that needs to be done about the frameworks for these new technologies. So I would just encourage you to engage as soon as possible on those new technologies.”

Parakilas also discussed fresh revelations related to how Facebook’s platform disseminates user data published by The New York Times at the weekend.

The newspaper’s report details how, until April, Facebook’s API was passing user and friend data to at least 60 device makers without gaining people’s consent — despite a consent decree the company struck with the Federal Trade Commission in 2011, which Parakilas suggested “appears to prohibit that kind of behavior.”

He also pointed out the device maker data-sharing “appears to contradict Facebook’s own testimony to Congress and potentially other testimony and public statements they’ve made” — given the company’s repeat claims, since the Cambridge Analytica scandal broke, that it “locked down” data-sharing on its platform in 2015.

Yet data was still flowing out to multiple device maker partners — apparently without users’ knowledge or consent.

“I think this is a very, very important developing story. And I would encourage everyone in this body to follow it closely,” he said.

Two more LIBE hearings are planned around the Cambridge Analytica scandal — one on June 25 and one on July 2 — with the latter slated to include a Facebook representative.

Mark Zuckerberg himself attended a meeting with the EU parliament’s Council of Presidents on May 22, though the format of the meeting was widely criticized for allowing the Facebook founder to cherry-pick questions he wanted to answer — and dodge those he didn’t.

MEPs pushed for Facebook to follow up with answers to their many outstanding questions — and two sets of Facebook responses have now been published by the EU parliament.

In its follow up responses the company claims, for example, that it does not create shadow profiles on non-users — saying it merely collects information on site visitors in the same way that “any website or app” might.

On the issue of compensation for EU users affected by the Cambridge Analytica scandal — something MEPs also pressed Zuckerberg on — Facebook claims it has not seen evidence that the app developer who harvested people’s data from its platform on behalf of Cambridge Analytica/SCL sold any EU users’ data to the company.

The developer, Dr. Aleksandr Kogan, had been contracted by SCL Elections for U.S.-related election work. Although his apps collected data on Facebook users from all over the world — including some 2.7 million EU citizens.

“We will conduct a forensic audit of Cambridge Analytica, which we hope to complete as soon as we are authorized by the UK’s Information Commissioner,” Facebook also writes on that.

More TechCrunch

After Apple loosened its App Store guidelines to permit game emulators, the retro game emulator Delta — an app 10 years in the making — hit the top of the…

Adobe comes after indie game emulator Delta for copying its logo

Meta is once again taking on its competitors by developing a feature that borrows concepts from others — in this case, BeReal and Snapchat. The company is developing a feature…

Meta’s latest experiment borrows from BeReal’s and Snapchat’s core ideas

Welcome to Startups Weekly! We’ve been drowning in AI news this week, with Google’s I/O setting the pace. And Elon Musk rages against the machine.

Startups Weekly: It’s the dawning of the age of AI — plus,  Musk is raging against the machine

IndieBio’s Bay Area incubator is about to debut its 15th cohort of biotech startups. We took special note of a few, which were making some major, bordering on ludicrous, claims…

IndieBio’s SF incubator lineup is making some wild biotech promises

YouTube TV has announced that its multiview feature for watching four streams at once is now available on Android phones and tablets. The Android launch comes two months after YouTube…

YouTube TV’s ‘multiview’ feature is now available on Android phones and tablets

Featured Article

Two Santa Cruz students uncover security bug that could let millions do their laundry for free

CSC ServiceWorks provides laundry machines to thousands of residential homes and universities, but the company ignored requests to fix a security bug.

10 hours ago
Two Santa Cruz students uncover security bug that could let millions do their laundry for free

OpenAI’s Superalignment team, responsible for developing ways to govern and steer “superintelligent” AI systems, was promised 20% of the company’s compute resources, according to a person from that team. But…

OpenAI created a team to control ‘superintelligent’ AI — then let it wither, source says

TechCrunch Disrupt 2024 is just around the corner, and the buzz is palpable. But what if we told you there’s a chance for you to not just attend, but also…

Harness the TechCrunch Effect: Host a Side Event at Disrupt 2024

Decks are all about telling a compelling story and Goodcarbon does a good job on that front. But there’s important information missing too.

Pitch Deck Teardown: Goodcarbon’s $5.5M seed deck

Slack is making it difficult for its customers if they want the company to stop using its data for model training.

Slack under attack over sneaky AI training policy

A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said…

Healthcare company WebTPA discloses breach affecting 2.5 million people

Featured Article

Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Microsoft won’t be facing antitrust scrutiny in the U.K. over its recent investment into French AI startup Mistral AI.

11 hours ago
Microsoft dodges UK antitrust scrutiny over its Mistral AI stake

Ember has partnered with HSBC in the U.K. so that the bank’s business customers can access Ember’s services from their online accounts.

Embedded finance is still trendy as accounting automation startup Ember partners with HSBC UK

Kudos uses AI to figure out consumer spending habits so it can then provide more personalized financial advice, like maximizing rewards and utilizing credit effectively.

Kudos lands $10M for an AI smart wallet that picks the best credit card for purchases

The EU’s warning comes after Microsoft failed to respond to a legally binding request for information that focused on its generative AI tools.

EU warns Microsoft it could be fined billions over missing GenAI risk info

The prospects for troubled banking-as-a-service startup Synapse have gone from bad to worse this week after a United States Trustee filed an emergency motion on Wednesday.  The trustee is asking…

A US Trustee wants troubled fintech Synapse to be liquidated via Chapter 7 bankruptcy, cites ‘gross mismanagement’

U.K.-based Seraphim Space is spinning up its 13th accelerator program, with nine participating companies working on a range of tech from propulsion to in-space manufacturing and space situational awareness. The…

Seraphim’s latest space accelerator welcomes nine companies

OpenAI has reached a deal with Reddit to use the social news site’s data for training AI models. In a blog post on OpenAI’s press relations site, the company said…

OpenAI inks deal to train AI on Reddit data

X users will now be able to discover posts from new Communities that are trending directly from an Explore tab within the section.

X pushes more users to Communities

For Mark Zuckerberg’s 40th birthday, his wife got him a photoshoot. Zuckerberg gives the camera a sly smile as he sits amid a carefully crafted re-creation of his childhood bedroom.…

Mark Zuckerberg’s makeover: Midlife crisis or carefully crafted rebrand?

Strava announced a slew of features, including AI to weed out leaderboard cheats, a new ‘family’ subscription plan, dark mode and more.

Strava taps AI to weed out leaderboard cheats, unveils ‘family’ plan, dark mode and more

We all fall down sometimes. Astronauts are no exception. You need to be in peak physical condition for space travel, but bulky space suits and lower gravity levels can be…

Astronauts fall over. Robotic limbs can help them back up.

Microsoft will launch its custom Cobalt 100 chips to customers as a public preview at its Build conference next week, TechCrunch has learned. In an analyst briefing ahead of Build,…

Microsoft’s custom Cobalt chips will come to Azure next week

What a wild week for transportation news! It was a smorgasbord of news that seemed to touch every sector and theme in transportation.

Tesla keeps cutting jobs and the feds probe Waymo

Sony Music Group has sent letters to more than 700 tech companies and music streaming services to warn them not to use its music to train AI without explicit permission.…

Sony Music warns tech companies over ‘unauthorized’ use of its content to train AI

Winston Chi, Butter’s founder and CEO, told TechCrunch that “most parties, including our investors and us, are making money” from the exit.

GrubMarket buys Butter to give its food distribution tech an AI boost

The investor lawsuit is related to Bolt securing a $30 million personal loan to Ryan Breslow, which was later defaulted on.

Bolt founder Ryan Breslow wants to settle an investor lawsuit by returning $37 million worth of shares

Meta, the parent company of Facebook, launched an enterprise version of the prominent social network in 2015. It always seemed like a stretch for a company built on a consumer…

With the end of Workplace, it’s fair to wonder if Meta was ever serious about the enterprise

X, formerly Twitter, turned TweetDeck into X Pro and pushed it behind a paywall. But there is a new column-based social media tool in town, and it’s from Instagram Threads.…

Meta Threads is testing pinned columns on the web, similar to the old TweetDeck

As part of 2024’s Accessibility Awareness Day, Google is showing off some updates to Android that should be useful to folks with mobility or vision impairments. Project Gameface allows gamers…

Google expands hands-free and eyes-free interfaces on Android