OAIC to probe Cambridge Analytica
Australian Information and Privacy Commissioner Timothy Pilgrim is making inquiries as to whether any Australians’ private information has been acquired by Cambridge Analytica, the company accused of using shadily harvested Facebook profile data to help US President Donald Trump win the 2016 election.
A whistleblower has produced credible evidence that Cambridge Analytica acquired profile data from 50 million US citizens and used the insights gleamed from the information to help the Trump campaign target swing voters during the election.
Cambridge Analytica was also involved in the Brexit campaign in the UK but has so far denied using Facebook user data for this purpose.
The data was harvested by Global Science Research (a company founded by Cambridge University researcher Aleksandr Kogan) and then sold to SCL Elections, the creator and initial operator of Cambridge Analytica.
According to reports, Kogan harvested the information by paying thousands of Facebook users to take a personality test and agreeing to have their data collected for academic use. But the app used to administer this test also harvested data from users’ friends lists without permission.
This is in contravention of Facebook’s terms of service, which only allow the use of data collection on friends to improve an app’s user experience and bars the reselling of such information. It could also be a violation of various jurisdictions’ privacy laws.
Pilgrim said he will consider Facebook’s response before determining whether any further regulatory action is required. Australia’s Privacy Act confers powers on the Office of the Information Commissioner to investigate an alleged privacy breach, as well as enforcement actions ranging from requiring an enforceable undertaking to applying to the court for a civil penalty.
Meanwhile Facebook has announced it has hired digital forensics company Stroz Friedberg to conduct a comprehensive audit of Cambridge Analytica.
But the company subsequently revealed that Stroz Friedberg’s auditors stood down yesterday at the request of the UK Information Commissioner’s Office, which is seeking a warrant to conduct its own on-site investigations.
Facebook has admitted it first learned of the misused data in 2015, and in August 2016 had requested Cambridge Analytica verify that it has deleted the data. But while the company said it had been assured that the data had been deleted, it took no steps to verify this.
Facebook has meanwhile suspended both SCL and Cambridge Analytica from the social network and reaffirmed its commitment to conduct robust reviews of apps created to ask for certain information from its subscribers.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.