A Case for User Data Regulation?

Carole Cadwalladr published a really fascinating piece on disinformation, propaganda, and it’s influence on the Brexit referendum.  An excerpt I found particularly interesting:

Paul and David, another ex-Cambridge Analytica employee, were working at the firm when it introduced mass data-harvesting to its psychological warfare techniques. “It brought psychology, propaganda and technology together in this powerful new way,” David tells me.

And it was Facebook that made it possible. It was from Facebook that Cambridge Analytica obtained its vast dataset in the first place. Earlier, psychologists at Cambridge University harvested Facebook data (legally) for research purposes and published pioneering peer-reviewed work about determining personality traits, political partisanship, sexuality and much more from people’s Facebook “likes”. And SCL/Cambridge Analytica contracted a scientist at the university, Dr Aleksandr Kogan, to harvest new Facebook data. And he did so by paying people to take a personality quiz which also allowed not just their own Facebook profiles to be harvested, but also those of their friends – a process then allowed by the social network.

Facebook was the source of the psychological insights that enabled Cambridge Analytica to target individuals. It was also the mechanism that enabled them to be delivered on a large scale.

There is no one, true Federal policy or law in the United States regulating how companies collect, store, and distribute user data.  There are a handful of regulations that guide the storage and distribution of medical and financial data.  When it comes to the data Facebook, Google, Amazon, and other tech companies collects on their users, it essentially comes down to best practices.  Congress recently prevented the FCC from enforcing privacy regulation that was close to going into effect.  This regulation would have prevented ISP (internet service providers) from selling your user information without consent.

As an observer and participant, I’m sure its a matter of when, not if, with regard to regulation of the tech industry and its handling of user data.  As a software engineer in the tech industry, how user data is collected and protected (from external parties and internal employees) essentially comes down to the culture established by that organization. Some organizations, like Uber, don’t seem to do a good job at this.  As more of our data is, whether voluntarily or involuntarily, is collected and stored in the cloud, it will be a target for hackers and enterprising individuals / organizations looking to exploit that data.  Revelations, like the ones present in the quoted article, reports of companies being hacked, and the exposure of internal user data scandals will increase the desire for some sort of regulation.

Read more at The great British Brexit robbery: how our democracy was hijacked.