Well folks, early last week, there was yet another development in the Facebook / Cambridge Analytica scandal. And, I don’t want to sound like I’m beating a dead horse, but it seems this particular horse is actually alive and kicking more than a month after the initial news went public. In this case, the news is so pertinent to our business that I couldn’t resist chiming in…
Sunday, April 22, on venerable CBS news magazine show, 60 Minutes, Aleksandr Kogan, the developer whose Global Science Research company surreptitiously mined the personal data of more than 87 million Facebook users in 2014, finally told his side of the story. Besides making for some riveting TV, Kogan’s appearance might have been an effort to shore up his own public image ahead of his testimony before the U.K. Parliament’s Digital, Culture, Media and Sports Committee two days later.
During an interview for a story from 60 Minutes’ Lesley Stahl, Kogan furthered the increasingly “he-said-he-said” tone of the ongoing PR battle between Facebook CEO Mark Zuckerberg and his detractors. The developer stated that, “…at the time, I thought that we were doing everything that was correct…I was acting, honestly, quite naively.” He underscored this point by saying that if he’d had “any inkling that what we were going to do was going to destroy my relationship with Facebook, I wouldn’t have done it…This was the blindness we had back then.”
Kogan also cited perceived public apathy as reasoning for the wanton data harvesting practices that he claims were quite prevalent in 2014, saying, “The belief in Silicon Valley and certainly our belief… was that the general public must be aware that their data is being sold and shared and used to advertise to them, and nobody cares.”
This statement was particularly striking to me. Having worked in the Silicon Valley tech industry for many years, I can’t deny that there is truth to what Kogan said, and it certainly seems like certain practices like this have begun to fall out of favor lately. But, what Kogan’s remarks really made me think of was the dichotomy we’re seeing on this issue around the globe. With seemingly endless data breaches crowding the news cycle, and new data privacy regulations like the European Union General Data Protection Regulation (GDPR) coming on line, there is a growing regional divide on the subject of regulating consumer privacy.
On one hand, in Europe – even beyond notoriously suspicious populations such as Germany’s – there is a widely held belief that privacy is a basic human right. In fact, this is essentially what drove the creation of the continent-spanning GDPR in the first place: an attempt to give EU residents more visibility and control of the personal information collected from them by organizations.
Then, there’s the U.S.A., where, consumer trust is waning rapidly, thanks to massive data breaches, “fake news” and an extremely contentious political climate. Still, to date, Congress and federal watchdog agencies such as the FTC and the FCC have been reluctant or unable to roll out comprehensive data protection legislation that is enforceable at the federal level. Instead, the agencies issue “guidelines” and “recommendations” for data practices, primarily leaving “enforcement” to the civil and criminal court systems of individual states on a case-by-case basis.
Of course, much of this has to do with America’s historical penchant for laissez faire commerce regulations. But now, with Facebook’s recent slide merely the latest in a slew of massive corporate transgressions, the tide of public opinion seems to finally be turning. In fact, we’re seeing it play out writ large in this very case.
Considering the new rights being afforded to folks in the EU under GDPR, how long will U.S. consumers put up with being treated as second-class citizens when it comes to their online privacy?
For context, think about a few landmark U.S. regulations and their trigger points:
- The burning of the horribly polluted Cuyahoga River in Ohio in 1969 was a clarion call that spurred President Nixon to establish the Environmental Protection Agency just one year later.
- Decades of technological stagnation in the telecom industry finally came to a head when the U.S. Justice Department filed an antitrust lawsuit against AT&T in the mid-1970s to attempt to release the company’s nationwide stranglehold on local telephone service, leading to the breakup of the much maligned “Ma Bell” system, (and the return of competition to the industry.)
- The 2007-2008 global financial crisis — stoked by greedy and unethical investment and loan practices of “too-big-to-fail” banks — gave lawmakers the motivation needed to propose and pass the Dodd-Frank Wall Street Reform and Consumer Protection Act.
Are we looking at a trigger event such as these with Facebook’s latest alleged breach of trust? If not, what could that event possibly look like? Will a large U.S. company need to take an unsurvivable fall under GDPR, as an example to other American businesses and government officials that Brussels isn’t bluffing? Will a partisan shift in U.S. politics enable Congress to finally take a stand on this issue and pass overarching legislation to address it?
Or, (and this is my favorite scenario) will companies begin to recognize that more transparent and privacy-friendly data practices actually make solid business sense? Will more companies see responsible collection and usage of consumer data as a way to improve their organizations from top to bottom by fostering better long-term customers relationships? If so, it could make it easier to push stronger data privacy laws through the legislative branch, as corporate lobbyists back off of intransigent, “regulations kill jobs” mantras, and instead angle to be portrayed as captains of industry who are on the right side of history.
Turning back to Facebook, Cambridge Analytica and Global Science Research, Mark Zuckerberg publicly acknowledged and apologized for the problems inherent with his company prior to 2015 during his testimony before the U.S. Senate. Kogan himself echoed Zuckerberg’s conciliatory tone on 60 minutes, confessing, “I think that core idea that we had that ‘everybody knows and nobody cares’ was fundamentally flawed, and so, if that idea is wrong, then what we did was not right, and not wise, and for that I’m sincerely sorry.”
Facebook has indeed put more stringent policies in place in the meantime. Yet, as former platform operations manager at Facebook Sandy Parakilas pointed out during the 60 Minutes segment, “You’ve got a company that has repeatedly had privacy scandals. You know, if your partner is cheating on you and they cheated on you fifteen times, and apologized fifteen times, at some point you have to say ‘enough is enough.’”
Are we, as American citizens, ready to say “enough?”
My opinion is that, no matter the outcome of this or any other public breach of privacy, the next wave of innovation in our data-driven world must be measured, mature, and, most importantly, respectful of our privacy as individuals. As humans, we need trust in our relationships, both with each other and with those we do business with.
I believe that’s why successful business leaders now and in the future will put their money where their mouth is and truly put their customers first. This means offering value not only in the form of goods and services, but also in the form of transparency in transacting with customers, and a commitment to giving those customers control of their online experiences.
To learn more about what a mature digital business roadmap looks like in the age of GDPR, and how to turn consumer privacy into a definitive market advantage, join an upcoming webinar on May 8, 2018, featuring Martin Kuppinger, founder and principal analyst of European research firm KuppingerCole.
By Jason Rose