In this article first published in AMSRS Research News, Kerry Sunderland looks at the potential impact on market and social research companies and how Fair Data is part of the solution in the wake of the recent Cambridge Analytica/Facebook and Google personal data harvesting scandals.
Revelations that Cambridge Analytica misused Facebook members’ personal data and more recent allegations from fellow tech giant Oracle that Google has been extracting Android mobile users’ data at the customers’ expense are just the tip of a massive iceberg, according to digital futurist Chris Riddell, who will be delivering a keynote at this year’s AMSRS Conference.
‘These recent high profile data protection scandals represent the biggest crisis Silicon Valley tech companies have ever faced and it’s not going to go away anytime soon,’ Riddell says. After it emerged that Cambridge Analytica had harvested personal data from approximately 310,000 Australian Facebook accounts, the Office of the Australian Information Commissioner (OAIC) launched a formal investigation into the behemoth. The formal investigation was, according to acting Privacy Commissioner Angelene Falk, a “timely reminder to all organisations of the value of good privacy practice to Australians.”
Meanwhile, the Australian Competition and Consumer Commission (ACCC) has confirmed it will investigate reports Google harvests huge amounts of data from Android phones after the software company Oracle contacted the regulator.
‘The ACCC met with Oracle and is considering information it has provided about Google services,” ACCC chairman Rod Sims told The Guardian. ‘We are exploring how much consumers know about the use of location data and are working closely with the privacy commissioner.’
Google immediately denied the allegations but Riddell believes the theory is credible.
‘The majority of tech companies have been harvesting our information for years, some more legitimately than others. This is massive. It will be the most defining topic of 2018 for business. Companies will die if they get this wrong.’
Both cases follow numerous other breaches, stories, articles, policies, campaigns, programmes and reports that have steadily eroded over the past decade the public’s trust in the way corporations and governments manage personal data. What makes these recent scandals more volatile is that tech industry insiders are beginning to speak out, both to expose misdeeds and to corroborate them. Oracle may appear to have a vested interest as a competitor but it’s not as simple as that.
‘The lines have blurred,’ explains Riddell. ‘Competitors can also be partners and customers these days.’
When asked whether he agreed this was the biggest crisis yet for Silicon Valley, former Facebook CEO for Australia and New Zealand Stephen Scheeler said, ‘On the one hand, I’d agree. These stories are of greater scale and have been subject to more scrutiny by both the public and regulators. But Facebook and Google have probably had bigger, more existential crises in the past. I think it’s a good thing [that we’re focusing on these breaches]. It reflects a new consciousness about people’s rights.’
While there has been some debate about whether, beyond Facebook investors, tech commentators and Twitterati, the general public care very much, there is evidence to suggest they do.
The mainstream media has seized upon the recent scandals, amplifying the claims levelled against its apparent competitors, but the general public has also played a role.
‘There’s been a huge wave of people sharing the stories online,’ Riddell says.
The UK’s Market Research Society CEO Jane Frost agrees that privacy is important to consumers. ‘Our research continues to show a very low level of trust with handling of data. Trustworthy use of data is the number one priority for consumers.’
MRS UK published a significant report this year titled How technology impacts consumer trust following on from its 2015 report, Private lives? Putting the consumer at the heart of the privacy debate.
The most recent report concluded that security of personal data was the largest single driver of trust. Respondents placed this at number one in six of seven sectors. This shows that the impact of news stories into data breaches, or their personal experience of it, affects with whom they choose to do business. The report has also attracted media attention, with the headline,
‘[Facebook founder Mark] Zuckerberg you’re wrong, kids are worried about their privacy’.
What’s more, the report found, young people punish sloppy data handling the most. While he believes it’s a discussion that’s needed, Scheeler argues we’re probably not quite ready. He believes more education is required.
‘A couple of hundred years ago, capitalism was still in its infancy. There was a very different concept of property rights then compared to now. If you asked people how they would respond if someone walked into your house and stole your toaster, 100 per cent would say it’s a crime. If you were asked about a speed camera taking your photo, it’s unclear who owns the data. You wouldn’t get the same consensus about personal data.’
Where the impact will be felt
According to a study from tech research firm Techpinions, nine per cent of American Facebook users reportedly deleted their accounts in the first few weeks after the Cambridge Analytica story broke. Across the Atlantic, five per cent of Brits reportedly left Facebook immediately with a further six per cent saying they intended to delete their accounts.
However, Frost says that while consumers say privacy is one of their biggest priorities, the Cambridge Analytica scandal appears to have had less influence on usage than originally thought. It has, however, driven down share prices and will continue to have an impact on regulators, opinion formers and budget holders.
Riddell predicted that, following in the footsteps of Cambridge Analytica, there would be other companies closing down by the end of this year.
‘Although it’s unlikely to be the major players like Google and Facebook, second tier companies who are in the business of buying and using personal data and who have been misbehaving will not exist at the end of the year. ‘Businesses should not misunderstand how critical this is to get right. This behaviour dates back years, not just the last six to 12 months. We are entering a new era, when long complicated fine print doesn’t cut it anymore.
‘By God, be transparent and go above and beyond in showing your customers what you do with the data. You can’t default to T&Cs. You can’t just give customers the option in settings. Show them what you are doing with use.’
Frost agrees, saying that when it comes to privacy terms and conditions, most companies are still writing the equivalent of Shakespeare’s Hamlet.
‘It’s obvious that consumers cannot be expected to read Hamlet every time they want to use a digital service. Take for example, the terms and conditions on Ancestry.com. You have to be a lawyer to work out that your DNA can be used in perpetuity.’
Where Fair Data fits in
‘Anyone interacting with a customer day-to-day has to think about the fact that it’s not their data, it belongs to the customer,’ says Frost. ‘Technology has potential to make criminals of us all. Getting our own house in order is critical – we’re pre-emptively doing the right thing.’
Fair Data is an attempt to do just this. Launched in the United Kingdom in 2013, it has now been adopted in the Netherlands, Singapore and, most recently, Australia. Australian Market and Social Research Society President Vicki Arbes explains: ‘Companies that achieve accreditation can display the Fair Data mark to signal to the public best practice handling, usage and storage of customer information. Fair Data is an international standard that for the first time establishes a public facing mark to reassure consumers that the research is carried out honestly, objectively and with respect for the participant.’
Would the Cambridge Analytica scandal have happened if Facebook had been Fair Data accredited? Absolutely not, says Arbes.
The local launch of the Fair Data consumer ‘mark’ in February was deliberately timed to coincide with new changes to Australian privacy legislation. It proved to be even more fortuitous timing when only a few weeks later the Cambridge Analytica scandal was reported.
After the revelations gave rise to the hashtag #deleteFacebook, Zuckerberg published full-page apologies in American newspapers and was called to appear at a joint hearing in the United States of the Senate Judiciary and Commerce committees.
Riddell says Zuckerberg’s appearance in front of the US Congress demonstrates that self-regulation alone doesn’t work. ‘It’s a wake up call for governments – their relevance is being challenged. Some of the questions senators asked Zuckerberg prove how out of touch they are in understanding how technology is changing. There’s a massive gap in understanding. Regulation is needed. Companies need to know they’re going to be penalised.’
Scheeler also believes the regulators – and industry bodies – have a role. ‘It’s unchartered business and ethical territory and it shouldn’t be left to Facebook, Google or Amazon. It’s unrealistic to expect them to have all the right answers, although every company has a responsibility to comply with all relevant legislation, privacy included.’
Fair Data puts in place safeguards that exceed legislative requirements. Both Riddell and Scheeler agreed that Fair Data could be part of the solution.
Those working in the market and social industry know there is a discernible difference between consciously completing a finite questionnaire and having your messages and calls tracked sans permission, but do consumers? Riddell is unsure they do, but he can see the benefit of being Fair Data accredited.
‘If you are a business that wants to go over and above [the legislative requirements] here is your time and here is the moment when you will be in demand. This is what customers want. Ultimately this is the way industry needs to go.’
AMSRS has backed the Fair Data accreditation to demonstrate its members’ commitment to safeguarding privacy and protecting data. Fair Data accredited companies agree to 10 principles, which are audited by a third party certification body annually. All Australian suppliers and clients are eligible to apply, not just AMSRS members.
‘The Fair Data accreditation quickly demonstrates that companies you deal with can be trusted to use personal data fairly,’ adds Arbes. ‘It means you don’t have to read dull and lengthy T&Cs to find out if you’re protected.’
Accreditation, however, does take time – so companies are encouraged to apply for accreditation sooner rather than later. Frost points out that many tech giants were scrambling to comply at the last minute with the European Union’s new General Data Protection Regulation (GDPR), before it took effect on 25 May – despite the two-year transition period.
‘It’s astounding how many companies were not GDPR accredited only a couple of weeks before it came into effect.’
Frost said that when it comes to Fair Data, many companies think they’re meeting the requirements but they discover otherwise when they do the first walk through. ‘For example, it’s amazing how many people still do not use BCC and CC all.’
Kerry Sunderland, Freelance Writer
Note: Research News spoke with Chris Riddell after he’d finished an interview on ABC Radio, just after the Google story broke. Later that day, and he appeared on Channel 10’s The Project. Listen to/watch these interviews at
www.chrisriddell.com
Sources:
http://www.dailymail.co.uk/sciencetech/article-5609425/New-study-shows-1-10-Americans-deleted-Facebook-accounts.html#ixzz5D5C2qoRP
https://www.campaignlive.co.uk/article/one-20-brits-delete-facebook-accounts-cambridge-analytica-scandal/1460836#AWmpTVxcfT44I14M.99 
