An Ideas-Based Online Magazine of the Global Network for Advanced Management

Data Privacy: Online Privacy Must Improve

Earlier this year, the Cambridge Analytica scandal brought new scrutiny to the ways in which online companies make use of customer data; a few weeks later, the European Union's General Data Protection Regulation came into effect, creating new requirements for data protection and disclosure. Global Network Perspectives asked experts around the Global Network for Advanced Management how consumers, companies, and governments in their regions are responding.

I, like millions of others, have willingly given up some of my privacy to Facebook to achieve a sense of connection across cultures, time zones and generations. But revelations of the alleged sale and misuse of Facebook data by Cambridge Analytica has left me feeling betrayed.

Having lived in five countries in the past 20 years, friends and colleagues disappeared from my daily life, but our relationships were maintained through our online interactions. Our posts and emoji reactions expressing approval, love, sadness, surprise or anger revealed new layers of our personalities, values and beliefs. Without being in the same room, we built understanding, inspired one another, shared joys and commiserated.

I shared my stories, preferences and images with contacts to build relationships in exchange for targeted advertising that I could choose to ignore.

It seemed a reasonable trade-off to allow Facebook to mine that personal information for the purposes of targeted advertising. I bore the cost of the commercial use of my data for marketing that benefited the seller and me. I laughed when a Facebook ad tried to me sell me a T-shirt, bragging: “I run on feminism, caffeine and social justice.” When companies offer me products or services that I need or like, we both win.

As a professor for social innovation, I support the use of data for non-profit academic research that helps create a better understanding of the society we live in.

Trading faces

But when it was reported that Cambridge Analytica had allegedly used that data in an apparent effort to sway political campaigns, I felt a line had been crossed. By giving third-party apps access to my data, I could have exposed myself and – until 2014, when Facebook updated its data use policy – hundreds of my contacts to the risks of such manipulation.

The revelations prompted an online campaign to delete Facebook and shares of the free content ad network plunged – wiping US$80 billion from its value since the Cambridge Analytica scandal hit.

I considered abandoning my network of 1,000 Facebook contacts. But I didn’t go through with it. While I still value my interaction with my network on Facebook, I have a new sense of responsibility that does not allow me to look the other way.

Facebook’s most valuable asset is the knowledge it accumulates about its 2.13 billion monthly active users. Every emoji, post and friend connection gives the social network more information about a user’s preferences, including shopping choices and political views. That data is then used by advertisers who provide Facebook almost all of its annual revenue, which stood at US$40.7 billion for 2017.

Advertisers pay for that data to target their messages to the right audience segments. Facebook and other ad-stuffed tech companies have faced some scrutiny, particularly from privacy regulators and campaigners about their business practices, but the Cambridge Analytica scandal has brought those concerns to the masses.

It’s worth noting that other industries have been berated over such business practices. Whether it is the pharmaceutical industry’s approach in the early 2000s to marketing AIDs medication in low-income countries, the impact of mining practices on the environment or the contribution of highly processed foods to childhood obesity and diabetes, corporations are under pressure by investors and consumers to account for the impact of their behaviour on society.

Personal data protection

There are companies that offer to help people have more control over their data. claims to secure a user’s “personal data ecosystem”. It promises to put users in control of how and with whom their data is shared, by offering a transparent notification system with informed consent. authenticates a third-party app that seeks access to a user’s data. It requires the user to agree to the specific data request, before that access is permitted. The company – which claims to be fully compliant with the European Union’s incoming GDPR data protection law – says that its system offers the potential for users to create better experiences and services extending beyond social networks to health, wearables and music.

Still, needs to convince users to download the app and connect it to an increasing number of personal data points as well as businesses wanting to develop on its network.

After the Cambridge Analytica scandal broke, browser maker Mozilla released a Firefox extension that promises to limit the extent to which Facebook can track a user’s web activity. The new feature, called Facebook Container, apparently prevents the social network from associating a user’s clicks to external pages to their profile, limiting the information collected about their online habits.

There are plenty of other options that provide better levels of protection of personal data online. The privacy-focused search engine DuckDuckGoover hauled its suite of apps and browser extensions at the start of 2018 in acknowledgement of the fact that more people were seeking to mitigate privacy risks. One feature helps users to block ad networks from tracking them around the web.

While a further degree of privacy is offered by the likes of Firefox, DuckDuckGo and there is no perfect answer to effectively reducing the level of ad targeting and data harvesting throughout the web. Given that there is a growing atmosphere of mistrust, innovation is urgently needed to address the risks related to online data sharing on Facebook, Google and beyond.

IMD Switzerland
Perspectives Topics