woman using Facebook's messenger app on her phone
Editorial

Privacy Scandals Don't Harm Profit: The Case for Regulation

5 minute read
Brian Krupp avatar
If scandals which appear to damage a company's reputation don't affect its bottom line, what incentive do companies have to change their behavior?

The past two years have been quite tumultuous for Facebook. While it has been under a consent decree from the FTC since 2011 which required the company to receive permission from users to share data with third-party applications, public opinion and political pressure increased following the 2018 Cambridge Analytica scandal.

As recently as last week, it was discovered that Facebook was enrolling teens in a "research study" to harvest their data through "Project Atlas." Facebook used a VPN solution to capture data being sent from the participant's mobile device to gain insights into their behavior and usage. While this recent finding should be alarming — where teenagers were targeted without a parent's consent — consider the data that is gathered each day through use of the platform without consent.

Related Article: 2018 in Review: A Year of Technology Reckonings

Data Privacy Scandal With No Real Consequence

While recent scandals and continued misuse of user's data is gaining nationwide attention, Facebook's revenue, profits and subscribers continue to rise. If these scandals, which appear to be so damaging to the company's reputation, don't affect the bottom line, what incentive does Facebook have to change its behavior? Facebook's ad campaign after the Cambridge Analytica Scandal seemed to suggest that it was focusing more on privacy and making Facebook the tool it set out to be: a platform to connect people. However, it is evident these efforts are either hollow or have not yet had an impact within the company.

How do we ensure that Facebook and other companies that track users do not continue to misuse data? While some speculate that Facebook could face a record fine from the FTC, consider that the highest fine the FTC has issued was $22.5 million to Google. This may seem like a large sum, but compared to Facebook's recent quarterly profit of $6.9 billion, a fine like this only accounts for 0.32 percent of its profit.

Under the General Data Protection Regulation (GDPR) in the European Union, Facebook could be fined up to 4 percent of global revenue (not profit). Based on Facebook's recent quarterly earnings, this could amount to approximately $676 million dollars or approximately 10 percent of the profit. This is a substantial increase and potentially one that could prioritize privacy and data protection for users of the Facebook platform.

To be fair, Facebook is not alone. Popular mobile applications such as "The Weather Channel," "LinkedIn" and others have been found to misuse personal data. To see how this data can be used, think about the last time you searched for a restaurant, library or other location on Google. It often provides hours that the place is most busy and on average how much time people spend at that location. Where does Google get this information from? Whom does it share this data with? While applications are required to provide a message why they need access to your location or contacts, they do not have to be truthful. They often do not describe the entirety of how they use your data and with whom they share the data.

Users don't pay or pay very little for services provided by Google, Facebook or other offenders of personal data. However, while we don't pay for these services with our wallets, we are more likely paying them with our personal data.

Learning Opportunities

Related Article: Facebook: A Case Study in Ethics

How Users Can Protect Their Personal Data

While a substantial regulation comparable to the GDPR doesn't appear to be in the near future for the United States, users can do three simple things to help protect themselves and keep their information private. One is to use a different search engine such as DuckDuckGo. I have been using this search engine for the past two years and find that it is just as good as Google. It claims to not track users and only uses the search that a user enters to serve advertisements. The company also advocates for privacy and provide guides to help users protect their devices.

Given how often we use our mobile devices, it is also important to continually review app permissions. In iOS, you can do this under Settings —> Privacy where you can then review access to permissions such as Location, Photos and Contacts. Similarly, in Android you can do this by accessing Settings —> Apps —> App Permissions. As you review these permissions, you should ask yourself if an application truly needs access to a particular permission. If you can't justify the need, disable access.

Finally, you can install an ad blocker such as Ghostery or use Firefox which has a built-in ad blocker. While ads serve as a revenue stream for websites, they can also be used to track individual users. These simple steps are a good start towards protecting personal data, and there is more that you can do. As consumers become more aware of how applications and platforms use their data, hopefully increased public pressure will bring more accountability to organizations like Facebook.

About the author

Brian Krupp

Brian Krupp is an Assistant Professor of Computer Science at Baldwin Wallace University. His research interests are primarily in mobile security and privacy where he currently leads the Mobile Privacy and Security (MOPS) research group.