The Great Hack

It would appear that the furore over Facebook / Cambridge Analytica and manipulation of elections hasn’t died down that much. I recently watched a documentary on Netflix called The Great Hack, and I’d recommend that you do too, if you can.

The programme provided a lot of the backstory to who was involved, how and when, as told by some of the people who were there. This included:

  • Brittany Kaiser was the Director for Business Development at Cambridge Analytica, and had previously worked on Barack Obama’s presidential campaigns.  She comes across as very naive at times, though towards the end of the show it becomes obvious that the penny drops and the seriousness of the situation is made apparent;
  • David Caroll, a professor who not unreasonably asked for a copy of all data that Cambridge Analytica held on him.  If not for him, the whole situation might not have escalated as it did;
  • Julian Whitehead, the former CFO at Cambridge Analytica. I was concerned at how little he seemed bothered by the morality of what was carried out by his company; and
  • Carole Cadwalladr is an investigative journalist at The Guardian and Observer newspapers in the UK.  She did a lot of the digging and legwork, trying to find people who would and could talk to her about things that had gone on.  Carole was the reporter who broke the news, and who continued to find and release fresh information as time went on.

Perhaps the most shocking aspect of the programme was the revelation that Cambridge Analytica had been involved in some way in elections around the world since the mid-2000s.  There was an expose of how their work influenced the elections in Trinidad and Tobago which showed how manipulative Facebook posts could be, as well as discussions of how the same techniques were used both for the Brexit campaign and for Trump’s election in 2016.

It was notable that Alexander Nix, the former head of Cambridge Analytica, declined to be interviewed, and also that Julian Assange / Wikileaks should be a part of the story. I didn’t know until I watched this that Steve Bannon, erstwhile Strategist at the White House under Donald Trump and former executive chairman of Breitbart news was a cofounder of Cambridge Analytica, or that Nigel Farage was closely linked with him.

It’s worth checking out Carole Cadwalladr’s TED talk in Silicon Valley, where she asks the heads of the big tech companies whether they are happy with the world they are creating. She suggests that it is now impossible to have a free and fair election because of abuse of their technologies.

She illustrated this ably by talking to people in South Wales to ask why they voted for Brexit: many had said they worried about immigration (she also spoke to someone who thought they were the only immigrants in the area), while others said the EU had done nothing for them yet they were surrounded by construction and facilities paid for by well advertised EU funding.

I’ve mentioned the perils of taking part in online quizzes and personality profiles “for fun” on Facebook. This documentary provides the evidence of how that information can be harvested and used to target specific people – never mind groups – who are deemed to be persuadable and who can swing an election result one way or another.


Changes to Data Protection laws

I’m sure that many of you will have heard of the Data Protection Act (DPA) which is used to help protect an individual’s personal data. You’ll also probably have heard mutterings about GDPR and Brexit, how one is affected by the other, but you may not be too clear what this means in terms if the DPA. I’m going to try to explain it for you here. I apologise in advance because there will be more acronyms than I normally use, but hopefully you’ll see why!

First, let’s start with DPA. This law sets out 8 Principles which dictate how personal data must be treated, and what people can do with that data if they’ve been given permission to use it. A company must tell you how it’s going to handle your data and what it will use it for, and if it wants to change that use it must request your permission: this is all usually held in their Terms and Conditions, which is why you should always read them. The principles are summarised below.

The regulator i.e. the organisation you go to if there’s been a breach is the Information Commissioner’s Office, or ICO.

The General Data Protection Regulation (GDPR) is an EU regulation which sets out the minimum requirements for Data Protection in the EU, and is a bit more stringent than the DPA. The UK has been heavily involved in its development, and it will come into force on 28th May 2018. As an EU Regulation it immediately becomes law in every member country the day it comes out, and every member state will have to comply from that date.

How does this affect Brexit? Well, that will take up to 2 years to implement following invocation of Article 50. That means Brexit is highly unlikely to have occurred by 28th May 2018, which means that GDPR will become a legal requirement in the UK on that date, so companies will have to comply with it. Whatever happens once the UK leaves the EU, it stand as to reason that UK companies wishing to do business with the EU will have to continue to comply, and I’d suggest therefore that the UK will not implement anything weaker than GDPR as a replacement for the DPA.

For further advice and guidance, go to the ICO website and check out these 12 Steps to GDPR which you should be following right now.