Chris Hughes, a co-founder of Facebook, recently noted that the public scrutiny of Facebook is “very much overdue,” declaring that “it’s shocking to me that they didn’t have to answer more of these questions earlier on.” Leaders in the information technology sector, especially in Europe, have been warning of the abuses by Facebook (and other portals) for years.
Critics of Facebook have been making this point for years. Stefano Quintarelli, one of Europe’s top IT experts and a leading advocate for online privacy, has been a persistent and prophetic critic of Facebook’s abuse of its market position and misuse of online personal data. He has long championed a powerful idea: that each of us should retain control of our online profile, which should be readily transferable across portals.
For Quintarelli, Cambridge Analytica’s abuse of data acquired from Facebook was an inevitable consequence of Facebook’s irresponsible business model. Facebook has now acknowledged that Cambridge Analytica is not alone in having exploited personal profiles acquired from Facebook.
In personal communications with me, Quintarelli says that the European Union’s General Data Protection Regulation, which takes effect on May 25, “can serve as guidance in some aspects.” Under the GDPR, he notes, “non-compliant organizations can face heavy fines, up to 4 percent of their revenues. Had the GDPR already been in place, Facebook, in order to avoid such fines, would have had to notify the authorities of the data leak as soon as the company became aware of it, well in advance of the last US election.”
Quintarelli emphasizes, “Effective competition is a powerful tool to increase and defend biodiversity in the digital space.” And here, the GDPR should help, because it “introduces the concept of profile portability, whereby a user can move her profile from one service provider to another, like we do when porting our telephone profile -- the cellphone number -- from one operator to another.”
But “this form of ownership of one’s own profile data,” Quintarelli continues, “is certainly not enough.” Just as important is “interconnection: the operator to which we port our profile should be interconnected to the source operator so that we don’t lose contact with our online friends. This is possible today thanks to technologies like IPFS and Solid, developed by the web inventor Tim Berners-Lee.”
Sarah Spiekermann, a professor at the Vienna University of Economics and Business and chair of its Institute for Management Information Systems, is another pioneer of online privacy. Spiekermann, a global authority on the trafficking of our online identities for purposes of targeted advertising, political propaganda, public and private surveillance, or other nefarious purposes, emphasizes the need to crack down on “personal data markets.”
“Ever since the World Economic Forum started to discuss personal data as a new asset class in 2011,” she told me, “personal data markets have thrived on the idea that personal data might be the ‘new oil’ of the digital economy as well as -- so it seems -- of politics.” As a result, “more than a thousand companies are now involved in a digital information value chain that harvests data from any online activity and delivers targeted content to online or mobile users within roughly 36 seconds of their entry into the digital realm.”
While Spiekermann thinks “personal data markets and the use of the data within them should be forbidden in their current form,” she thinks the GDPR “is a good motivator for companies around the world to question their personal data sharing practices.”
Facebook’s immense lobbying power has so far mostly fended off the practical ideas of Quintarelli, Spiekermann and their fellow campaigners. The recent scandal, however, has opened the public’s eyes to the threat that inaction poses to democracy itself.
The EU has taken the lead in responding, thanks to its new privacy standards and proposed greater taxation of Facebook and other peddlers of online personal data. Yet more is needed and feasible. Quintarelli, Spiekermann, and their fellow champions of online ethics offer us a practical path to an internet that is transparent, fair, democratic and respectful of personal rights.
Jeffrey D. Sachs
Jeffrey D. Sachs, a professor at Columbia University, is director of Columbia’s Center for Sustainable Development and the UN Sustainable Development Solutions Network. -- Ed.