Facebook says “sorry” for leaking 50 million users’ personal data

Facebook boss Mark Zuckerberg has taken out a full-page advert in several US and UK newspapers to apologize for his organization’s privacy leak. Well, sort of.

After saying that Facebook should have done more to stop third-party apps misusing personal data, he deflected the blame onto the manufacturers of those apps.

In case you’ve somehow missed the story, a whistleblower revealed that Facebook turned a blind eye as data analytics company Cambridge Analytica harvested 50 million users’ profiles from a personality quiz app to help Donald Trump’s election team predict and influence people’s choices at the ballot box.

Is sorry good enough?

Zuckerberg’s apology ran in the New York Times, Washington Post, Wall Street Journal, and several UK newspapers on Sunday, March 25, 2018, more than a week after the scandal broke and amid mounting criticism of the Facebook chief’s silence. It should have been a chance to clarify a public statement he made on March 20, which offered no apology but instead assured users that Facebook updated its policies to prevent third parties from accessing personal data without people’s consent years ago, and accused Aleksandr Kogan, who created the app used by Cambridge Analytica, of breaching those policies.

The message echoed the words of Facebook’s vice president, Paul Grewal, who said in a statement: “Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules.”

However, many journalists – such as those at The Ringer – were quick to point out that it’s not as though Kogan hacked Facebook. He’d simply exploited lax security policies, which are Facebook’s prerogative to uphold.

At first glance, Zuckerberg’s newspaper advert takes on a more contrite tone, leading – in large font – with: “We have a responsibility to protect your information. If we can’t, we don’t deserve it.”

However, the rest of his missive again blames apps such as Kogan’s. Although Zuckerberg admitted that Facebook was responsible for “a breach of trust,” he refused to take responsibility for a breach of personal data.

As cybersecurity expert Graham Cluley wrote a few days after the scandal broke (although apparently in reference to another data breach), “[i]f it’s data that your customers gave you that’s breached, it’s your responsibility […]. So, stop trying to shift the blame.

“You trusted them with, for instance, your customers’ personal information. Your customers trusted you to treat their data with the utmost care.”

Zuckerberg continues: “[Facebook is] investigating every single app that had access to large amounts of data before we fixed this. We expect there are others. And when we find them, we will ban them and tell everyone affected.”

Facebook has been continually embroiled in scandals over the past half-decade – from its psychological experiments to its failure to prevent Russian operatives using its platform for election meddling – suggesting that it is generally a bad guardian of our personal data. Despite this, the social media giant is continually given excessive and unwarranted trust.

What next for Facebook?

The furor surrounding this scandal has been predictably short lived. The social media giant’s stock prices are slowly recovering, and relatively few people followed through with calls to “#deletefacebook.”

As The Ringer notes, many people rely on Facebook to communicate with one another. The article cites Vox’s suggestion that Mark Zuckerberg “fixes” Facebook by destroying it, but says it’s simply not possible.

“It’s an appealing, if fanciful, thought experiment, but in reality, Zuckerberg pulling a Jerry Maguire would leave vulnerable people in the lurch. Facebook is, in many places, a practical synecdoche for the entire internet,” says The Ringer.

Facebook’s stranglehold on social media means many users feel obliged to stick with the platform, even if they don’t want to. For most people, the organization’s apology has fulfilled the ritualistic razzle dazzle that the public demands following corporate transgressions.

But Facebook isn’t entirely in the clear. The organization is being investigated by New York and Massachusetts attorneys general, and it will have to continue preparing for the EU General Data Protection Regulation (GDPR), the new law designed to enhance EU residents’ rights concerning their personal data. The GDPR introduces strict rules for protecting data and gives supervisory authorities the power to impose strict penalties for non-compliance, including fines of up to €20 million (about $25 million) or 4% of annual global turnover, whichever is greater.

Although the GDPR is an EU regulation, it applies to any organization in the world that collects EU residents’ personal data. This includes many organizations in the US, and if your organization is one of them, you should take the necessary steps to compliance.

Find out more about the GDPR and how you can comply >>