Lobbying on the up as Silicon Valley feels the regulatory squeeze

The internet giants have started filing their lobbying reports with the Center for Responsive Politics with records being shattered all over the place.

Each quarter US companies are legally required to disclose to Congress how much has been spend on political lobbying. Although the figures we are about to discuss are only for the US market, international players will certainly spend substantially more, it gives a good idea of the pressure which the internet players are facing. Governments are attempting to exert more control and Silicon Valley doesn’t like it.

Looking at the filings, having spent $4.9 million in the final three months, Google managed to total $21.2 million across the whole of 2018, a new high for the firm. This compares to $18.3 million spent across 2017.

Facebook is another which saw its lobby bill increase. In its latest filing, Facebook reported just over $3 million for Q4, and totalled almost $13 million across the year. In the Facebook case it should hardly be surprising to see a massive leap considering the scale and the depth of the Cambridge Analytica scandal which it has not been able to shake off.

More filings will be due over the next couple of days, the deadline for the fourth quarter period was January 22, though the database search tool is awful. What is worth noting is this is set to be the biggest year for internet lobby spend, however it is still nothing compared to the vast swathes which are spend elsewhere.

Lobby tableIn total, the internet industry might have spent a whopping $68.7 million on lobbying Washington over 2017 (2018 data is still not complete), but that is nothing compared to more mature industries. The Oil and Gas segment spent $126 million, while Insurance pumped $162 million into the lobbyists pockets, but the winner by a long was the pharmaceutical industry spending an eye-watering $279 million on lobbyists across the year (see image for full list).

As you can see, the ceiling has been set very high for lobbying and it will almost certainly increase over the next couple of years. All around the world governments and regulators are attempting to exert more control over the internet industry, and while the lobbying process isn’t necessarily attempting to block these new rules, the aim will be to get the best deal possible.

In comparison to other industries, the internet specifically and technology on the whole is relatively new. You have to take into account the internet as a mass market tool is only in its teen years and is demonstrating the same rebellious tendencies as young adults do. New ideas are being explored and boundaries are being pushed; with some breakthroughs rules do not exist, while the emergence of new business models means companies fall into the grey areas of regulation. The internet has been operating relatively untethered over the last few years, though this is changing.

2018 was a year where it all started to hit home. Countless data breaches demonstrated the digital world is one where security has not been nailed, while data privacy scandals have shown how dated some regulations are. It doesn’t help that Silicon Valley seems to operate behind a curtain which only the privileged few are allowed to peak behind, but even if this barrier was thrown open, only a small percentage of the world would actually understand what was going on or how to regulate it effectively.

GDPR was a step in the right direction in handing control of personal information back to the user, but this only applies to European citizens. Other countries, such as India, are learning from these regulations with the ambition of creating their own, but it is still very early days. The rules and regulations of the digital economy are being shaped and the internet giants will certainly want to influence proceedings to ensure they can still continue to hoover up profits in the manner which they have become accustomed to.

Looking at where money has been spent, data privacy and security concerns is a common theme with all the internet players who want to protect their standing in the sharing economy, though mobile location privacy issues is another shared concern. With data getting cheaper, more people will be connected all the time, opening the door for more location-based services and data collection. This could be big business for the internet giants, though it has been targeted by privacy advocates looking to curb the influence of Silicon Valley. Other issues have included tax reforms, antitrust and artificial intelligence.

So yes, a remarkable amount of cash is being spent by the likes of Google and Facebook at the moment, but this will only grow in time as regulators and legislators become more familiar with the business of the internet and, more importantly, how to govern it.

France fines Google for being vague

The French regulator has swung the GDPR stick for the first time and landed it firmly on Google’s rump, costing the firm €50 million for transparency and consent violations.

The National Data Protection Commission (CNIL) has been investigating the search engine giant since May when None Of Your Business (NOYB) and La Quadrature du Net (LQDN) filed complaints suggesting GDPR violations. The claims specifically suggested Google was not providing adequate information to the user on how data would be used or retained for, while also suggesting Google made the process to find more information unnecessarily complex.

“Users are not able to fully understand the extent of the processing operations carried out by Google,” the CNIL said in a statement.

“But the processing operations are particularly massive and intrusive because of the number of services offered (about twenty), the amount and the nature of the data processed and combined. The restricted committee observes in particular that the purposes of processing are described in a too generic and vague manner, and so are the categories of data processed for these various purposes.”

This seems to be the most prominent issue raised by the CNIL. Google was being too vague when obtaining consent in the first instance, but when digging deeper the rabbit hole become too complicated.

Information on data processing purposes, the data storage periods or the categories of personal data used for the ad personalization were spread across several pages or documents. It has been deemed too complicated for any reasonable member of the general public to make sense of and therefore a violation of GDPR.

When first obtaining consent, Google did not offer enough clarity on how data would be used, therefore was without legal grounding to offer personalised ads. Secondly, the firm then wove too vexing a maze of red-tape for those who wanted to understand the implications further.

It’ll now be interesting to see how many other firms are brought to the chopping block. Terms of Service have been over-complicated documents for a long-time now, with the excessive jargon almost becoming best practise in the industry. Perhaps this ruling will ensure internet companies make the legal necessities more accessible, otherwise they might be facing the same swinging GDPR stick as Google has done here.

For those who are finding the NOYB acronym slightly familiar it might be because the non-profit recently filed complaints against eight of the internet giants, including Google subsidiary YouTube. These complaints focus on ‘right to access’ clauses in GDPR, with none of the parties responding to requests with enough information on how data is sourced, how long it would be retained for or how it has been used.

As GDPR is still a relatively new set of regulations for the courts to ponder, the complaints from NOYB and LQDN were filed almost simultaneously as the new rules came into force, this case gives some insight into how sharp the CNIL’s teeth are. €50 million might not be a monstrous amount for Google, but this is only a single ruling. There are more complaints in the pipeline meaning the next couple of months could prove to be very expensive for the Silicon Valley slicker.

Cybersecurity investments on the up but not sustainable – study

Research from Strategic Cyber Ventures points to an increased appetite for cyber security investments, but the euphoria sweeping the segment forward is not sustainable.

On numerous occasions we have commented security is the ugly duckling of the technology world. It is critical to ensure the industry, and digital society on the whole, functions appropriately, though more often than not it is ignored. There will be numerous reasons for this, perhaps because security is a thankless and often impossible task, but the data suggests 2018 might have been a watershed year.

Not only did 2018 see $5.3 billion in global venture capital funding, 81% more than 2016, M&A activity increased as did private equity investments. On the M&A side of things, Cisco made a bang with a $2.4 billion acquisition of Duo Security, while Blackberry acquired Cylance for $1.4 billion. These are two of the larger deals, though there was increased activity in the segment across the period.

In terms of private equity, Barracuda Networks was acquired for $1.6 billion by Thoma Bravo, Bomgar by Francisco Partners for $739 million, while Blackrock spent $400 million on Cofense. Elsewhere in the more complicated financial world, Skyhigh Networks acquired McAfee with assistance from its financial sponsors Thoma Bravo and TPG Capital.

Cybersecurity one

Overall, the trends for the security segments are heading in the right direction. Perhaps now this is an area which will be taken more seriously by the industry, with adequate investments heading into security department.

That said, Strategic Cyber Ventures has warned the trends from a funding perspective are not exactly the most favourable. The amount of cash being invested is increasing, though it does not appear the rewards are reflecting this. Some of these companies have raised funds through big rounds, but growth has slowed, perhaps due to vendor fatigue or increased competition. The risk here is firms cannot raise additional funds at increased valuations from prior rounds, meaning they will have to lean on existing investors. Eventually these parties will grow tired of keeping them alive for minimal rewards.

The issue here is the need and hype around security. Its critical to secure the expanding perimeter of the digital economy, creating the need for the segment, while executives constantly talk about security being a number one priority of firms, creating the hype. This would seem to be the perfect recipe for investment in security companies and start-ups. However, the segment hasn’t taken off, perhaps due to the preference of customers investing in technologies which will make the company money as opposed to more secure?

This is maybe the most accurate assumption on why the security segment has faltered continuously over the years. Companies have limited spending power with executives choosing to invest in areas which will make the company more profitable, such is the pressure from investors and shareholders. However, consumer attitudes might be changing.

While many would have ignored the security risks of the digital economy in years gone, today’s consumer is more educated. Privacy scandals have demonstrated the power of data forcing the consumer to consider security more critically. This might have an impact on future buying decisions.

According to research by Onbuy.com 60% of US and 44% of UK consumers believe there is a risk to personal safety in the sharing economy, while 58% of all the respondents believed the risks outweigh the benefits in the sharing economy. Such attitudes will force companies to consider their security credentials as there is now a direct link back to the bottom line.

What this means for VC funding and investments from around the ecosystem remains to be seen, though the tides are turning in favour of the security segment. As Strategic Cyber Ventures notes, the current levels of investment are unsustainable, but there certainly are rewards.

58% of UK business can’t detect IoT security breach – study

Digital security vendor Gemalto claims the IoT euphoria might be hitting the UK before its ready, as research shows 58% of businesses are not able to detect a breach.

First and foremost, we need to put a disclaimer on this report. Gemalto is a security company and is thus incentivised do its best scaremongering to drive revenues. The more scared companies are about potential data breaches, and the punishments which follow the incidents, the more likely they are to buy security software. Making the world a big, bad, horrible place is an effective marketing strategy for security vendors.

That said, considering the lax approach most of the industry takes towards security and data protection, we suspect many of the statistics being discussed are pretty accurate.

“The push for digital transformation by organisations has a lot to answer for when it comes to security and bad practices,” said Jason Hart, CTO of Data Protection at Gemalto. “At times it feels organisations are trying to run before they can walk, implementing technology without really understanding what impact it could have on their security.”

The most shocking figure from the report is the 42% of UK companies who are capable of detecting an IoT breach, with only France worse off at 36%. Considering the role IoT has been touted to play over the next few years as 5G hits the streets, this is an incredibly worrying statistic.

While spending on IoT security has increased from 11% of the overall IoT budget to 13%, you have to wonder what direction this money is heading. Perhaps even more concerning for those companies involved, is that 90% of them accept this will be a major buying motivator for customers. At least they are aware that security can have a direct impact on the revenues of the business now, a concept which has taken years to hammer home.

“Given the increase in the number of IoT-enabled devices, it’s extremely worrying to see that businesses still can’t detect if they have been breached,” said Hart. “With no consistent regulation guiding the industry, it’s no surprise the threats – and, in turn, vulnerability of businesses – are increasing. This will only continue unless governments step in now to help industry avoid losing control.”

IoT is set to be one of the biggest winner of the 5G bonanza, while the segment is also predicted to be the major catalyst of 6G. If predictions are anywhere near accurate, 5G networks will soon not be able to cope with the strain of IoT, driving the case for 6G due to the sheer number of ‘things’ connected to the network.

Looking at the predictions, IDC believes the IoT market will grow to be worth more than $1.2 trillion by 2022, with consumer devices expected to account for the largest share at 19%. Ericsson has forecasted the number of cellular IoT connections to reach 3.5 billion in 2023, increasing at a CAGR of 30%.

Security remains a major challenge for the industry, though the buzz around blockchain could provide a suitable means to meet the expectations of the consumer. In the absence of regulation, Gemalto notes the adoption of blockchain technologies has doubled from 9% to 19% in the last 12 months, with 23% of the respondents to this survey believe the technology would be an ideal solution to use for securing IoT devices. 91% who are not using blockchain are considering it for the future.

“Businesses are clearly feeling the pressure of protecting the growing amount of data they collect and store,” said Hart.

“But while it’s positive they are attempting to address that by investing in more security, such as blockchain, they need direct guidance to ensure they’re not leaving themselves exposed. In order to get this, businesses need to be putting more pressure on the government to act, as it is them that will be hit if they suffer a breach.”

While research like this does indicate security is becoming a more serious topic in the world of telecoms and technology, it also confirms there is a very wide gap to close. Security has long been the ugly duckling of the industry, many seemingly choosing to ignore the challenges because they are too difficult to solve, though new regulations such as GDPR has perhaps forced the issue up the agenda.

Interestingly enough, should the telcos get serious about security there would certainly be a revenue generating opportunity to capitalise on. With cyber security incidents and data breaches becoming more prominent in the news, consumers are gradually becoming more aware of the risks of the internet and the emerging digital society. While the industry has played down the risk in recent years, the incidents speak for themselves.

An excellent example of turning this scenario into a business opportunity lies with Orange, the master of the convergence strategy. Here, the team have invested heavily in cyber security capabilities and are now offering security services to customers as a bolt on to other connectivity packages. The move has proven to be a success as while it is generally becoming accepted that 100% secure is impossible nowadays, more people are willing to do something about it.

Security is a topic which has always been in and around the news, but few want to do anything proactive about it. Unfortunately, with the perimeter expanding so rapidly as IoT penetration grows, these statistics are incredibly worrying. Perhaps regulators will get the chance to swing the GDPR stick before too long after all.

EU Advisor tells France to forget about global ‘right to be forgotten’

The Advocate General of the European Court of Justice has given his opinion on the ‘right to be forgotten’ conflict between France and Google, and its good news for the ‘do no evilers’.

Advocate General, Maciej Szpunar, has been pondering the implications of the ‘right to be forgotten’ saga for some months now, and the opinion is relatively simple; France does not have the right to impose its own considerations on a company which operates outside its jurisdiction.

The French regulator can force Google to de-list search results on the grounds of privacy in France, and generally across the EU, though it does not have the authority to impose itself on the companies worldwide footprint. As the Advocate General notes, the repercussions of such a ruling would have too much potential to cause damage in various other scenarios.

The case is somewhat of a tricky one, as it does have implications in the contentious world of privacy/free speech/accountability. And while the European Court of Justice does not have to follow the opinion of the Advocate General, it generally does.

“This is a really important case pitting fundamental rights to privacy against freedom of expression,” said Richard Cumbley, Partner and Global Head of Technology at law firm Linklaters. “The case highlights the continuing conflict between national laws and the Internet which does not respect national boundaries.

“The opinion contains a clear recommendation that the right to remove search results from Google should not have global effect. There are a number of good reasons for this, including the risk other states would also try and supress search results on a global basis. This would seriously affect people’s right to access information.”

The case dates back to the early months of 2018, with the CNIL, France’s data protection watchdog, suggesting the search giant should have to enforce any ‘right to be forgotten’ rulings to all of its domains instead of just that of the home nation of the challenging regulator. Google, and various other free speech advocacy groups, have been suggesting France and the European Union are attempting to impose their own data privacy position on the rest of the world.

Looking at the ramifications, those of us who have more long-term considerations would certainly be thankful of Szpunar’s opinion. As Cumbley points out above, this case could be used as evidence by other nations to supress free speech or opinions which are not in-line with the political climate. Precedent is everything in the legal community, and while it hopefully does not intend to, France may be aiding more authoritarian governments in trying to impose its privacy demands on Google.

What is worth noting is that this opinion is not an official ruling from the European Court of Justice, though it does generally head in the same direction as the Advocate General.

The reselling of personal data goes from strength to strength

In spite of the many moral panics of 2018, the abuse of personal data shows no sign of abating at the start of 2019.

You might assume the somewhat overblown Cambridge Analytica scandal, in which everyone got all outraged that some political campaigns used data obtained from Facebook to target their messages, would have resulted in a far more reticent approach to the commercialisation of personal data. A couple of recent stories, however, indicate the opposite is true.

Motherboard did an investigation that concluded ‘T-Mobile, Sprint, and AT&T are selling access to their customers’ location data, and that data is ending up in the hands of bounty hunters and others not authorized to possess it, letting them track most phones in the country.’

The investigation essentially concludes that the act of selling on personal data is intrinsically open to abuse. As soon as you hand this data to a third party you lose all control over how it is used. Quite a lot like the Cambridge Analytica case, in fact. Here’s a flow chart from the article, showing the journey resold data can take.

Motherboard data chart

Upon reading the piece a US Senator called Ron Wyden called out TMUS CEO John Legere, accusing him of not following through on a previous vow to stop selling on data in this way. Here’s Legere’s response.

Elsewhere the FT took a look at the kind of data aggregators that typically buy data from those who collect it in order to analyse it, repackage it, and sell it on as some kind of market insight. Referring to it as the ‘data broking industry, the report looks into how they operate and reveals that regulators, in Europe at least, are finally getting around to taking a closer look at how they operate.

It must be especially frustrating to proponents of GDPR that is seems to have negligible effect on what must sure have been one of the main industries is was designed to regulate. One source in the report refers to the likes of Oracle, Salesforce and Nielsen as ‘privacy deathstars’, that can sell on hundreds of datapoints tracking individuals’ every move.

Combined with growing evidence that financial services giants are behind much of the policing of online behaviour that was such a feature of 2018, it’s hard to avoid the conclusion that the internet is increasingly being used for the wholesale exploitation of individuals. Regulators seem ill-equipped to catch up with these privacy deathstars and it’s easy to imagine the state looking benignly at an industry that facilitates the tracking and manipulation of the public.

Mission Difficult: Cleaning up Zuckerberg’s image

Facebook CEO Mark Zuckerberg has promised a quest down the digital highways to make himself more visible as the PR machine attempts to save the company’s brand.

Posting on his own Facebook page, Zuckerberg has stated he will host a series of discussions and debates concerning the role of technology and the internet in tomorrow’s society. Each of the events will be hosted on one of Facebook’s platforms, taking place every couple of weeks, as the usually publicity shy CEO attempts to reverse a very damaging 12 months for the brand.

“This will be intellectually interesting, but there’s a personal challenge for me here too. I’m an engineer, and I used to just build out my ideas and hope they’d mostly speak for themselves,” said Zuckerberg.

“But given the importance of what we do, that doesn’t cut it anymore. So I’m going to put myself out there more than I’ve been comfortable with and engage more in some of these debates about the future, the trade-offs we face, and where we want to go.”

Facebook’s impact on 2018 has been highly publicised and, more often than not, negative. For all the influence which the platform has on today’s society, the nefarious, ignorant and abusive side was showcased more than anything else. Whether it was executives knowingly pushing unethical features onto the consumer, suspect influences on incredibly important elections or failing to uphold promises to user privacy and data protection, 2018 was not a good year for the business.

Perhaps one of the most interesting chapters in this story has been Zuckerberg’s role of inaction and inaccessibility. Just when Facebook needed an influential figure to stand tall and confront the difficulties faced, Zuckerberg retreated to the shadows, compounding the problem. To date he’s refused to attend certain meetings with politicians and avoided taking responsibility for his company’s failings to the general public and the transformation of society.

There is of course nothing wrong with being shy or not enjoying being the centre of attention, but it comes with the territory when you are leading one of the most influential companies on the planet. Zuckerberg’s inability to tackle problems head on, sending minions instead or just not turning up at all, escalated the criticism and was a PR disaster.

By refusing to be accessible, Zuckerberg completely undermined and contradicted the concept of Facebook as a platform. He’s also damaged his relationship with rule makers at a critical time. Rules and regulations will be changing over the next couple of years as governments look to take more control over the OTTs. With millions being spent on lobbyists every year to try and encourage a more favourable regulatory landscape for Silicon Valley, Zuckerberg seems to be undermining these effort by antagonising politicians.

If Facebook is to return to yesteryears image of admiration and respect, not only does it have to clean up the platform, ensure data privacy and better protect its users, it has to ensure its CEO is sending the right message and its business practises are more transparent.

Not many people trust Facebook on the whole today and Zuckerberg’s reputation has been damaged. Something need to be done and this is certainly a step in the right direction.

Privacy International points GDPR finger at Facebook

An investigation from privacy advocacy group Privacy International on the flow of personal information has questioned whether Facebook and its advertisers are violating Europe’s GDPR.

To date there have not been any major challenges using the data privacy regulation. There have of course been numerous violations of user privacy, but as these incidents occurred prior to the implementation of GDPR, the old-version of the rules and punishments were used. This investigation from Privacy International could prove to be a landmark.

The investigation itself questions whether Facebook and the app-developers which use its platform for data collection and user identification is acting responsibly and legally. Using the Facebook Software Development Kit (SDK), data is automatically sent back to the social media giant, irrelevant as to whether consent has been collected, or even if the user has a Facebook book account.

“Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools,” Privacy International states on its website.

“App developers share data with Facebook through the Facebook Software Development Kit (SDK), a set of software development tools that help developers build apps for a specific operating system. Using the free and open source software tool called ‘mitmproxy’, an interactive HTTPS proxy, Privacy International has analysed the data that a number of Android apps transmit to Facebook through the Facebook SDK.”

After testing dozens of different apps, Privacy International claims 61% automatically transfer data to Facebook the moment a user opens the app, while others routinely send Facebook data that is incredibly detailed. Some of these users may be logged out of the platform or might not even have a Facebook account in the first place. Developers tested include travel comparison app Kayak, job search company Indeed and crowd-sourced search service Yelp.

Looking at the Kayak example, not only was information transferred back to Facebook once the app was opened and closed, but also during each stage of the search process. In the example Privacy International gives, the user selected a flight from London Gatwick to Tokyo between December 2 and 5, Narita Airport was then selected, before another search was conducted searching for hotels for two adults in the city. All of this information was sent to Facebook without prompt, despite Kayak claiming, ‘don’t worry, we’ll never share anything without your permission’, when the user signs in.

Alone this information is useful, but not incredibly so. However, when you consider the huge number of apps which will be sending information back to Facebook, an incredibly detailed picture of the user can be built. Using the other apps tested in this investigation, Facebook could also learn or make assumptions about the user’s religion (Muslim Pro), music interests (Shazam), salary and disposable income (Indeed Job Search) and interest in physical activities (MyFitnessPal). All of this information could be used to feed incredibly personalised advertisements to the user.

The big question which remains is whether this could be perceived as a violation of GDPR. Facebook has stated it released an update to the SDK which allowed developers to suspend the automatic data transfers, though this was only for version 4.34 and later. With the Opt-out section (the Google advertising ID) automatically turned off, some might suggest the user is being led as opposed to asked.

Another factor which could work against Facebook is the collection of data on users who do not have Facebook accounts; this is much more suspect. As per GDPR, a company has to have a specific and justified reason to collect personal information. It does appear Facebook is collecting information on users despite having no purpose or valid reason to do so.

With fines for violating GDPR up to 3% of annual turnover, the stakes are very high. This could prove to be one of the first tests of the rules, designed to protect the privacy of the general public, and few will be surprised Facebook is a central character in the story. With the social media giant seemingly antagonising many governments around the world, we suspect there will be a queue forming to have a swing with the sharp GDPR stick.

Washington DC takes Zuckerberg to court

The Attorney General for the District of Columbia has filed a lawsuit against Facebook on the grounds of failing to protect user’s privacy and enabling one of the biggest digital scandals to date.

It was only going to be a matter of time before one of the Attorney Generals took the opportunity to take Mark Zuckerberg and his cronies to court, the big question which remains is how many of them will do so. The Cambridge Analytica scandal might be old news in the eyes of the consumer nowadays, but the lawyers aren’t forgetting about it. Blood has been smelt and Washington DC is going to have the first bite.

“Facebook failed to protect the privacy of its users and deceived them about who had access to their data and how it was used,” said Attorney General Karl Racine.

“Facebook put users at risk of manipulation by allowing companies like Cambridge Analytica and other third-party applications to collect personal data without users’ permission. Today’s lawsuit is about making Facebook live up to its promise to protect its users’ privacy.”

The lawsuit itself relates back to the Cambridge Analytica scandal, focusing on Facebook’s inability to meet expectations and commitments when it comes to data protection and privacy, but also the firm’s role in allowing the 2016 Presidential Election to be manipulated. It’s the permission to use data, or lack thereof, which is the big issue here. Cambridge Analytica harvested the data and sold it onto a political consulting firm, none of which it was entitled to do.

This is perhaps one of the biggest grey areas of the digital economy as while technology firms have streamed ahead in how data can be commercialised, rule makers have struggled to keep pace. Firms like Facebook has taken advantage of this regulatory void but cases like this will aim to hold them accountable retrospectively.

This is one of the most difficult things about innovation. Because these firms are playing with new ideas for the first time there is no precedent to where the line between right and wrong should be. In most cases, this would be an effective defence, as while most governments will of course want to protect citizens, they will also want to encourage innovation and exploration. In this case however, Facebook might not be able to lean on this idea.

Recent documents released by the UK government demonstrate not only that Facebook was aware there might unethical and illegal aspects to these practises, but that this knowledge went from the bottom to the top of the organization. The internal emails, which were secured by Six4Three during its own lawsuit against Facebook, paint a very deceptive and nefarious picture of the firm, with no regard to the opinion or privacy of the user.

Facebook is in a hole right now, which seems to be getting deeper and deeper. While it cannot shake off the Cambridge Analytica scandal, new controversies are being thrown at the platform, including the most recent claim. Rumbling through the world as we speak are claims Facebook granted certain technology companies, such as Netflix and Spotify, access to user’s private messages.

Facebook will of course end up in court and considering it has admitted wrong-doing on several occasions, there will be heavy punishments laid out. One of the big questions which remain is how many of the Attorney Generals across the US will bring their own lawsuit forward.

Facebook back on the ropes with more privacy punches

Facebook faces fresh questions surrounding data privacy, with reports emerging it granted advertising customers access to user’s private messages with friends and family.

This is a company which is not helping itself but is looking increasingly suspect. The data and sharing economy does of course require users to make an exchange in order to receive free services, but the personalised advertising machine created by Facebook is starting to look scary. The detail which is known on users, and the apparent nonchalant approach the firm has to abuse of the platform, is starting to become very worrying.

Now we have one of the most worrying accusations. According to the New York Times, new documents have emerged suggesting Facebook granted permissions to advertisers which seemingly go far beyond the consent granted by users.

Among the accusations, sourced from internal documents, Netflix and Spotify were given the ability to read user’s private messages, while Bing was able to access all information about a user’s connections without specific consent. Amazon was given permission to obtain contact information through indirect connections, and Yahoo was allowed view streams of friends’ posts. The Yahoo partnership can be traced back to this summer, long after Facebook had declared such practises had been ended.

Aside from the NYT investigation, one user has also taken the time to pen her frustrations after realising location controls on the platform made no difference to personalised advertising. Aleksandra Korolova turned off all available location services on Facebook, WhatsApp and Instagram, cleared location details off her profile, removed geo-tagging on photos, but was still receiving personalised ads based on recent movements.

“Reading Facebook’s explanations to advertisers provides insight into how this is done,” said Korolova in a Medium post. “Specifically, Facebook tells advertisers that it learns user locations from the IP address, WiFi and Bluetooth data.”

The illusion of control has been created, though Facebook is finding ways around user consent and loopholes to any commitments it has previously made.

The inability for Facebook to be transparent, clearly telling the user what is going on, is incredible. There are so many examples of this company misleading the general public, governments and regulators, they are becoming difficult to count. This is a toxic company which should not be trusted. We are struggling to believe any statement which the company is now making.

In response, Konstantinos Papamiltiadis, Director of Developer Platforms and Programs, has gone to Facebook’s standard response.

“…we recognize that we’ve needed tighter management over how partners and developers can access information using our APIs,” said Papamiltiadis. “We’re already in the process of reviewing all our APIs and the partners who can access them.”

This seems to be Facebook’s new response to accusations which question whether it has acted ethically or legally; partially accepting responsibility and saying they will do better in the future. This is not a good enough answer anymore. It might have worked the first couple of times, but the repetition from Facebook executives just shows how little the company thinks about the general public. We are just assets to be traded in the pursuit of greater advertising revenues.

Privacy is a small hurdle; the grey expanses of technology regulation are too wide for this to be a problem. Facebook is making a mockery of the general public and the data privacy landscape.