Analyzing Ethics, Privacy, and Cyber Security in Facebook Data Leak

Verified

Added on 2023/06/04

AI Summary

This case study examines the ethical, privacy, and cybersecurity implications of the Facebook-Cambridge Analytica data leak. The issue arose when Aleksandr Kogan collected data from Facebook users through the 'This is your digital life' app, which was then used by Cambridge Analytica for political purposes, allegedly in favor of Donald Trump's presidential campaign. The analysis considers privacy laws like GDPR and the Federal Trade Commission Act, highlighting the responsibilities of companies like Facebook and Cambridge Analytica in protecting user data. The study concludes that both companies breached privacy laws, ethical principles, and cybersecurity standards, offering a lesson on the importance of data security and privacy in the digital age.

Running Head: Ethics, Privacy and Cyber Security
0
Ethics, Privacy Law and Cyber Security
Student’s Name
10/22/2018
Facebook-Cambridge Analytica Data Leak

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Ethics, Privacy and Cyber Security 1
Contents
Issue.................................................................................................................................................2
Rules................................................................................................................................................3
Analysis...........................................................................................................................................4
Conclusion.......................................................................................................................................5
Bibliography....................................................................................................................................6
Legislations 6
Other Resources 6

Ethics, Privacy and Cyber Security 2
Issue
Recently, it has come under the news that personal details of more than 50 million users
of Facebook had been leaked to one of the companies named Cambridge Analytica. It was a UK
based political analytics provider. The whole issue started when Aleksandr Kogan, a professor of
the University Of Cambridge University was collecting data in respect to Facebook users and
after the research; he developed a mobile application named “This is your digital life”. This app
allowed Cambridge Analytica to collect the information of Facebook users. Later on, the
collective information was used in an adverse manner1 (Batra, 2018).
Cambridge Analytica used this information in favor of Donald Trump who was a then-the
presidential candidate. This incident was reported as a data breach2 (Badshah, 2018). In reply to
the issue, the Deputy Counsel of Facebook stated that it is not a case of a data breach. He held
the allegation false and in his clarification, he had stated that people who have used the
application developed by Kogan have provided their individual consent for the access of their
personal information and Facebook was not on failure as no password has been asked the by the
application named This is your digital life (TIYDL). It was not an illegal act as people have
consented and given the approval of access to their personal information through Facebook.
However, the deputy counsel had denied the presence of data breach from the side of
Facebook, yet to say that people who have consented to TIYDL were not aware that their
personal information could be shared with a third party. Even this app accessed the information
1 DK Batra, What the Facebook-Cambridge Analytica Data Leak Teaches us About Ethics And Privacy (2018)
<https://www.entrepreneur.com/article/313110>
2 Nadeem Badshah, Facebook to contact 87 million users affected by data breach (2018)
<https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-users-affected-by-data-
breach>.

Ethics, Privacy and Cyber Security 3
of the friends of those who have consented. Hence, in an indirect manner, it was a breach of data
privacy at the end of Facebook.
Rules
Privacy of individuals is a concern for the nation. Every company has certain laws on the
topic of privacy, which are well known as privacy law. In the US, the Department of Homeland
Security is there that develops various programs and policies in the nation3. Similarly, in EU
law, there are many provisions in the different areas of privacy law. GDPR is one of them.
GDPR refers to General Data Protection Regulation. It is a kind of privacy law that works in the
area of data protection and cybersecurity and the parliament of EU has approved this regulation
in the year 2016. The same has been enforced with effect from 25 May 2018. Before this
regulation, the Data Protection Directive 95/46/EC was there to provide guidance on the matter
of data security4 (eugdpr.org, 2018).
US privacy system allows the injured parties to bring a legal action in against of the
guilty parties who involves in the breach of privacy. However, to bring a legal action, such an act
of a guilty party must be “unfair or deceptive.” Under the Privacy Act5 , some rules are defined
for dealing with data security issues. For the different area of concern, different privacy laws are
there in the US. There is no single federal legislation related to the subject of privacy. Freedom
of expression provided by the first amendment is also a related topic to study. It has been
interpreted in such a manner that it becomes necessary for the companies to provide all the basic
3 Homeland Security, Cybersecurity and Privacy (2018) < https://www.dhs.gov/cybersecurity-and-privacy>.
4 eugdpr.org, The EU General Data Protection Regulation (GDPR) is the most important change in data privacy
regulation in 20 years (2018) < https://eugdpr.org/>.
5 Privacy Act 1974

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Ethics, Privacy and Cyber Security 4
information related to data used to the respective individuals. All the countries are continuously
focusing on the topic of cyber security as it can lead to a very dangerous impact on individuals.
Section 5 of the Federal Trade Commission Act prohibits the companies to do any
deceptive or unfair act while conducting some specific activities such as behavioral tracking,
data security, privacy information, online advertising and so on6. In addition to federal law, may
state laws are also there that provide the rules related to cybersecurity and data protection. EU–
US Privacy Shield is a law that provides a manner of data transfer from EU to the US7. All these
privacy laws demands that a company must be careful while dealing with the personal data of
individual and the issue becomes more crucial when it comes to the transfer. Applying the
provisions of Section 5 of the Federal Trade Commission Act, this can be stated that even
Facebook also provide son information to the users that the same is going to share which
information with which the third party.
Analysis
If review the aforementioned issue from the viewpoint of privacy law, this is to state that
Facebook being a significant social media, needed to be careful in this case. In addition to
Facebook, the more involved guilty was Cambridge Analytica. Being a data collector and
processor company, the same might be aware of their duties. It was also not right from the
viewpoints of ethics as the incident involved a case of heavy data breach and the affected people
were 50 million in number. GDPR has been effective in May 2018 whereas the issue discussed
6 federalreserve.gov, Federal Trade Commission Act Section 5: Unfair or Deceptive Acts or Practices (2018) <
https://www.federalreserve.gov/boarddocs/supmanual/cch/ftca.pdf>.
7 Alan Charles Raul, The Privacy, Data Protection And Cybersecurity Law Review (2018) <
https://thelawreviews.co.uk//digital_assets/25776d4c-702f-41bb-82a0-cb3e18240506/Privacy.pdf>.

Ethics, Privacy and Cyber Security 5
above has happened in March 2018. That time Data Protection Directive 95/46/EC was there that
was required to be followed by the company.
Facebook on the other side was required to follow several privacy laws of the nation. As
the company has a lot of personal data of individuals, in this situation, it was the responsibility of
the company to keep the information private. Facebook failed to provide the required level of
privacy to the company. Facebook and Cambridge Analytica were also required to review EU–
US Privacy Shield and in this manner, there was a serious breach of privacy law of both the
nation as well as of ethical principles.
Conclusion
As discussed earlier, Cambridge Analytica has used the information of several Facebook
users in an adverse manner without their permission. To conclude the issue, this is to state that
both of this company did not only breach privacy law and committed cybersecurity but also
breached the ethical principles. The case provided a lesson to social media companies like
Facebook and data collector and processor like Cambridge Analytica that how carefully, the
cases of data security breaches should be entertained, and how dangerous impact such cases can
lead.

Ethics, Privacy and Cyber Security 6
Bibliography
Legislations
Privacy Act 1974
Other Resources
Alan Charles Raul, The Privacy, Data Protection And Cybersecurity Law Review (2018) <
https://thelawreviews.co.uk//digital_assets/25776d4c-702f-41bb-82a0-cb3e18240506/
Privacy.pdf>.
DK Batra, What the Facebook-Cambridge Analytica Data Leak Teaches us About Ethics And
Privacy (2018) https://www.entrepreneur.com/article/313110>.
eugdpr.org, The EU General Data Protection Regulation (GDPR) is the most important change
in data privacy regulation in 20 years (2018) < https://eugdpr.org/>.
federalreserve.gov, Federal Trade Commission Act Section 5: Unfair or Deceptive Acts or
Practices (2018) < https://www.federalreserve.gov/boarddocs/supmanual/cch/ftca.pdf>.
Homeland Security, Cybersecurity and Privacy (2018) < https://www.dhs.gov/cybersecurity-
and-privacy>.
Nadeem Badshah, Facebook to contact 87 million users affected by data breach (2018)
<https://www.theguardian.com/technology/2018/apr/08/facebook-to-contact-the-87-million-
users-affected-by-data-breach>.