Data Protection and Privacy - Europe and the U.S.

If you had a meeting and Apple CEO Tim Cook gave a speech and he was followed by Sir Tim Berners-Lee, and after the lunch break Facebook's Mark Zuckerberg and Google's Sundar Pichai were on the screen giving video messages, you would consider this to be a pretty high-powered meeting.

That was the lineup for some European data regulators at the 40th International Conference of Data Protection and Privacy Commissioners, held this year in the European Parliament in Brussels.

I saw part of it on a recent 60 Minutes. Tim Cook talked about the "crisis" of "weaponized" personal data. It's not that Apple doesn't collect data on its users, but companies like Facebook and Google rely much more on user data to sell advertising than hardware-based Apple.

The focus in that segment is on Europe where where stricter laws than in the U.S. are already in place. Of course, they affect American companies that operate in Europe, which is essentially all major companies.

Multi-billion dollar fines against Google for anti-competitive behavior re in the news. The European Union enacted the world's most ambitious internet privacy law, the General Data Protection Regulation (GDPR).

Tim Cook said he supports the law, but Jeff Chester, executive director of the Center for Digital Democracy, says that "Americans have no control today about the information that's collected about them every second of their lives." The only exception is some guaranteed privacy on the internet for children under 13, and some specific medical and financial information.

This is an issue that will be even more critical in the next few years. Since GDPR was passed, at least ten other countries and the state of California have adopted similar rules. And Facebook, Twitter, Google, and Amazon now say they could support a U.S. privacy law. Of course, they want input because they want to protect themselves.

 

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

Data Privacy Law: A Practical Guide

Fifty-Two Thousand Data Points

data abstractionFacebook has had a tough year in the press and with its public face (though its stock is holding up fine). There has been a lot of buzz about hacks and data being stolen and fake news and Senate hearings and general privacy concerns. All of these are legitimate concerns about Facebook and about other social media and e-commerce and financial site too.

But how much does Facebook really know about a user? There is the information you willingly provided when you joined and all the things you have given them by posting and clicking Likes and other interactions. Though that volunteered data is often overlooked by users, there is more concern about data you have not knowingly given them but have access to anyway.

I do believe that Facebook is more focused now on privacy and user experience, it needs that data to be a profitable public company. (Disclaimer: I am a Facebook stockholder - though not in a very big way.)

Facebook is free but, as Mark Zuckerberg had to explain to at least one clueless Senator this past summer, it sells advertising to make a profit. Ad sales are more valuable to companies when they know who they are advertising to, and the more granular that audience can be, the better it is for them and Facebook. It might even be better for you. That is something Google, Amazon, Facebook and many others have been saying for years: If you're going to get ads anyway, wouldn't you rather that they be relevant to your likes and interests?

According to one online post, it you total up what Facebook can know about a user, it comes to roughly 52,000 traits. That comes from three key algorithms. One is DeepText, which looks into data, much of which coming from commercial data brokers. They also use DeepFace, which can identify people in pictures and also suggest that you tag people in a photo.

The third algorithm is FB Learner Flow, which might be the most clever of all. It focuses on the decisions you have yet to make. Using predictive analytics, it decides which ads should be shown to you that you would be likely to click and even purchase a product.

Amazon will allow you to let it send out products before you order them based on your previous orders and usage. This is not difficult to predict. My pharmacy will tell me it is time to reorder a prescription and even process and deliver it without my input. That is not so predictive; my 30 daily pills will run out in 30 days.

When Amazon suggests that I might like a product similar to other things I have bought, it's not very creepy. When I see an ad or suggestion from them about a product or even a topic that I was just searching on Google, THAT is creepy.

Similarly, Facebook might give me an ad or a "sponsored" post at the top of my feed because of my recent activity and the activity of friends that I follow - especially those that I interact with frequently with Likes, shares and comment. 

It would be interesting to see what the feeds look like for some friends of mine who are Facebook lurkers and who rarely post anything and seem to rarely even log into the site. What are they seeing when it comes to ads?

Aligning Learning and Key Performance Indicators

focusAlign your training with KPIs. This is not a mantra I hear in education. A KPI is a Key Performance Indicator, which is a measurable value that demonstrates how effectively an organization (most commonly a company it seems) is achieving key objectives.

KPIs are used to evaluate success at reaching targets. Businesses talk a lot about the Return on Investment (ROI) and they are usually talking about dollars and cents. But in educational training and professional development, the ROI probably can't be measured in dollars.

Still, the process may be similar.

Define which metrics are most important to you. These become your key performance indicators. You need to know exactly what you're going to use to judge performance. 

If you want to increase enrollment in a major or program, that provides an easy metric. If a professor want to increase attendance in her classroom, that is also easily measured.

When I work with faculty designing courses, many professors stumble on setting objectives versus goals. The simple difference is that a goal is a description of a destination, and an objective is a measure of the progress that is needed to get to the destination. In this context goals are the long term outcomes.

Teachers will sometimes tell you objectives that are not measurable. For example, to want students to "have an appreciation of modern poetry" may be an admirable goal for a poetry courses, but how do you measure that? 

For an objective to be effective it must be clear, measurable and have a time element. For instance, that objective of increasing class attendance by 10 percent by the end of the semester is clear, measurable and has that time element.

Of course, after you determine those objectives, the real difficult part begins - figuring out how to reach that objective.

Was My Facebook Data Compromised?

Roughly 87 million people had their Facebook data stolen by the political research firm Cambridge Analytica. 

On April 10 and 11 Mark Zuckerberg testified before Congress. The reviews were mixed. Some said he was robotic and evasive. I thought he did a good job in the face of some ignorant questions by people who clearly don't understand Facebook, social media or modern technology - and even mispronounced Zuckerberg's name several different ways.

The day before the hearings Facebook finally notified the people who had their information grabbed by Cambridge Analytica. It is supposed to be about 70 million Americans and other users in the UK, Indonesia, and the Philippines. 

I saw the notification at the top of my Facebook newsfeed when I logged in. There was also a button for changing my privacy settings. Probably everyone, even if your information wasn’t captured and used by Cambridge Analytica, you should check and tighten up those settings.

How can you tell if your data was shared with Cambridge Analytica? Here is the link: https://www.facebook.com/help/1873665312923476 

What did Facebook tell me? 

"Based on our investigation, you don't appear to have logged into "This Is Your Digital Life" with Facebook before we removed it from our platform in 2015. However, a friend of yours did log in. As a result, the following information was likely shared with "This Is Your Digital Life": Your public profile, Page likes, birthday and current city. A small number of people who logged into "This Is Your Digital Life" also shared their own News Feed, timeline, posts and messages which may have included posts and messages from you. They may also have shared your hometown."

One of the questions that Zuckerberg was asked was about the fact that Cambridge Analytica wasn’t the only company that was misusing Facebook data. The company suspended at least two more research companies before the hearings: CubeYou was also misusing data from personality quizzes, along with AggregateIQ. 

After a rash of people saying they were quitting Facebook and the stock taking a hit, during the hearings the stock rebounded and I am seeing less talk about quitting. Though there are plenty of social networks, none has all the features of Facebook and has been able to hold a large user base. One Senator asked if Facebook is a monopoly. Zuckerberg said No, but was unable to really give an example of a major competitor. Yes, they overlap with networks like Twitter and their own Instagram, but no one really does it all.

Zuckerberg made the point repeatedly that Facebook has already made many positive changes since the Cambridge Analytica breach an is still doing them now ahead of any possible regulation by Congress. Are all the issues corrected? No. Are things better with Facebook and privacy? Yes. Will it or some competitor ever be the perfect social network? No way.

Analyzing Cambridge Analytica, Facebook and You

The Cambridge Analytica scandal involving Facebook hit this month because of its involvement in the election of Donald Trump in 2016. The company used an app developed legitimately by a Cambridge University researcher, Dr. Aleksandr Kogan, as a personality survey called "This is Your Digital Life."

I recall learning about that app about 3 years ago in a presentation at an EdTech conference. By using it as a quiz on Facebook, about 270,000 users gave permission (because most people are unaware of the access they allow) to their data which was collected but then used to additionally collect some public data from their friends.

I suspect a majority of social media users are unaware of how their data is used, and what permissions they have granted (perhaps by default in some instances).

Have you ever used your Facebook login as a way to sign in to another website or app? It asks you if you want to login using your Facebook ID and that seems to save a step or two and is great if you forgot your actual login to that other site. 

When those Facebook users took the "This is your digital life" quiz using their Facebook login, they allowed that app's developer to tap into all of the information in their Facebook profile (that includes your name, where you live, email address and friends list).  [Note: Currently, apps are no longer permitted to collect data from your Facebook friends.]

I don't give Dr. Kogan, Cambridge Analytica or Facebook a pass on this activity even if users did opt in. Kogan shared it with Cambridge Analytica which Facebook says that was against its policy. Facebook says it asked Cambridge Analytica to delete all of the data back in 2015. Facebook also claims that it only recently found out that wasn't done.

A lot of people seem to have given up on privacy, accepting it as something we just can't control any more. But there is a lot you can and should do.

settings

For example, a very simple change to make in your Facebook privacy settings is to "Limit The Audience for Old Posts on Your Timeline." That means that posts on your timeline that you've shared with Friends of friends, and Public posts, will now be shared only with Friends. Anyone tagged in these posts, and their friends, may also still see these posts, but the public (which includes apps) will not be able to access them legitimately.

Facebook's API, called Platform, allows third-party apps and websites to integrate with your Facebook account and exchange data with them via developer tools. It can be convenient for users, such as decreasing the number of login/password combinations you need to remember, but it has potential for abuse.

When you use the "Log in With Facebook" feature on a site, you grant a third-party app or service access to your Facebook account. It will ask for permission to receive specific Facebook data from you - email address, birthdate, gender, public posts, likes and also things beyond your basic profile info. I have seen cases where when I deny access to some information, it tells me the app can't be loaded. That is a warning. But some legitimate apps, like the scheduling apps Hootsuite and Buffer, do need a lot of permissions in order to allow them to post as you on social networks like Facebook, Twitter, LinkedIn and Instagram. In these cases, by using the app I need to trust that developer and the service it is connecting to via an API.

Being educated about how technology works and knowing how you can protect your own data and privacy is more important than ever. And, of course, you can always not use a service that doesn't seem to help you do that.