Facebook has put their hat in the digital assistant ring with the announcement of the Portal, a video-chatting device for the home. While many consumers have welcomed assistants from Google, Amazon, and Apple into their home, there may be a hesitancy with Facebook. Consumers have started to learn more about how much data companies have on us, who is using and selling it, and have pressured for legislation to protect data and privacy. Companies self-regulating hasn’t worked in the way we have hoped, and while some sort of regulation is necessary only within the last couple years have we examined in detail what that would look like.

A Google home assistant sitting on a bookcaseGoogle Home is a brand of smart assistants developed by Google.

 

Facebook’s new video-chatting device for the home has some consumers worried about personal data and privacy

General Data Protection Regulation (GDPR) was created for the ‘digital future’ of Europe, to help consumers gain back some control of their personal data. Companies will be responsible for ensuring the data they collect and manage is protected from malicious intent, and be fined if they fail to comply. GDPR covers any organizations in the EU, as well as any non-European companies that offer services to consumers inside the EU.

gdpr-requirements-2-2This infographic provided by Name Estate explains how to be GDPR compliant.

Being fairly new, there hasn’t really been an opportunity to see if it works, including what parts of it can or should be implemented elsewhere. Facebook was fined £500,000 through pre-GDPR rules as a result of the Cambridge Analytical data scandal; their recent security breach that exposed account information for over 50 million users may be the opportunity to see what teeth GDPR has.

Apple CEO Tim Cook called for a privacy law in the United States, mirroring the policies outlined in GDPR. We are living in a world built on massive amounts of data, creating what Cook can best describe as a “data-industrial complex.” Cook has been a significant advocate of privacy rights and regulation, which has been exemplified by Apple’s consistent commitment and fundamental philosophy of privacy for its users. In Brussels, Cook highlighted that future legislation should give the right to users to know what data is collected on them, to access that data and have it minimized, and for it to be kept securely. At the core of Apple’s business model is this call for regulation to reinforce users’ privacy and protection, which critics say would limit technological innovation. Cook further warns that “we will never achieve technology’s true potential without the full faith and confidence of the people who use it.”

There is a disagreement among tech companies on the best way to handle regulation going forward. After the Cambridge Analytical scandal, Mark Zuckerberg said, “It’s not a question of if regulation, it’s a question of what type.

Facebook COO Sheryl Sandberg said that Facebook was open to legislation and willing to work with lawmakers. Facebook even went as far as saying that the company would enforce GDPR policies on the entire platform, and created new ways for users to have a better idea of their data is collected and used. However, confusion has arisen since countries have different standards surrounding privacy, timelines to communicate breaches to the public, and enforcement issues outside of the EU.

Google and Microsoft have approaches similar to Apple’s, using GDPR as a baseline for creating US regulations. In September 2018, Google provided recommendations for a privacy regulation bill covering basic requirements, scope, and accountability. The framework called for company transparency on the data they collect, why it is collected, and how they use it; practical avenues for individuals to access and control their data; and the inclusion of baseline precautions to protect personal information, including ways to keep companies accountable for this process.

Google also recommended applying similar regulations to any and all organizations that process personal data, and actively updating and re-evaluating data and privacy policies to adapt with changes in technology, norms, and interconnectedness. Earlier in May, Microsoft CEO Satya Nadella called privacy a human right and believes that GDPR is “a sound, good regulation.” Like Apple, Microsoft has longed positioned itself as a supporter of privacy, and both companies have been involved in cases against the Department of Justice to protect user data.

Company approaches to privacy, data, and handling of security breaches may contribute to why 51% of Americans don’t trust Facebook.

These differing company approaches to privacy, data, and handling of security breaches may contribute to why 51% of Americans don’t trust Facebook. Ranking the most distrustful among the tech giants was Amazon at 66%, according to a poll from Reuters. Even Google, who provides a free service similar to Facebook, is trusted by 62% of the polled population. Google collects a significant amount of data on users, but the return on investment and what is provided as a service is far greater.

When Facebook launched in the early 2000s, it was a social networking platform providing users a new and exciting way to connect, prevailing over the ever popular MySpace. It has since found itself as one among many ways for individuals to connect, is seen as having a negative impact on society, and has been caught up in scandals and politics, which have led to a drop in user accounts and interactions. Perhaps Google’s success is most evident by the fact its name has become a part of modern society’s lexicon – ‘Google it’ – which means to search for information on the Internet even if we may not be using Google as a search engine (although it does account for 72% of searches worldwide).

As consumers become more aware about their data and privacy, they are changing how they use technology and demanding companies to adapt to their needs, requiring tech companies to make changes.  While it may seem counterintuitive for technology companies to call for stronger regulations, governmental organizations and consumers are already advancing in that direction, and companies should fall in line in order for them to have a seat at the table.

 


Megan Penn
Security Research Consultant
M.A. Security Policy Studies

 

 

You may also like

The 7 Common Mistakes that Lead to Data Breaches
The 7 Common Mistakes that Lead to Data Breaches
22 March, 2024

In today's digital age, data breaches have become a significant concern for businesses of all sizes. Protecting sensitiv...

How to Use OSINT to Detect Data Leaks and Breaches
How to Use OSINT to Detect Data Leaks and Breaches
31 May, 2022

At LifeRaft, we know from talking to hundreds of security professionals that data leaks and breaches represent a growing...